The latest CVE is of priority HIGH: https://access.redhat.com/security/cve/cve-2017-12617. Are tomcat vulnerabilities monitored and how is decided if a release will be made? In my opinion every HIGH vulnerability should result in a fixpack/release. If I can be of any help in this subject please let me know.
-- Sent from: http://tomee-openejb.979440.n4.nabble.com/TomEE-Users-f979441.html
