Upgrading Apache Tomcat, independent from JasperReportsServer application

4

Greetings! 

If by chance my question has already been attended in older versions, plase point me to it; Im fairly new to using Jasper Reports Server.

-------------

I recently installed JasperReportsServer 7.8 (TIB_js-jrs-cp_7.8.0_win_x86_64.exe) on a server that's constantly being scanned for vulnerabilities. This scan detected that Apache Tomcat versions 8.5.XX under 8.5.60 are affected by multiple vulnerabilities. The bundled version is 8.5.57.

Vulnerabilities: 

a) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122 

b) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527 

I was wondering IF there is a known and documented way to upgrade Apache Tomcat, independent from JasperReportsServer application, so that I can instruct my IT team on how to perform this installation and clear this security risk.

I ask, rather than just going ahead and trying force it, because several technologies are bundled together (Postgresql, Apache Tomcat 8.5.57, Jasper Resports Server 7.8 + its library dependencies in classpath) and I want to make sure there are no known compatibility issues.

Any guidance is greatly appreciated.

Incarion's picture
Joined: Jul 16 2019 - 5:55pm
Last seen: 2 days 8 hours ago

0 Answers:

No answers yet
Feedback