as far as I know, those articles are still relevant. In general, newly found vulnerabilities are being patched with new releases. Some of the issues above were fixed in the latest version, for example SSLv3 was disabled and RC4 ciphers were removed from the cipher suites.
You are correct that you can easily restrict TLS to 1.2 in tomcat.conf. Lighttpd is, very tricky because the binary is part of VMware Studio bundle and it does not support newer protocols and it was not replaced yet. The risk associated with lighttpd can be mitigated by restricting access to the management console to secure internal network.