In what rhythm do you update the embedded Tomcat - currently outdated
with the 9.8.0 release, I was happy to see that the embedded Tomcat was almost up to date (9.0.68). Our security team was very excited.
However, that has since changed. 6 months later, it is still the now outdated version 9.0.68. Security-wise, this is no longer permissible for us and we have a problem.
You don't support an own Tomcat, but you don't manage to keep the Tomcat halfway up to date - lose-lose for us as customers.
I have set up YF with my own Tomcat, actually no big deal and it works fine. You only have to put the war file into your own Tomcat and YF installs itself and works. Unfortunately your update idea doesn't fit to the war-file idea. Because during the update you replace single files instead of delivering a new war-file.
What can I do to meet the security requirements or when is a new TC coming from you?