Tomcat binary distribution - how to upgrade?

Question

I'm fairly new to tomcat. We have a SLES 10 SP4 64bit host, running Tomcat 5.5, which was provided as a rpm from the distributor. Our developers need now a more current version, 6 or prefered 7.
I didn't find rpm's for these versions for my OS. So i have to install the binary version from the tomcat web page.

I read that patches concerning security vulnerabilities are not provided for the binary version.
My question: what do i have to do if i read that version x.x has a security vulnerability which is closed by version x.y ?
Just install the new version over the old one ? Uninstalling the old one before ? What is about my webapps ? Are they gone with the installation of the new version ?

Answer 1

I think, that the best solution is to 'install' Tomcat manually from binaries available on Tomcat project.
I do not use repositories on my CentOS/Debian machines, because Tomcat versions available there are a bit outdated (I need 7.X while in official repos you will not find such).
In addition, read this before upgrade: http://tomcat.apache.org/migration.html .

Answer 2

As a side note: general support for SLES10 ends with july 2013. If you don't want to buy extended support you should switch to SLES11 as soon as possible. This includes tomcat6 instead of tomcat5. SUSE uses version 6.0.18 but backports security patches.

Though I would still recommend the official tomcat binaries from the apache website. It's much easier to support a well known state that your developers can also install on their workstation.