I'm fairly new to tomcat. We have a SLES 10 SP4 64bit host, running Tomcat 5.5, which was provided as a rpm from the distributor. Our developers need now a more current version, 6 or prefered 7.
I didn't find rpm's for these versions for my OS. So i have to install the binary version from the tomcat web page.
I read that patches concerning security vulnerabilities are not provided for the binary version.
My question: what do i have to do if i read that version x.x has a security vulnerability which is closed by version x.y ?
Just install the new version over the old one ? Uninstalling the old one before ? What is about my webapps ? Are they gone with the installation of the new version ?