This update for tomcat fixes the following issues: - CVE-2018-11784: When the default servlet in Apache Tomcat returned a redirect to a directory a specially crafted URL could be used to cause the redirect to be generated to any URI of the attackers choice