diff --git a/examples/cdi-event-realm/pom.xml b/examples/cdi-event-realm/pom.xml
index 0117fad9ddc..5be4ff95b97 100644
--- a/examples/cdi-event-realm/pom.xml
+++ b/examples/cdi-event-realm/pom.xml
@@ -28,7 +28,7 @@
     <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     <openejb.version>4.7.6-TT.38</openejb.version>
     <tomee.version>1.7.6-TT.38</tomee.version>
-    <tomcat.version>7.0.104</tomcat.version>
+    <tomcat.version>7.0.109-TT.10</tomcat.version>
   </properties>
 
   <build>
diff --git a/pom.xml b/pom.xml
index 250de09f313..03de72e875f 100644
--- a/pom.xml
+++ b/pom.xml
@@ -128,7 +128,7 @@
 
     <jaxb.version>2.2.7</jaxb.version>
 
-    <tomcat.version>7.0.109-TT.9</tomcat.version>
+    <tomcat.version>7.0.109-TT.10</tomcat.version>
 
     <cxf.version>2.6.17-TT.9</cxf.version>
     <!--2.6.4 requires wss4j 1.6.8-->
diff --git a/tomee/apache-tomee/src/main/resources/META-INF/release_notes/RELEASE-NOTES-EAP-1.7.x b/tomee/apache-tomee/src/main/resources/META-INF/release_notes/RELEASE-NOTES-EAP-1.7.x
index d01363bd7a0..85cd5973ff5 100644
--- a/tomee/apache-tomee/src/main/resources/META-INF/release_notes/RELEASE-NOTES-EAP-1.7.x
+++ b/tomee/apache-tomee/src/main/resources/META-INF/release_notes/RELEASE-NOTES-EAP-1.7.x
@@ -1,4 +1,7 @@
-= TomEE EAP 1.7.6-TT.38
+= TomEE EAP 1.7.6-TT.39
+
+=== Changes in TomEE EAP 1.7.6-TT.39
+* Updated to Tomcat 7.0.109-TT.10 to mitigate CVE-2023-45648, CVE-2023-42795, CVE-2023-46589
 
 === Changes in TomEE EAP 1.7.6-TT.38
 * Updated to ActiveMQ 5.14.6-TT.3 to mitigate CVE-2023-46604