问题描述
Does the COMSOL software contain theApache Tomcat®software and, if so, is it affected by security vulnerabilities found in it? Can I update it sooner than the next product update?
解决方法
Summary
The following COMSOL functionality uses a built-in distribution of the Apache Tomcat 9 software:
- The documentation and help in COMSOL Multiphysics and COMSOL Documentation (when theHelp>Source>Locationpreference is set toLocal)
- Running COMSOL Multiphysics in client-server mode
- Model Manager server
- COMSOL Server
Install the latest product updates for the COMSOL software to also update its built-in Apache Tomcat distribution. If needed, see below for more information about Apache Tomcat security vulnerabilities and how to manually update the built-in Apache Tomcat distribution of COMSOL software.
Security vulnerabilities
All security vulnerabilities that are fixed in released versions of Apache Tomcat 9 are listed by the Apache Tomcat security team on theApache Tomcat 9.x vulnerabilitiespage.
Not all security vulnerabilities of Apache Tomcat apply to the COMSOL software, since the COMSOL software does not expose all functionality of its built-in Apache Tomcat distribution. In fact, COMSOL software typically only uses a relatively limited subset of the Apache Tomcat functionality.
- CVE-2025-24813
Assessment: Not vulnerable
The COMSOL software does not enable writes for the default servlet, which is needed to exploit the vulnerability.
Updating Apache Tomcat
Installing the latest product updates for the COMSOL software ensures that the built-in Apache Tomcat software is kept at the latest released version that has been fully tested together with the COMSOL software.
In some situations you might want to update to the most recently released Apache Tomcat version, either before a product update has been released for the COMSOL software with an updated Apache Tomcat software or for a version of COMSOL that no longer receives updates. The following explains how you can manually update the built-in Apache Tomcat software for a COMSOL software installation:
- Go to theTomcat 9 Software Downloadspage.
- Download theBinary Distributions>Core>ziparchive to a temporary location and unzip it.
- Locate the Apache Tomcat subdirectory of the COMSOL software installation to target. The following are the default installation folders:
- On Windows systems:
C:\Program Files\COMSOL\COMSOL63\[Product]\bin\tomcat - On macOS systems:
/Applications/COMSOL63/[Product]/bin/tomcat - On Linux systems:
/usr/local/comsol63/[product]/bin/tomcat - The
[Product]path segment isMultiphysicsfor COMSOL Multiphysics,Serverfor COMSOL Server, andModelManagerServerfor COMSOL Model Manager Server.
- On Windows systems:
- Stop any COMSOL software currently running from the targeted installation.
- Copy the
libandbindirectories from the extracted Apache Tomcat software to the Apache Tomcat subdirectory of the targeted COMSOL software installation, overwriting the existing files in these folders. The steps to copy a folder and merge its contents with the destination are different for each operating system:- On Windows: Drag the
libandbinfolders from the the extracted Apache Tomcat software to thebin\tomcatfolder of the targeted COMSOL software installation. You should get a confirmation dialog saying that the destination has files with the same names. Choose toReplace the files in the destination. - On macOS: Copy all the contents of the
libandbindirectories from the extracted Apache Tomcat software to the respective directories inbin/tomcatfolder of the targeted COMSOL software installation, overwriting the existing files in these folders. - On Linux: Change to the extracted Apache Tomcat software directory in a terminal window and use the command
cp -r lib bin [path-to-comsol]/bin/tomcat, where[path-to-comsol]is the path of the targeted COMSOL software installation.
- On Windows: Drag the
- Restart the COMSOL software from the targeted installation directory and verify that it works as before.
You will typically need administrator privileges to modify the COMSOL software installation, for example by giving administrative credentials on Windows systems or performing the operation asrootwithsudoon Linux systems.
If you want to restore the original version of the built-in Apache Tomcat software in the COMSOL software installation, use theSetuplauncher from the installation to run the COMSOL installer and use theAdd/Remove Products and Reinstalloption to restore the installation to its original state.
Note that until a new Apache Tomcat version has been tested for compatibility with the COMSOL software, it is not possible to guarantee that there are no incompatibilities. Known incompatible versions of Apache Tomcat can be posted on this Knowledge Base article in the future, so check back here or contact the COMSOL support if you notice any irregularities after doing a manual update of the built-in Apache Tomcat software in a COMSOL installation.
Apache Tomcat version
The following versions of the Apache Tomcat software are included with the currently supported versions of COMSOL:
- COMSOL 6.3 update 1:
Apache Tomcat 9.0.98 - COMSOL 6.2 update 3:
Apache Tomcat 9.0.84
In general, the version of the Apache Tomcat software included with a particular COMSOL software installation can be determined by the following steps:
- Locate the Apache Tomcat directory of the COMSOL software installation, as explained in the previous section.
- Open the
catalina.jararchive from itslibdirectory using a tool like7-Zip. - View the
META-INF/MANIFEST.MFfile in a text editor. - Read the Apache Tomcat version from the
Implementation-Versionentry.
COMSOL 尽一切合理的努力验证您在此页面上查看的信息。本页面提供的资源和文档仅供参考,COMSOL 对其有效性不作任何明示或暗示的声明。COMSOL 对所披露数据的准确性不承担任何法律责任。本文档中引用的任何商标均为其各自所有者的财产。有关完整的商标详细信息,请参阅产品手册。