upgrade tomcat embed to avoid DoS vuln