Search

FME Flow Upgrade: Provide Your Own Version of Tomcat

Luke Hicks
Luke Hicks
  • Updated

Introduction

FME Flow utilizes a third-party application, Apache Tomcat, to execute the FME Flow Web Services. Occasionally, your organization's penetration tests may identify new security vulnerabilities reported against the version provided with the default installation. If this happens, please contact Safe Software Support for more information on whether FME Flow is affected by this vulnerability. 

If this is the case, it will be necessary to upgrade Tomcat to a version that is not affected by the vulnerability. 

To upgrade FME Flow to point to another version of Tomcat, we’d recommend taking a backup and then reinstalling using the distributed install option, where you can then opt not to install the FME Flow Web Application in favor of providing your own. 

However, in some cases, a reinstall is not desirable. The steps documented below enable you to upgrade Tomcat without taking your existing FME Flow system down. 

For more information on the version of Tomcat used by default in your FME Flow installation, see Third-Party Component Versions for FME Flow.

Key References

<FMEFlowDir> refers to the location of the FME Flow installation folder, specified during installation. By default, on Windows, this is C:\Program Files\FMEFlow\

<TomcatDir> refers to the location of the Tomcat installation folder. By default, on Windows, this is C:\Program Files\Apache Software Foundation\Tomcat <9.0.x or 10.1.x>\ 

<JREDir> refers to the location of your JRE installation folder. This will vary depending on where you downloaded JRE from. 

Requirements

  • FME Flow Core and Application Server are installed on the same host.
  • Java Runtime Environment Download
    • We recommend running the web application server on the same version of the Java Runtime Environment as FME Flow runs. To determine this version, use a text editor to open <FMEServerDir>\Utilities\jre\release
  • Apache Tomcat
    • For versions 2026.0 and earlier: Apache Tomcat version 9.0.x Download
    • For versions 2026.1 and later: Apache Tomcat version 10.1.x Download

The following are not supported: Java Runtime Environment 9 -16, 18 or later; Apache Tomcat version 11.x

Please note that as of 2026.1 FME Flow will be using Apache Tomcat version 10.1.x. If you are on an earlier version please use Apache Tomcat version 9.0.x

Step-by-Step Instructions

Disclaimer

The following steps were identified through trial and error by the support team. They have been tested on 2022.2, where FME Flow Core and Application Server are both installed locally. We anticipate these steps should work for other versions, but they have not undergone any QA process. If something does not work, a complete reinstall is recommended.

FME Flow is only tested with the version of Tomcat that it ships with. We perform incremental upgrades to address reported security vulnerabilities rather than introducing new features. Therefore, we do not anticipate any issues; however, we recommend testing before deploying changes to a production environment.

1. Backup FME Flow 

Before making any changes, back up the existing installation as a precaution. From the FME Flow Web UI, go to Admin > Backup & Restore > Backup and download a backup file.  Ensure to download the current encryption key at the same time as performing the backup.

2. Shutdown FME Flow Application Server Service 

On the host where FME Flow is installed, open Services and stop the FME Flow Application Server Service.

3. Install Apache Tomcat

Verify the installation was successful by navigating to http://localhost 

The Tomcat installer will prompt you to specify a port. If you used a value other than 80, this needs to be specified in the URL e.g., http://localhost:8080. The default port in the installer is 8080.

Open Services and stop the Apache Tomcat Service

4. Copy Files from FME Flow’s Tomcat to the New Tomcat

Copy all .war files from <FMEFlowDir>\Utilities\tomcat\webapps\ to <TomcatDir>\webapps\.

Copy all the .jar files in from <FMEFlowDir>\Utilities\tomcat\lib\ to <TomcatDir>\lib\. You will be prompted to ‘Replace or Skip Files’. Choose the option ‘Skip these files’.

5. Start Apache Tomcat 

Wait a few minutes to allow Tomcat to unpack the contents of the .war and .jar files. Then confirm the following:

6. Update the Service Startup Types

Once your testing is complete and you are satisfied that the Tomcat installation is working properly, we recommend disabling the FME Flow Application Server Service to prevent it from automatically starting up in the future. 

Go to Services and find the FME Flow Application Server Service. Right-click and select Properties. Under General > Startup type, select Disabled. 

Second, by default, the Apache Tomcat Service Startup Type = Manual. If your host is shut down, you'll need to manually restart this service to access FME Flow. Instead, you can update this service to start automatically whenever the host machine comes online. Repeat the steps above, but this time edit the properties of the Apache Tomcat Service and set the Startup Type = Automatic.

Optional Configurations

Reconfigure HTTPS

If FME Flow was previously configured for HTTPS, you’ll need to partially reconfigure it. 

Windows

  • For a PFX certificate, follow steps 1-4, 6 & 7. 
    • Replace references to <FMEFlowDir> with <TomcatDir>
    • In step 6f, replace the file path for the Keystore parameter with <JREDir>\lib\security\cacerts
    • If you are using WebSockets or single sign-on, you’ll also follow steps 9 and 10, respectively. 
  • For a CA-issued certificate, follow steps 6-10 and 12. 
    • Replace references to <FMEFlowDir> with <TomcatDir>
    • Before completing these steps, fetch the value for the keystoreFile parameter in  <FMEFlowDir>\Utilities\tomcat\conf\server.xml. Copy this keystore file to your new Tomcat folder and use this as your Keystore. 
    • For step 6, replace the file path for the Keystore parameter with <JREDir>\lib\security\cacerts
    • If you are using WebSockets or single sign-on, you’ll also follow steps 14 and 15, respectively. 

If you encounter any issues, run through the steps in full to make sure nothing was missed. 

Linux

  • The HTTPS configuration is handled by NGINX, so no reconfiguration is necessary. 

URL Redirect

When FME Flow is installed with the default FME Flow Application Server Service, if you navigate to http://locahost:<port> or http://<hostname>:<port>, you’ll be redirected to FME Flow. You can set this up on your own Tomcat installation by: 

1. In a notepad, open <TomcatDir>\webapps\ROOT\index.jsp

2. Find the line

<!DOCTYPE html>
<html lang="en">

and in the head element add

<meta HTTP-EQUIV="REFRESH" content="0; url=fmeserver">

3. Restart the Apache Tomcat Service to apply the change. 

4. Open a Web browser and go to http://localhost to confirm the redirection. 

Troubleshooting

The Tomcat Logs will no longer be stored in the FME Flow System Share. Instead, if you encounter issues, start by reviewing the files in <TomcatDir>\logs\ for SEVERE messages. 

Was this article helpful?

We're sorry to hear that.

Please tell us why.

As of January 14th, 2026, comments on knowledge base articles have been closed. To make sure questions don’t get missed and to enable more community support, we’ve moved discussions to the FME Community. If you have a question or a comment about this article, please create a new post or create a support ticket.