diff --git a/CHANGELOG.md b/CHANGELOG.md
index bdd09a2..812708e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,11 @@ All notable changes to this project are documented in this file following the [K
 Issues reported on [GitHub](https://github.com/authzforce/server/issues) are referenced in the form of `[GH-N]`, where N is the issue number. Issues reported on [OW2](https://jira.ow2.org/browse/AUTHZFORCE/) are mentioned in the form of `[OW2-N]`, where N is the issue number.
 
 
+## 11.0.1
+### Fixed
+- [GH-22]: replaced vulnerable Tomcat base image with latest official (tomcat:9-jre11-temurin-focal) for Docker.
+
+
 ## 11.0.0
 ### Changed
 - **Supported PDP configuration schema version is now 8.0 minimum: if you are already using AuthzForce Server 10.x or older and wish to migrate to this new version, follow the [Upgrader tool instructions](upgrader/src/README.md)**
@@ -20,8 +25,8 @@ Issues reported on [GitHub](https://github.com/authzforce/server/issues) are ref
   - authzforce-ce-core-pdp-api to 21.2.0
 
 ### Added
-- Feature: XPath variables in `AttributeSelector`s' and `xPathExpression` `AttributeValue`s' XPath expressions can now be defined by XACML `VariableDefinitions` (variable name used as XACML `VariableId`), which means XACML Variables can be used as XPath variables there.
-- Feature: XACML `VariableReference`s can be used (indirectly) in `Match` elements through special `AttributeDesignators`, i.e. by enabling the new built-in Attribute Provider (`XacmlVariableBasedAttributeProvider` class) with an `attributeProvider` element of the new type `XacmlVarBasedAttributeProviderDescriptor` in PDP configuration, any `AttributeDesignator`s with `Category` matching the `attributeProvider/@category` in PDP configuration is handled as a `VariableReference` and the `AttributeId` is handled as the `VariableId`.
+- **New feature**: XPath variables in `AttributeSelector`s' and `xPathExpression` `AttributeValue`s' XPath expressions can now be defined by XACML `VariableDefinitions` (variable name used as XACML `VariableId`), which means XACML Variables can be used as XPath variables there.
+- **New feature**: XACML `VariableReference`s can be used (indirectly) in `Match` elements through special `AttributeDesignators`, i.e. by enabling the new built-in Attribute Provider (`XacmlVariableBasedAttributeProvider` class) with an `attributeProvider` element of the new type `XacmlVarBasedAttributeProviderDescriptor` in PDP configuration, any `AttributeDesignator`s with `Category` matching the `attributeProvider/@category` in PDP configuration is handled as a `VariableReference` and the `AttributeId` is handled as the `VariableId`.
 
 ### Fixed
 - [GH-66]: Support any XML namespace prefix declared on root PolicySet element in XACML AttributeSelectors' XPath expressions (namespace-aware evaluation).
diff --git a/dist/pom.xml b/dist/pom.xml
index e7718c1..aa64523 100644
--- a/dist/pom.xml
+++ b/dist/pom.xml
@@ -3,7 +3,7 @@
    <parent>
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-server</artifactId>
-      <version>11.0.0</version>
+      <version>11.0.1</version>
       <relativePath>../pom.xml</relativePath>
    </parent>
    <artifactId>authzforce-ce-server-dist</artifactId>
diff --git a/dist/src/docker/Dockerfile.tmpl b/dist/src/docker/Dockerfile.tmpl
index b88e3e0..85b6904 100644
--- a/dist/src/docker/Dockerfile.tmpl
+++ b/dist/src/docker/Dockerfile.tmpl
@@ -23,7 +23,7 @@
 
 # The alternative is to use FROM ubuntu:* then install tomcat ubuntu package and use upstart/sysctl init script but this is not the way to go:
 # https://github.com/docker/docker/issues/6800
-FROM tomcat:9-jre11-slim
+FROM tomcat:9-jre11-temurin-focal
 MAINTAINER AuthzForce Team
 
 ENV DEBIAN_FRONTEND noninteractive
diff --git a/pom.xml b/pom.xml
index d5da0c3..024dbef 100644
--- a/pom.xml
+++ b/pom.xml
@@ -8,7 +8,7 @@
    </parent>
    <artifactId>authzforce-ce-server</artifactId>
    <!-- FIWARE Versioning + Version must be equal or higher than 'authzforce-ce-rest-api-model' dependency in 'rest-service' module -->
-   <version>11.0.0</version>
+   <version>11.0.1</version>
    <packaging>pom</packaging>
    <name>${project.groupId}:${project.artifactId}</name>
    <description>AuthzForce CE Server</description>
diff --git a/rest-service/pom.xml b/rest-service/pom.xml
index f98fa8d..060298e 100644
--- a/rest-service/pom.xml
+++ b/rest-service/pom.xml
@@ -4,7 +4,7 @@
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-server</artifactId>
       <!-- Version must be equal or higher than authzforce-ce-rest-api-model dependency -->
-      <version>11.0.0</version>
+      <version>11.0.1</version>
       <relativePath>../pom.xml</relativePath>
    </parent>
    <artifactId>authzforce-ce-server-rest-service</artifactId>
diff --git a/upgrader/pom.xml b/upgrader/pom.xml
index 27a37f4..38305db 100644
--- a/upgrader/pom.xml
+++ b/upgrader/pom.xml
@@ -3,7 +3,7 @@
    <parent>
       <groupId>org.ow2.authzforce</groupId>
       <artifactId>authzforce-ce-server</artifactId>
-      <version>11.0.0</version>
+      <version>11.0.1</version>
       <relativePath>../pom.xml</relativePath>
    </parent>
    <artifactId>authzforce-ce-server-upgrader</artifactId>
diff --git a/webapp/pom.xml b/webapp/pom.xml
index f95bcde..ed52a99 100644
--- a/webapp/pom.xml
+++ b/webapp/pom.xml
@@ -3,7 +3,7 @@
 	<parent>
 		<groupId>org.ow2.authzforce</groupId>
 		<artifactId>authzforce-ce-server</artifactId>
-		<version>11.0.0</version>
+		<version>11.0.1</version>
 		<relativePath>../pom.xml</relativePath>
 	</parent>
 	<artifactId>authzforce-ce-server-webapp</artifactId>