Skip to main content

Hi list.

We're still running FME Server 2020.2.5, and now our IT department is fuzzing over questioning the version of Tomcat that runs FME Server. Something with potential vulnerabilities.

Is it possible to update this Tomcat without updating FME Server itself ?

If so, what are the caveats ?

Cheers

If it's regarding the log4j vulnerability there's a good overview of the situation and the actions you can take here.

I think it might heavily depend on whether this was an express or a custom installation.


FME Server has a pretty narrow selection of supported Web App servers - see here: https://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/Provide_Web_App_Server.htm

 

I'd hazard a guess that your IT department would be wanting you to upgrade to Tomcat 10 which is listed as unsupported


If it's regarding the log4j vulnerability there's a good overview of the situation and the actions you can take here.

I think it might heavily depend on whether this was an express or a custom installation.

No, it's something called "BlackstoneOne" that prompted them to issue the request for update.

I installed it normally, i.e. express I guess. But Tomcat applets ought to be independent of the Tomcat itself, if they're compatable of course. So I was hoping.


FME Server has a pretty narrow selection of supported Web App servers - see here: https://docs.safe.com/fme/html/FME_Server_Documentation/AdminGuide/Provide_Web_App_Server.htm

 

I'd hazard a guess that your IT department would be wanting you to upgrade to Tomcat 10 which is listed as unsupported

Thanks @hkingsbury​ .

I will certainly forward this to them.


Reply