Upgrading Tomcat server on Fortify SSC Server

Dear Colleagues,

 and I hope you are well and safe as your homes.

We have Fortify SSC server v19.20 which is running on tomcat server version 9.0.35.

As a part of vulnerability fix, we need to upgrade tomcat server to 9.0.44.

Since tomcat also contains ssc folder, i am afraid that i might again need to install Fortify SSC server as well.

By any chance , can we upgrade just tomcat without touching the SSC installation?

Platform: Windows

Thanks,

Nitin

  • Verified Answer

     Upgrade of tomcat impact SSC as well and I would suggest two things

    * Check whether the new apache tomcat version is compatible with your SSC version so you don't see any surprises. Apache Tomcat for SSC is also shipped with the SSC package hence changing Apache Tomcat version needs to be verified first

    * If you upgrade to a new tomcat also, you will definitely touch SSC installation only on the basic default values which will pop up during your SSC installation in web UI however it is not required to run any SQL as your SSC version will remain the same

  • I can confirm that 9.0.45 is compatible, but you will need to re-deploy SSC and any other custom Tomcat configuration/settings from the previous Tomcat installation

    You will need to drop ssc.war into the webapps/ directory after installation and do all the steps of configuring Tomcat. Things like server.xml and web.xml will need to be copied and moved 

    This is unfortunate but unavoidable AFAIK

  • Based on experience, I would also look at grabbing a copy of the META-INF/context.xml file if you have added Same Site cookie attributes inside ssc's deployment.

     

    We have often updated Tomcat separately from SSC, but SSC will redeploy like others have said.

     

    Apache provides a handy tool to check configuration changes between tomcat versions: Apache TomcatRegistered - Migration Guide - Tomcat 9.0.x - scroll to the bottom and select each file to compare.

     

  • Dear All,

       

    Thank you for your time and help.

    I could manage to upgrade tomcat and its an easy process.

    1. Just get the executable for the tomcat which you want to upgrade (It should work with SSC)

    2. Install the tomcat

    3. We don't need to update the .fortify folder as the SSC configuration will remain same

    4. Just make sure you copy the server.xml & web.xml and other config files like schedularcontext, login.html etc.

    5. Yes, you need to redeploy the fortify war file again however once the ssc folder is created, copy the copied files at appropriate locations, update the environment variables if any and update the tomcat settings properly. Once done, restart the service and you are good to go.

     

    You don't need to do anything on the DB level. Thanks again.

  • Hi,

    I would like to have one clarification,

    Should we uninstall the existing tomcat and delete Tomcat9_SSC folder completely and install the newer tomcat version?

    If so, when we redeploy ssc.war, do we need to configure DB and do seed database freshly again?

    Could you please clarify me on this?

  • Hello. If you copy over the server.xml and the web.xml files from the previous Tomcat installation then SSC should start up normally again without the need of any re-deployment.