Log Message:
Update apache-tomcat8 to 8.0.36

Huge number of fixes listed at

  http://tomcat.apache.org/tomcat-8.0-doc/changelog.html

Highlights of fixes:

     * Fix: RMI Target related memory leaks are avoidable which makes them
       an application bug that needs to be fixed rather than a JRE bug to
       work around. Therefore, start logging RMI Target related memory
       leaks on web application stop. Add an option that controls if the
       check for these leaks is made. Log a warning if running on Java 9
       with this check enabled but without the command line option it
       requires. (markt)
     * Fix: Ensure NPE will not be thrown during deployment when scanning
       jar files without MANIFEST.MF file. (violetagg)
     * Fix: 59604: Correct the assumption made in the URL decoding that
       the default platform encoding is always compatible with ISO-8859-1.
       This assumption is not always valid, e.g. on z/OS. (markt)
     * Fix: 59608: Skip over any invalid Class-Path attribute from JAR
       manifests. Log errors at debug level due to many bad libraries.
       (remm)
     * Fix: Ensure that requests with HTTP method names that are not
       tokens (as required by RFC 7231) are rejected with a 400 response.
       (markt)
     * Fix: When an asynchronous request is processed by the AJP
       connector, ensure that request processing has fully completed
       before starting the next request. (markt)
     * Fix: If an async dispatch results in the completion of request
       processing, ensure that any remaining request body is swallowed
       before starting the processing of the next request else the
       remaining body may be read as the start of the next request leading
       to a 400 response. (markt)
     * Fix: Fix a memory leak in the expression language implementation
       that caused the class loader of the first web application to use
       expressions to be pinned in memory. (markt)
     * Fix: Correctly configure the base path for a resources directory
       provided by an expanded JAR file. Patch provided by hengyunabc.
       (markt)
     * Fix: 59317: Ensure that HttpServletRequest.getRequestURI() returns
       an encoded URI rather than a decoded URI after a dispatch. (markt)

Highlights of non-fixes:

     * Update: Update the internal fork of Commons DBCP 2 to r1743696
       (2.1.1 plus additional fixes). (markt)
     * Update: Update the internal fork of Commons Pool 2 to r1743697
       (2.4.2 plus additional fixes). (markt)
     * Update: Update the internal fork of Commons File Upload to r1743698
       (1.3.1 plus additional fixes). (markt)
     * Update: Update the option code coverage tool Cobertura to 2.1.1 so
       it is easier to compare the change in lines of code between 8.0.x
       and 9.0.x. (markt)
     * Add: Add a new environment variable JSSE_OPTS that is intended to
       be used to pass JVM wide configuration to the JSSE implementation.
       The default value is -Djdk.tls.ephemeralDHKeySize=2048 which
       protects against weak Diffie-Hellman keys with Java 8. (markt)
     * Update: Exclude ciphers that use RSA keys from the default cipher
       list since they do not support forward secrecy. (markt)
     * Update: Update the packaged version of the Tomcat Native Library to
       1.2.7 to pick up the Windows binaries that are based on OpenSSL
       1.0.2h and APR 1.5.2. (markt)