THALES GROUP LIMITED DISTRIBUTION to email recipients Hello everyone,
TomEE 9.1.3 is based on Tomcat 10.0.27. So the question is: Is TomEE 9.1.3 vulnerable to this CVE ? If the answer is yes, will you provide a fix for Tomcat 10.0.27 which is not maintained anymore ? and so will you release a new TomEE 9.x version ? This CVE has been fixed by Tomcat 9.0.90+ and 10.1.25+. Best Regards.
