Why is Ubuntu 22.04 missing newer Tomcat packages?

Question

I'm looking for information about finding, fixing, or understanding why Ubuntu 22.04 is missing "newer" Apache Tomcat 9 packages. Specifically, 22.04 only includes up to Tomcat 9.0.58. This is the same whether I use the default free packages or attach an Ubuntu Pro subscription. Tomcat is listed as included in the ESM offerings with Pro, yet no packages >9.0.58 are available. 9.0.58 is over two years old and lacks fixes for many CVEs (including CVE-2023-44487, the significant problem in HTTP/2).

Am I missing something? Have I been unable to to find documentation regarding official support policies for Tomcat or other Apache software? Is my understanding of Ubuntu's 5-year LTS policy or Pro subscription flawed? I know major versions get locked, but bugfixes and point releases should be covered. I'd like to avoid needing to hand-maintain Tomcat using ZIP files and downloads, hence why I use Ubuntu (and Pro).

Does this answer your question? Why don't the Ubuntu repositories have the latest versions of software? — user535733, Mar 31 '24 at 20:51
Apache2 packages are in Main: They are maintained by Canonical engineers. Tomcat packages are in Universe: Their maintenance has always been a Community responsibility (you and me). The community not doing their part is why Pro's support for some Universe packages exists. — user535733, Mar 31 '24 at 21:01

Why is Ubuntu 22.04 missing newer Tomcat packages?

0 Answers0