Hello, While checking latest TomEE 7.0.5, I noticed that it's based on Tomcat 8.5.21.
I recently received the following CVE alert with impacts Tomcat 8.5.x until Tomcat 8.5.22: [SECURITY] CVE-2017-12617 Apache Tomcat Remote Code Execution via JSP upload I see that it is fixed in Tomcat 8.5.23: https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.23 Would it be possible to upgrade TomEE 7.0.5 snapshot dependency to Tomcat 8.5.23 ? Best regards, Alexandre
