A regression was discovered in the Http2UpgradeHandler class of Tomcat 9
introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong
value for the overheadcount variable forced HTTP2 connections to close early.

https://security-tracker.debian.org/tracker/DSA-5522-3

Read More