Dear Sir or Lady,
during an internal audit we stumbeld over XMC and CVE-2020-1938.
We found your KB articel regarding Ghostcat:
But regarding to the security researcher Tomcat 6 is very well affected:
Did you backport the security fixes to the EOL tomcat 6 branch? Or do you have further knowledge regarding tomcat 6 and ghostcat?