Skip to Content
0
Aug 30, 2023 at 05:43 PM

Best practice for upgrading Tomcat for Crystal Server

302 Views

We are currently on Crystal Report Server BI 4.3 SP3 (Tomcat 9.0.65). Our security scans have identified a vulnerability (CVE-2023-24998) which we need to patch, requiring at least Tomcat 9.0.71.

The latest BI patch (BI 4.3 SP03 Patch 500) updates Tomcat to 9.0.74, which will fix the vulnerability.

[https://me.sap.com/notes/2112338]

Is it best to apply the SAP BI patch (BI 4.3 SP03 Patch 500) , or to just upgrade Tomcat independently... to possibly even a newer version?

Thank you!