Upgrade the bundled version of Apache Tomcat to 8.5.57

h3. Issue Summary

The recently disclosed vulnerability regarding Apache Tomcat

• [CVE-2020-13934|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934]

affects the following versions:

Apache Tomcat 8.x from 8.5.1 to 8.5.56
Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36
Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6

Additionally, the following disclosed vulnerability regarding Tomcat:

• [CVE-2020-13935|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935]

affects the following versions:

Apache Tomcat 7.x from 7.0.27 to 7.0.104
Apache Tomcat 8.x from 8.5.1 to 8.5.56
Apache Tomcat 9.x from 9.0.0.M5 to 9.0.36
Apache Tomcat 10.x from 10.0.0-M1 to 10.0.0-M6

We should bundle a more recent version of Tomcat so that Jira is not affected by this in the future.

h3. Steps to Reproduce

• Check the CVE reports:
  ** [CVE-2020-13934|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13934]
  ** [CVE-2020-13935|https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13935]

h3. Expected Results

• Not applicable.

h3. Actual Results

• Not applicable.

h3. Workaround

• Manually upgrade Tomcat according to our [documentation|https://confluence.atlassian.com/jirakb/how-to-upgrade-apache-tomcat-version-used-by-jira-879957866.html].