Greetings all,
We are installing Knime server 4.16.12 which comes with Apache Tomcat version 9.0.89
Our vulnerability scanner has picked up a “Improper Handling of Exceptional Conditions” vulnerability with the solution to upgrade to Apache Tomcat version 9.0.90.
Can the Tomcat simply be updated to 9.0.90?
Yes, you can update Tomcat to a more recent version. Note that you only have to update if the encryption is done by KNIME Server itself and not some frontend proxy such as Apache httpd.
Internally we have already updated to 9.0.95 and will release new KNIME Server versions soon.