There is an identified vulnerability with the tomcat server included with iDash 12.x.
What is the process to upgrade the tomcat server used with iDash?
There isn't a process for upgrading Tomcat outside of the release cadence. When new versions of iDash are released, they will include the most updated Tomcat versions available.