Continuing the work on OSS https://github.com/Activiti/Activiti/issues/1767 about vulnerability found here http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5645
This was already fixed in the engine. It needs to be fixed in activiti-bpm-suite and activiti-admin as well.