Greetings! If by chance my question has already been attended in older versions, plase point me to it; Im fairly new to using Jasper Reports Server. ------------- I recently installed JasperReportsServer 7.8 (TIB_js-jrs-cp_7.8.0_win_x86_64.exe) on a server that's constantly being scanned for vulnerabilities. This scan detected that Apache Tomcat versions 8.5.XX under 8.5.60 are affected by multiple vulnerabilities. The bundled version is 8.5.57. Vulnerabilities: a) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122 b) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527 I was wondering IF there is a known and documented way to upgrade Apache Tomcat, independent from JasperReportsServer application, so that I can instruct my IT team on how to perform this installation and clear this security risk. I ask, rather than just going ahead and trying force it, because several technologies are bundled together (Postgresql, Apache Tomcat 8.5.57, Jasper Resports Server 7.8 + its library dependencies in classpath) and I want to make sure there are no known compatibility issues. Any guidance is greatly appreciated.
