TE Super Contributor.
Super Contributor.
599 views

SSPR 4.1.0.5 Tomcat Upgrade

We had a client run a PEN test on SSPR 4.1.0.5 and the results basically say upgrade Tomcat to 4.0.77.
This is an IDM 4.5.4 installation including OSP (6.0.0 r4) on an SSPR Stand Alone (no other IDM Apps) box, federated with NAM.

Can this be as simple as getting a newer version of Tomcat?
0 Likes
1 Reply
Knowledge Partner
Knowledge Partner

Re: SSPR 4.1.0.5 Tomcat Upgrade

tse7147;2466426 wrote:
We had a client run a PEN test on SSPR 4.1.0.5 and the results basically say upgrade Tomcat to 4.0.77.
This is an IDM 4.5.4 installation including OSP (6.0.0 r4) on an SSPR Stand Alone (no other IDM Apps) box, federated with NAM.

Can this be as simple as getting a newer version of Tomcat?


Not sure. The 4.2 docs (at least for the Linux OS) state:



Apache Tomcat 8.5.16 or later in this branch

Apache Tomcat 8.0.45 or later in this branch

IMPORTANT:You must install this version of Apache Tomcat on the Linux server prior to deploying the WAR file. You must be familiar with the installation, configuration, and maintenance of this component.


So I'm not sure if upgraded after the fact is supported.

When we used to use the non-appliance SSPR, I'd just apply all the SLES patches and if it updated Apache/Tomcat, I never noticed anything breaking.

The 4.1 docs state pretty much the same:


Apache Tomcat 8.5.x in this branch

Apache Tomcat 8.0.x in this branch

IMPORTANT:You must install this version of Apache Tomcat on the Linux server prior to deploying the WAR file. You must be familiar with the installation, configuration, and maintenance of this component.


If you're on Windows, the 4.1 docs are a little more vague (IMO):

Java


NOTE:The .msi file supplies Java and installs it for you. Any other version of Java is not supported. The patches contain updates for Java. It is important to install patches to have the latest security updates.

Apache Tomcat


NOTE:The .msi file supplies Apache Tomcat and installs it for you. Any other version of Apache Tomcat is not supported. The patches contain updates for Apache Tomcat. It is important to install patches to have the latest security updates.


So only use that version, but it's important to install patches to have the latest security updates.

Unless someone else chimes in, may have to open an SR.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.