This release addresses a critical vulnerability in Apache Tomcat by upgrading to v8.5.56. On May 20, 2020, the Apache foundation released information regarding a critical vulnerability (CVE-2020-9484) affecting Apache Tomcat. The vulnerability is due to incorrect validation of the deserialized data. A remote attacker exploiting this vulnerability, if he is able to control the content and the name of a file on the server, can execute arbitrary code via the deserialization of the file under his control by sending a specially crafted request.