Just want to give a heads up since I did not see it anywhere else on Jamfnation yet. My security team contacted me today regarding a Tomcat vulnerability. Remote code execution in Apache Tomcat AJP connector. A lot of versions of Tomcat effected. Please look at the link below for details.
https://www.cybersecurity-help.cz/vdb/SB2020022111?affChecked=1