This update includes a rebase from 9.0.10 up to 9.0.13 which resolves one CVE along with various other bugs/features: rhbz#1636513 – CVE-2018-11784 tomcat: Open redirect in default servlet