Tomcat vulnerability

andrew.dun · March 3, 2020, 9:30am

Hi, I’m running KNIME Server version 4.10.1, and my department’s security team have asked me to update Apache Tomcat from version 8.5.20 to 8.5.51in response to a recently announced vulnerability, as linked below.

Wondering if is known whether the latest version of Tomcat is compatible with KNIME Server?

RolandBurger · March 3, 2020, 9:49am

Hi Andrew,

With regards to KNIME Server, there is no reason to be concerned: Our installer disables the AJP protocol automatically, so the server is not affected by this vulnerability.

Cheers,
Roland

andrew.dun · March 4, 2020, 12:18am

Thanks very much @RolandBurger, a relief to know this