According to the knowledge article
CVE-2022-22963 & CVE-2022-22965
This is not clear if we have to use Tomcat(9.0.62) for JS 7.1 environment as well. The JS 7.1 uses java 8, so we are not sure if this required.
Release : 16.0.1
Component : PPMJSP
This vulnerability is not present in JDK 8.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22965
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
So, no changes are needed for JS 7.1.