If I look at the security issues found in tomcat 8, it seems you have to release every 1 or 2 months: https://tomcat.apache.org/security-8.html So we can expect the security fix made in tomcat 8.5.23 in a month from now?
ps: The mailing list uses http iso https (http://tomee-openejb.979440.n4.nabble.com), which means your (and mine) password can be captured from network traffic by anyone. Can you look into this? -- Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
