Upgrading Apache Tomcat, independent from JasperReportsServer application

[Incarion]

Greetings! 

If by chance my question has already been attended in older versions, plase point me to it; Im fairly new to using Jasper Reports Server.

-------------

I recently installed JasperReportsServer 7.8 (TIB_js-jrs-cp_7.8.0_win_x86_64.exe) on a server that's constantly being scanned for vulnerabilities. This scan detected that Apache Tomcat versions 8.5.XX under 8.5.60 are affected by multiple vulnerabilities. The bundled version is 8.5.57.

Vulnerabilities: 

a) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24122 

b) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17527 

I was wondering IF there is a known and documented way to upgrade Apache Tomcat, independent from JasperReportsServer application, so that I can instruct my IT team on how to perform this installation and clear this security risk.

I ask, rather than just going ahead and trying force it, because several technologies are bundled together (Postgresql, Apache Tomcat 8.5.57, Jasper Resports Server 7.8 + its library dependencies in classpath) and I want to make sure there are no known compatibility issues.

Any guidance is greatly appreciated.

[rmeadows]

You should be able to install tomcat and just copy over your jasperserver war file.  Yo uwill of course need to configure any tomcat level configuration you may have like SSL, etc.

The war file has the jndi connection information built into it and is built against a particualar database dialect during install.

Thanks.