I would not attempt to update this without checking with JAMF support first - you don't want to solve a potential problem but create another massive one (i.e. if Casper stops working).
On Mar 11, 2010, at 12:54 PM, Swanson Noah wrote:

As an aside, this is a good reason to join the Apple Developer Program (now down to $99/year) and have access to the developer seeds. I have no knowledge if future versions of OS X Server will contain this patch, but if you had access to the seeds you could find out if Apple's going to fix the problem (at which point you know JAMF will be quick to address any compatibility issues), or if you'll have to manually update it (with JAMF's OK first, though)...

--Robert

What's the vulnerability? If it was Nessus scanned (like ours) it may be
throwing an error about accepting weak SSL algos. I can help you out in
limiting what Tomcat will accept if that's the case.

j

"Apache Tomcat Information Disclosure Vulnerability"

"Apache Tomcat Java AJP Connector Invalid Header Denial of Service"

Both have been fixed by Apache in 6.0.20: http://tomcat.apache.org/security-6.html.