How to alter/override Advertised server information in Spring boot Embedded Tomcat?

I’ve been digging how to do ‘tomcat hardening’ on embedded tomcat and I can’t find a way to alter these 3 catalina server info properties: , server.built , server.number

Is there a way to alter those 3 properties in spring file? Or by any other means?

Configuration below is a guide for hardening tomcat server specifically for but NOT on embedded tomcat

Altering the attribute may make it harder for attackers to determine which vulnerabilities affect the server platform.

Required Configuration:

Perform the following to alter the server platform string that gets displayed when clients connect to the tomcat server.

  1. Extract the file from the catalina.jar file: $ cd CATALINA_HOME/lib jar xf catalina.jar org/apache/catalina/util/
  2. Navigate to the util directory that was created cd org/apache/Catalina/util
  3. Open in an editor
  4. Update the attribute in the file.
  5. Update the catalina.jar with the modified file. $ jar uf catalina.jar org/apache/catalina/util/


I tried modifying the application fat jar by overwriting tomcat-embed-core-9.0.36 with modified in it. But when I start the application via Java, I got this error:

Caused by: java.lang.IllegalStateException: Unable to open nested entry ‘BOOT-INF/lib/tomcat-embed-core-9.0.36.jar’. It has been compressed and nested jar files must be stored without compression. Please check the mechanism used to create your executable jar file at org.springframework.boot.loader.jar.JarFile.createJarFileFromFileEntry( at org.springframework.boot.loader.jar.JarFile.createJarFileFromEntry( at org.springframework.boot.loader.jar.JarFile.getNestedJarFile( … 6 more