Upgrading Tomcat

Important

This applicable only to TrueSight Orchestration Platform version 22.2

Summary

Security vulnerabilities have been identified in the version of Apache Tomcat that is included in version 22.2.00 of TrueSight Orchestration. We recommend that customers using version 22.2.00 of TrueSight Orchestration should upgrade to Tomcat version 9.0.100. Use the instructions described in this topic if you want to upgrade to Tomcat version 9.0.100 on TrueSight Orchestration Platform version 22.2.00. 

FAQs

Q1: Who should upgrade?

We recommend this upgrade for the users who have deployed TrueSight Orchestration version 22.2.00.

Q2: What vulnerabilities are addressed by this upgrade?

This upgrade primarily addresses the following vulnerabilities:

  • CVE-2022-42252
  • CVE-2022-45143
  • CVE-2023-24998
  • CVE-2023-28708
  • CVE-2023-28709
  • CVE-2023-34981
  • CVE-2023-41080
  • CVE-2023-42794
  • CVE-2023-42795
  • CVE-2023-44487
  • CVE-2023-45648
  • CVE-2024-34750
  • CVE-2024-38286
  • CVE-2024-23672
  • CVE-2024-24549
  • CVE-2024-52316
  • CVE-2025-24813

To see the details of these vulnerabilities and all other fixed vulnerabilities, see https://tomcat.apache.org/security-9.html.

Q3: Should I upgrade now?

We recommend that you review the vulnerabilities addressed with this upgrade. However, if you cannot perform the upgrade now, or do not perceive sufficient risk due to vulnerabilities, you might want to wait for the next release, which will contain an in-built upgrade of Tomcat. 

Q4: What versions of Tomcat and TrueSight Orchestration will be operational when the process is complete?

TrueSight Orchestration will remain at the same version, 22.2.00 as before the upgrade. The version of Tomcat will be 9.0.100.

Q5: Why shouldn't I upgrade to a more recent version of Tomcat?

At this point in time, we recommend upgrading to version 9.0.100. Later versions of Tomcat utilize the Jakarta EE platform, which is not yet supported by TrueSight Orchestration. 

Q6: How much downtime or service interruption will the upgrade require?

The upgrade process will require approximately 30 minutes per peer to complete.

Q7: Is a rollback procedure available in the event of a problem?

Yes. BMC recommends creating backups prior to starting the upgrade procedure. See Rolling back the Tomcat upgrade.

Q8: Who should I contact if I have any queries?

Contact BMC Support if you have any queries.

Upgrading Tomcat on Windows

Important

These steps are applicable for all peer types (CDP, HA-CDP, AP, LAP, Repository and OCP (required only if OCP is installed separately)). Ensure that you upgrade Tomcat on all peer types in your environment. 

Before you begin

Before you begin, ensure that you have met the following prerequisites:

  1. Download the binaries for Tomcat version 9.0.100 from this link.

  2. Extract the downloaded ZIP file to a directory other than the <TSO_HOME> directory, which represents the directory in which you have installed any of the components on a server.
    Ensure that the extracted directory structure contains the tomcat folder.

To upgrade Tomcat on Windows

  1. Stop the services for the peer on which you are upgrading Tomcat.
  2. Back up the existing tomcat folder in the <TSO_PEER_HOME> directory. For example, for the CDP peer, the tomcat folder is located in the CDP_HOME directory.

  3. Navigate to the directories listed in the following table, copy the files and folders in the existing tomcat directory, and paste them into the same directories of the unzipped file.

    Existing Tomcat directory paths

    Files and folders to be copied

    <TSO_PEER_HOME>\tomcat\bin\

    • bao.bat file
    • service.bat file
    • tomcat9.exe file

    <TSO_PEER_HOME>\tomcat\conf\

    • .keystore file
    • context.xml file 
    • server.xml file
    • catalina.properties file
    • Catalina folder

    <TSO_PEER_HOME>\tomcat\lib\

    • bao-connect.jar
    • file commons-codec.jar
    • file hsqldb*.jar
    • file (for example, hsqldb-2.3.4.jar)
    • javax.jws-api.jar
    • log4j-1.2-api.jar
    • log4j-api.jar
    • log4j-core.jar
    • log4j-slf4j-impl.jar
    • not-yet-commons-ssl.jar
    • security-common.jar

    <TSO_PEER_HOME>\tomcat\

    • webapps folder
    • work folder
    • logs folder

    <TSO_PEER_HOME>\tomcat\temp

    *.dll files (all files with the extension .dll)

  4. Delete the tomcat folder from the existing <TSO_PEER_HOME> directory. For example, C:\Program Files\BMC Software\BAO\CDP\tomcat.
  5. Copy the modified tomcat folder (modified in step 3, Tomcat version 9.0.100) to the <TSO_PEER_HOME> directory. For example, copy the tomcat folder to the C:\Program Files\BMC Software\BAO\CDP directory.
  6. Restart the peer services.

Upgrading Tomcat on Linux

Important

These steps are applicable for all peer types (CDP, HA-CDP, AP, LAP, Repository and OCP (required only if OCP is installed separately)). Ensure that you upgrade Tomcat on all peer types in your environment. 

Before you begin

Before you begin, ensure that you have met the following prerequisites:

  1. Download the binaries for Tomcat version 9.0.100 from this link.

  2. Untar the downloaded TAR file to a directory other than the <TSO_HOME> directory, which represents the directory in which you installed any of the components on a server.
    Ensure that the untarred directory contains the tomcat folder.

To upgrade Tomcat on Linux

  1. Stop the services for the peer on which you are upgrading Tomcat.
  2. Back up the existing tomcat folder in the <TSO_PEER_HOME> directory. For example, for the CDP peer, this folder is located in the CDP_HOME directory.

  3. Navigate to the directories listed in the following table, copy the files and folders in the existing tomcat directory, and paste them into the same directories of the untarred file. 

    Existing Tomcat directory paths

    Files and folders to be copied

    <TSO_PEER_HOME>/tomcat/conf/

    • .keystore file
    • context.xml file 
    • server.xml file
    • catalina.properties file
    • Catalina folder

    <TSO_PEER_HOME>/tomcat/lib/

    • bao-connect.jar
    • file commons-codec.jar
    • file hsqldb*.jar file (for example, hsqldb-2.3.4.jar)
    • javax.jws-api.jar
    • log4j-1.2-api.jar
    • log4j-api.jar
    • log4j-core.jar
    • log4j-slf4j-impl.jar
    • not-yet-commons-ssl.jar
    • security-common.jar

    <TSO_PEER_HOME>/tomcat/

    • webapps folder
    • work folder
    • logs folder
  4. Delete the tomcat folder located in the existing <TSO_PEER_HOME> directory. For example, /opt/bmc/BAO/CDP/tomcat.
  5. Copy the modified tomcat folder (modified in step 3, Tomcat version 9.0.100) to the <TSO_PEER_HOME> directory. For example, copy the tomcat folder to the /opt/bmc/BAO/CDP/ directory.
  6. Restart the peer services.

Rolling back the Tomcat upgrade

  1. Stop the services for the peer on which you have upgraded Tomcat.
  2. Replace the tomcat folder in the <TSO_PEER_HOME> directory with the backed up tomcat folder.
  3. Start the services for the peer.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*