This jira has been opend as a bug and not improvement because the upgrade should solve the following vulnerabilities:
Vulnerabilities (CVE-2016-5018, CVE-2016-6796, CVE-2016-1336, CVE-2016-6794) exist in apache-jsp library which is used by both tomcat and jetty. As you have noticed, it is fixed in 8.0.52 which is only available in latest Jetty 9.4.x releases. So the correct resolution of this issue would be to add support for jetty 9.4.x in XAP.
The customer is particularly effected by this component due to the use of jetty 9.3 in XAP.
Customer priority 1