What is the current version of Tomcat in OpenEdge?

OpenEdge 12.8 ships with Tomcat 10.1.15. Between releases new updates may be required. For Tomcat updates in service packs, see OpenEdge® 13 Platform Compatibility Guide.

What are the current versions of Spring Framework and Spring Security in OpenEdge?

OpenEdge 12.8 ships with Spring Framework 6.0.14 and Spring Security 6.1.4. Between releases new updates may be required. For the Spring updates in service packs, see OpenEdge® 13 Platform Compatibility Guide.

What steps are required to update applications?

OpenEdge 12.8 requires the following application updates:

WebSpeed

The CHARACTER-ENCODING value returns "UTF-8". This change affects applications using the get-cgi method located in web\method\cgiutils.i. Before the 12.8 release, the CHARACTER-ENCODING value returned an empty string, "".

For more information, see "get cgi" in the OpenEdge Application Server: Developing WebSpeed Applications in the OpenEdge 11.7 documentation.

SAML

The samlToken.httpBinding.allowedMethods property in the oeablSecurity.properties file is deleted, and the CSV file referenced in the oeablsecurity.properties file controls URL access.

For more information, see About the URL access control file.

jwtToken.macKey

When you use jwtToken.keystore.type=mac, you must set the jwtToken.macKey value based on the value of the signatureAlg property.

For more information on Spring Security properties and values, see $DLC/servers/pasoe/conf/oeablSecurity.properties.README.

Is it possible to apply Tomcat security updates to PAS for OpenEdge?

Upgrading the Tomcat version shipped with PAS for OpenEdge is possible and supported as long as it is the same major version. For more information, see Apply Tomcat security updates.