We have migrated from 4.0 to 5.1 due to a scan that reported vulnerabilities from Tomcat. I know that there was a fork and now Jboss does not directly map to a Tomcat version as of Tomcat 6.015? I think I saw. So with that said are these vulnerabilities: http://tomcat.apache.org/security-6.html That were not fixed til 6.0.20 fixed in 5.1? Is there a list like this of any known vulnerabilities. I have not been able to find such a list. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4265384#... Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&a...