Hi, the TomEE docs currently document CVE-2016-0779 as resolved in TomEE 1.7.4 and 7.0.0-M3. This seems to be a duplicate of CVE-2015-8581.
Therefore this vulnerability should also be documented as resolved. I opened a ticket and attached a patch that adds a mention of CVE-2015-8581 next to CVE-2016-0779. Would be nice if somebody could review it. Cheers Robert
