Tomcat 8.0.33 is vulnerable to CVE-2016-3092: Apache Commons Fileupload information disclosure vulnerability

We need to upgrade the version we distribute with Confluence to 8.0.36. As usual with Tomcat upgrades, this involves uploading our own maven artifact based on the 8.0.36 windows x86 zip, updating the builds for stable to use this artifact, then updating the distribution.

http://mail-archives.apache.org/mod_mbox/www-announce/201606.mbox/%3C45A20804-ABFF-4FED-A297-69AC95AB9A3F%40apache.org%3E