@Security - checking past uploads and the package I've found that - since it is in universe there are no usual regular MREs. But there was a security upload for [1] and some former ones.
I've read through [2] and seen that there are a few low [3][4] and one medium [5] case open.
And as reported that would also include [6].
Since the package isn't getting usual MREs (being n universe) but has got MRE bumps for security reasons I wanted to ask if you'd consider doing that again?
OTOH .39 to .61 also sounds like quite some regression risk so I'd absolutely understand a simple "no" as answer. There are more recent versions in newer Ubuntu release, but only of tomcat9 and later, not tomcat8.
I subscribed ubuntu-security for an answer to my question - it felt wrong to "assign" you as that is your call to make.
@Security - checking past uploads and the package I've found that - since it is in universe there are no usual regular MREs. But there was a security upload for [1] and some former ones.
I've read through [2] and seen that there are a few low [3][4] and one medium [5] case open.
And as reported that would also include [6].
Since the package isn't getting usual MREs (being n universe) but has got MRE bumps for security reasons I wanted to ask if you'd consider doing that again?
OTOH .39 to .61 also sounds like quite some regression risk so I'd absolutely understand a simple "no" as answer. There are more recent versions in newer Ubuntu release, but only of tomcat9 and later, not tomcat8.
I subscribed ubuntu-security for an answer to my question - it felt wrong to "assign" you as that is your call to make.
[1]: https:/ /ubuntu. com/security/ CVE-2019- 10072 /tomcat. apache. org/tomcat- 8.5-doc/ changelog. html /ubuntu. com/security/ cve-2019- 17563 /ubuntu. com/security/ CVE-2019- 0232 /ubuntu. com/security/ CVE-2019- 12418 /ubuntu. com/security/ cve-2020- 1938
[2]: https:/
[3]: https:/
[4]: https:/
[5]: https:/
[6]: https:/