Hello, the following lists Tomcat versions 8.5.0 - 8.5.12, does it mean that the problem has been fixed in 8.5.13 and later?
https://nvd.nist.gov/vuln/detail/CVE-2017-5651 I assume that it has been fixed, as 8.5.13 readme has: * [Fix:] 60918<http://bz.apache.org/bugzilla/show_bug.cgi?id=60918>: Fix sendfile processing error that could lead to subsequent requests experiencing an IllegalStateException. (markt) * [Fix:] Improve sendfile handling when requests are pipelined. (markt) -Harri
