OK, I've created a Tomcat 9 package set which has a fix for the CVE.
I didn't base it on the very latest Tomcat 9, because Java 17 has become a requirement for the very latest Tomcat 9 releases, somewhat surprisingly.
https://launchpad.net/~troels-w/+archive/ubuntu/tomcat-slipstream
OK, I've created a Tomcat 9 package set which has a fix for the CVE.
I didn't base it on the very latest Tomcat 9, because Java 17 has become a requirement for the very latest Tomcat 9 releases, somewhat surprisingly.
https:/ /launchpad. net/~troels- w/+archive/ ubuntu/ tomcat- slipstream