Github user rzo1 commented on the issue:
https://github.com/apache/tomee/pull/276
I adjusted the PR to my comments above.
Feel free to give any other suggestions. If we introduce this, I would
recommend to add `owasp-check` to the CI system. Who can do this?
The CVE score to fail the build needs to be greater 8.0 atm.---
