ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Apache-tomcat vulnerability found, Upgrade steps for Tomcat


Article ID: 237194


Updated On:


CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication CA Risk Authentication


We have apache-tomcat 8.5.51 version on the Arcot Webfort/Strong Authentication server, which is vulnerable and needs to be upgraded.

Please let us know which would be the suitable and latest apache-tomcat version for the Arcot server.

Also provide us the steps for the upgrade.


Release : 9.1

Component : Strong Authentication

Risk Authentication


These are the supported Tomcat versions and you can go to the latest available on 9.x version of Tomcat to address any vulnerabilities.

Apache Tomcat 8.0.x, 8.5.x, 9.0

Here is the Platform support matrix which you should refer for any compatibility.

Advanced Authentication Platform Support Matrix

This is a third party software and We do not ship this in our product, please follow the Tomcat documentation for upgrade. Normally you should do something like this.

  • Take backup of the TOMCAT/webapps directory.
  • Backup the JDBC jar file available in TOMCAT/lib directory.
  • Uninstall the Tomcat App server
  • Install the version you need to deploy.
  • Copy the JDBC jar which you copied before in TOMCAT/lib directory.
  • Copy of the contents of the backed up webapps directory to newly installed TOMCAT/webaps directory.

Additional Information

Platform Support Matrix