A tomcat8 regression update has been released for Debian GNU/Linux 9 Extended LTS to address a regression introduced by the previous update.
ELA-985-2 tomcat8 regression update
Package : tomcat8
Version : 8.5.54-0+deb9u13 (stretch)
A regression was discovered in the Http2UpgradeHandler class of Tomcat 8
introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong
value for the overheadcount variable forced HTTP2 connections to close early.