Hurray, Good news is, we just upgraded one of our app from v 8.5 to 8.6 and ran PCI DSS compliance audit and our app PASSED the audit. We have not modified Tomcat for this audit. The latest Java and Tomcat 9.0 had done it on its own. Prior to 8.6 version, we have to make close to 30 changes in Tomcat and OS to make it compliant but with 8.6, 90% of the battle is won. Remaining 10% tasks are related to OS configuration like secure RDP, Telnet setup and secure accessibility configuration. If you are using Payment Gateways in your app or running Financial Transactions, its wise to upgrade to version 8.6. Just wanted to share as an
