Comment 5 for bug 1865904

@Security - checking past uploads and the package I've found that - since it is in universe there are no usual regular MREs. But there was a security upload for [1] and some former ones.

I've read through [2] and seen that there are a few low [3][4] and one medium [5] case open.
And as reported that would also include [6].

Since the package isn't getting usual MREs (being n universe) but has got MRE bumps for security reasons I wanted to ask if you'd consider doing that again?

OTOH .39 to .61 also sounds like quite some regression risk so I'd absolutely understand a simple "no" as answer. There are more recent versions in newer Ubuntu release, but only of tomcat9 and later, not tomcat8.

I subscribed ubuntu-security for an answer to my question - it felt wrong to "assign" you as that is your call to make.

[1]: https://ubuntu.com/security/CVE-2019-10072
[2]: https://tomcat.apache.org/tomcat-8.5-doc/changelog.html
[3]: https://ubuntu.com/security/cve-2019-17563
[4]: https://ubuntu.com/security/CVE-2019-0232
[5]: https://ubuntu.com/security/CVE-2019-12418
[6]: https://ubuntu.com/security/cve-2020-1938