This update includes a rebase from 7.0.99 up to 7.0.100 which resolves one CVE along with various other bugs/features:
WARNING - This update does not enforce the change in defaults for the AJP Connector like the upstream fix does. This is done to prevent breakage of current installations, but it is highly advised to review your AJP Connector configuration to ensure that it is only accessible by your proxy! For more information see the Tomcat Security Page and the Tomcat Security Considerations Document.
Please login to add feedback.