Page History
Clean out the default tomcat services from Tomcat's webapps directory:
| Code Block | ||||
|---|---|---|---|---|
| ||||
cd /opt/shrine/tomcat/webapps rm -rf * |
Retrieve the shrine-api.war file from the Harvard Catalyst Sonatype Nexus server at: https://repo.open.catalyst.harvard.edu/nexus/content/groups/public/net/shrine/shrine-api-war/.
| Code Block | ||||
|---|---|---|---|---|
| ||||
wget https://repo.open.catalyst.harvard.edu/nexus/content/groups/public/net/shrine/shrine-api-war/3.3.2/shrine-api-war-3.3.2.war -O shrine-api.war |
Before installing check the md5sum of the downloaded components:
| Code Block | ||||
|---|---|---|---|---|
| ||||
md5sum x86_64: ==> shrine-api.war <== |
Vulnerability Note: We have discovered that there is a vulnerability with commons-text-1.9.jar located in the directory /opt/shrine/tomcat/webapps/shrine-api/WEB-INF/lib/. The fix for this is to update this file with the latest version from here: https://commons.apache.org/proper/commons-text/download_text.cgi
It's possible that your institutions security scanner may not detect this as a vulnerability.
Overview
Content Tools