due to vulnerabilities in apache tomcat prior to version 7.0.67 I would like to know, if it is possible and allowed to update the SOI tomcat by myself?
In case it is, I would like to update tomcat to the latest version (7.0.68), as the installation of SOI 4.0 is delivered with tomcat 7.0.62.
I already did some research within the knowledge-base and community, but did not find a useful hint related to SOI, that an update can be done.
I found some threads / docs, which are related to other products, but nothing for SOI.
So does anyone know, if an update will be possible / allowed or if I have to wait for an official update from CA?
If it will be possible, are there any specific steps that need to be considered?
Thanks in advance!
I opened a case at CA Support to get an answer to my question. following the answer from CA:
It is not possible to update the tomcat version by themselves. They have to wait for a future SOI release for that.
Since SOI core module use tomcat api and make them customized as per their need so these will also be changed when tomcat will upgrade and tomcat is also customized as per SOI need. So these are coupled with each other.
For such a functionality, I created the following idea:
Manually update tomcat version used by SOI to resolve security issues
If such a feature would be valuable for you, too, please vote on this idea.