Help

How to upgrade Tomcat Apache on JSS server?

abbiksaha_18
New Contributor

Posted on ‎11-11-2022 03:43 AM

Hello Team,

The project I am currently working in, has got some vulnerabilities with installed Apache Tomcat into the JSS server

The Apache Tomcat needs to be upgraded. Could you please guide with the instruction process of upgrading the Apache?

 

Thanks,

Abhik

0 Kudos
3 REPLIES 3

forrest99
New Contributor III

Posted on ‎11-11-2022 07:28 AM

Hi @abbiksaha_18, I think you might be better served posting your question at https://serverfault.com/. They are more focused on server issues there.

0 Kudos

sdagley
Esteemed Contributor II

Posted on ‎11-11-2022 07:46 AM

@abbiksaha_18 Was your JSS manually installed? If you're using the Jamf Pro installer it will update the Tomcat install along with the JSS, so installing the latest JSS release is probably easier than updating just the Tomcat install on your server.

0 Kudos

nachiket_s
New Contributor III

‎11-13-2022 10:49 PM - edited ‎11-13-2022 10:59 PM

@abbiksaha_18 

If you have installed JSS manually then you can check with your server support teams / communities for upgrade path and methods. However all Jamf installers will provide you with updated apache setup as well and running these installers will upgrade your Tomcat to latest version as well.

 

However regarding your issue of vulnerabilities, there are many ways you can remediate the same without upgrading ( obviously it depends on the nature and severity of the vulnerability and controls available e.g. in case of weak ciphers you can simply replace the cipher supported by apache in web.config or in case of configuration pages / JAMF swagger UI related vulnerabilities- you might want to go with content level restrictions in apache rather than simply upgrading it and so on)

0 Kudos