Updated (embedded) Tomcat to 9.0.70

Embedded Tomcat has been updated to version 9.0.70 (see Changelog Tomcat 9.0.70) to prevent known vulnerabilities.

Please be aware that Tomcat >= 9.0.69 serves cookies with dates formatted as required by RFC 6265 (see Changelog Tomcat 9.0.69). This may have to be respected in HTTP client implementations. When e.g. the Apache HttpClient is used and cookies are retrieved via the CookieStore, the cookie specification must be set to standard - see RequestConfig.Builder#setCookieSpec and CookieSpecs.

(CMS-22519)

Updated (Embedded) Tomcat to 9.0.68

Updated (Embedded) Tomcat to version 9.0.68 to prevent potential CVE-2022-42252, although we don't use the vulnerable setting rejectIllegalHeader.

(CMS-22354)

Added Nullability Annotations to Validator and ValidationService

Nullability annotations are added to Validator and ValidationService. Fixed a possible NullPointerException in com.coremedia.blueprint.common.services.validation.AbstractValidator.

(CMS-22183)

Fixed Atom Feed Validation

Added missing mandatory fields id and updated to Atom feed.

By this change, the optional fields pubDate and dc:date were also added to the RSS feed.

(CMS-21318)

Bugfix: Image Map Hotzones Misplaced when "Fit Image to Crop"

Image Map hotzones could be misplaced in CAE and Headless Server rendering, if "Fit image to crop" is active on corresponding image. This change resolves the issue. Existing image map hotzones do not need to be changed.

(CMS-19436)