[java-sig-commits] [Bug 1579611] CVE-2018-8014 tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins