Jump to content

Upgrading Apache Tomcat, independent from JasperReportsServer application


Recommended Posts


If by chance my question has already been attended in older versions, plase point me to it; Im fairly new to using Jasper Reports Server.


I recently installed JasperReportsServer 7.8 (TIB_js-jrs-cp_7.8.0_win_x86_64.exe) on a server that's constantly being scanned for vulnerabilities. This scan detected that Apache Tomcat versions 8.5.XX under 8.5.60 are affected by multiple vulnerabilities. The bundled version is 8.5.57.


a) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122 

b) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527 

I was wondering IF there is a known and documented way to upgrade Apache Tomcat, independent from JasperReportsServer application, so that I can instruct my IT team on how to perform this installation and clear this security risk.

I ask, rather than just going ahead and trying force it, because several technologies are bundled together (Postgresql, Apache Tomcat 8.5.57, Jasper Resports Server 7.8 + its library dependencies in classpath) and I want to make sure there are no known compatibility issues.

Any guidance is greatly appreciated.

Link to comment
Share on other sites

  • 3 months later...
  • Replies 1
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

You should be able to install tomcat and just copy over your jasperserver war file.  Yo uwill of course need to configure any tomcat level configuration you may have like SSL, etc.

The war file has the jndi connection information built into it and is built against a particualar database dialect during install.


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...