There is a new Tomcat version available which fixes a CVE:
The Apache Tomcat team announces the immediate availability of Apache
Tomcat 8.x users should normally be using 8.5.x releases in preference
to 8.0.x releases.
Apache Tomcat 8 is an open source software implementation of the Java
Servlet, JavaServer Pages, Java Unified Expression Language, Java
WebSocket and Java Authentication Service Provider Interface for
Apache Tomcat 8.5.x is intended to replace 8.0.x and includes new
features pulled forward from the 9.0.x branch. The notable changes since
- Fix CVE-2017-12617
- Add ExtractingRoot, a new WebResourceRoot implementation that extracts
JARs to the work directory for improved performance when deploying
packed WAR files.
- Additional capabilities for the CGI Servlet. Based on patches provided
- Added support for the OpenSSL SSL_CONF API. To support this the
minimum required Tomcat Native version is 1.2.14.
Please refer to the change log for the complete list of changes: