Hello TomEE Devs, Unless I'm mistaking, we're still embedding Tomcat 8.5.32 with current TomEE 7.0.6 snapshot builds.
I think it is important to upgrade the embedded Tomcat version in 7.0.6 before it's releases because: 1. There's a CVE in 8.5.32+ which has been fixed in 8.5.34: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11784 2. I remember Gurkan used to mention an annoying Java namespace bug in Tomcat 8.5.32 for which he had opened a fix request (https://bz.apache.org/bugzilla/show_bug.cgi?id=62527) and which has been fixed in 8.5.33 Sounds like two good reasons for upgrading TomEE 7.0.5 dependency to Tomecat 8.5.3, don't you think? (I don't know the Tomcat equivalent for 7.1. / 8 TomEE release, but it's very likely we need similar upgrade to stay consistent) Kind regards, Alexandre
