We got notified that there is an AJP security vulnerability with all Apache Tomcat releases. The issue is discussed as CVE-2929-1938. A remote, unauthenticated/untrusted attacker could exploit this AJP configuration to read web application files from a server exposing the AJP port to untrusted clients.
That said, the default Tomcat instance that is included in our Razuna download has the **AJP connector disabled by default.** Also, all customers of our dedicated Razuna servers, **are already protected**!
However, if you installed Razuna on your customer Tomcat installation, please make sure to disable the AJP connector in the server.xml file that can be found in the tomcat/config folder.