Brekeke upgrade process

MaxMark · Post by **MaxMark** » Wed May 20, 2020 4:05 am

1. Brekeke Product Name and Version: Brekeke SIP various versions all 3.8 or later
2. Java version: Various
3. OS type and the version: Windows Server
4. UA (phone), gateway or other hardware/software involved: N/A
5. Your problem: I have a number of Brekeke servers I need to upgrade following the recent vulnerability disclosure. I’m looking to do this in an efficient way with a script but the Wiki only talks about upgrading by running the Windows installer manually on the box.
On the downloads page you can download a .war file for updates. Can I just do an upgrade by:

Stopping the Brekeke Windows service
Replacing the war file
Starting it back up again?

Is there anything else that I’d need to update?
Would this also preserve the config?

Niloc · Post by **Niloc** » Wed May 20, 2020 10:55 am

Currently you need to use the installer to install new Apache Tomcat because the war file doesn't replace it.

Have you tried the steps listed in the wiki topic below?
https://docs.brekeke.com/sip/update-web-server

MaxMark · Post by **MaxMark** » Thu May 21, 2020 2:05 am

Thanks, I didn't realise you also have to upgrade Tomcat. Is there any information anywhere on what Brekeke versions are compatible with what Tomcat versions?

Niloc · Post by **Niloc** » Thu May 21, 2020 2:21 pm

This is because it is a vulnerability in Apache Tomcat.

https://docs.brekeke.com/2020/04/22/upd ... erability/
https://nvd.nist.gov/vuln/detail/CVE-2020-1938

> Is there any information anywhere on what Brekeke versions are compatible with what Tomcat versions?

Which version of Brekeke SIP Server are you using?
If you are using version 3.x, it should work at any recent Tomcat.

The latest version of Brekeke SIP Server, 3.9.5.8, bundles the Tomcat version 9.0.33 which doesn't have the vulnerability CVE-2020-1938.