A recent vulnerability scan identified vulnerabilities impacting the Apache Tomcat Webserver for the Web Client component for dSeries Workload Automation, which need to be remediated.

DE Web Client 12.3 and above

Steps to replace tomcat :

IMPORTANT: Before doing any upgrade or copying of files, take a full backup of Web Client directory.  

1. Download Apache Tomcat version 9.0.xx, 64 bit zipped version for Windows or Linux.
   Note: Tomcat can be upgraded to any minor release with the 9.0 major release. 
   
   
2. Extract the Tomcat from zip or tar.gz.
   
   
3. Rename the extracted directory from apache-tomcat-9.0.xxx to apache-tomcat.
   
   
4. Stop the Web Client.
   
   
5. Rename the original apache-tomcat directory located in <WEB_CLIENT_INSTALL_DIR> to apache-tomcat_ORIG
   
   
6. Copy the extracted apache-tomcat directory from step 2 to <WEB_CLIENT_INSTALL_DIR>


7. Delete the following directories from new apache-tomcat directory.
   
   webapps
conf

Note: The above conf is inside apache-tomcat directory. 
   There is another conf directory in <WEB_CLIENT_INSTALL_DIR>.
   Do not make any changes to that directory.
   
   
8. Copy following directories and files from the old apache-tomcat_ORIG to the new apache-tomcat
   
   webapps
conf
bin/catalina.sh (or Catalina.bat on Windows)
Service.bat (On Windows)

    7.  Start the Web Client. 

    8. (Optional) The apache-tomcat_ORIG may be removed if Web Client is working properly.