There are vulnerabilities associated with the version of Apache Tomcat which ships with Service Catalog 12.9. Can we upgrade Tomcat, what version can we upgrade to and how do we perform the upgrade?
The version of Apache Tomcat used by Service Catalog 12.9 can safely be upgraded to version 7.0.82. Steps to do this are as follows:
1) Download Apache-Tomcat-7.0.82:
apache-tomcat-7.0.82-windows-x86.zip for 32 bit
apache-tomcat-7.0.82-windows-x64.zip for 64 bit
2) Stop the catalog service
3) Upgrade Tomcat using ant upgrade-tomcat command from the CA Service Catalog command prompt.
C:\Program Files\CA\Service Catalog>ant upgrade-tomcat
[mkdir] Created dir: C:\Program Files\CA\Service Catalog\conf-backup\20180302-0528
[echo] Maintenance started: Friday March 02, 2018 05:28:04 AM EST by Administrator
[echo] Please shutdown all related services before continuing
[input] Press Return key to continue...
[input] Location of new tomcat zip:
[input] What is the version of the new Apache Tomcat (e.g. 6.0.38):
[input] Are you sure you want to upgrade tomcat to 7.0.82? (y, n)
[unzip] Expanding: C:\apache-tomcat-7.0.82.zip into C:\Users\ADMINI~1\AppData\Local\Temp\2\tomca
[mkdir] Created dir: C:\Program Files\CA\Service Catalog\embedded\tomcat-20180302-0528
[echo] Copying the current tomcat to C:\Program Files\CA\Service Catalog/embedded/tomcat-201803
[copy] Copying 653 files to C:\Program Files\CA\Service Catalog\embedded\tomcat-20180302-0528
[copy] Copied 113 empty directories to 2 empty directories under C:\Program Files\CA\Service Ca
[echo] Copied the current tomcat to C:\Program Files\CA\Service Catalog/embedded/tomcat-2018030
[copy] Copying 633 files to C:\Program Files\CA\Service Catalog\embedded\tomcat
[echo] Apache Tomcat 7.0.82 has been successfully installed.
Total time: 13 minutes 9 seconds
Once this is complete, restart the Service Catalog service and the upgrade to the new version of Tomcat will be complete.