Poodle Protection

Hello everyone,If you are familiar with the relatively new POODLE exploit, we are hoping to reduce our vulnerability status by upgrading our Apache version. We realize that this solution is not intended to completely protect us from the POODLE vulnerability.We are running TeamCity Version 6.5.6, which uses Apache 6.0.29. What we would like to do is upgrade just the Apache piece to 6.0.41, which reportedly can help plug the hole. My question is, how can we do that? It appears that Apache is part of the TeamCity installation, so I don't believe that installing the full Apache 6.0.41 is a good idea. Does anyone have any thoughts on how to do this, without upgrading TeamCity?Thank you.Mike
1 comment
Comment actions Permalink

Hi Michael,

I would recommend to upgrade to the latest TeamCity version (8.1.5 as of now) which is bundled with Tomcat 7.0.55. TeamCity is tested under bundled Tomcat version, so it is highly recommended to use the .tar.gz distribution (which has Tomcat bundled) and not to customize Tomcat settings. Also with TeamCity 8.1.5 you'll get access to all the recent bug fixes and lots of new features.
We have an instruction how to upgrade Tomcat for TeamCity 8.x vesrion. Also please read the related doc section about POODLE vulnerability.

0

Please sign in to leave a comment.