A critical vulnerability CVE-2020-1938 was published. Does this affect AutoPilot functionality?
The sample tomcat application server shipped with AutoPilot products including Navigator and XRay, provides a default tomcat configuration. With versions Apache tomcat versions 7 and 8, AJP is enabled by default. This is not required for AutoPilot applications and can be disabled.
You can check if you version has this enabled by editing server.xml in the AutoPilotM6/apache-tomcat/conf folder. If you have the following,
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Comment out the 2nd line and restart the apache tomcat server.
<!--Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /-->
You may also want to upgrade your version of Tomcat and described in this FAQ.