A critical vulnerability CVE-2020-1938 was published. Does this affect AutoPilot functionality?
The Apache Tomcat Application server bundled with AutoPilot software for Navigator and XRay provides default Apache Tomcat Application server configuration. Apache Tomcat Application server configuration has AJP enabled in versions 7 and 8 by default. AJP is not required for Navigator and XRay applications and can be disabled.
You can check if you version has this enabled by editing server.xml in the AutoPilotM6/apache-tomcat/conf folder. If you have the following:
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
Comment out the 2nd line and restart the apache tomcat server.
<!--Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /-->
If you need to upgrade your version of Tomcat check out this FAQ.