The refactoring to make wider use of ByteBuffer introduced a regression that could cause information to leak between requests on the same connection. When running behind a reverse proxy, this could result in information leakage between users. All HTTP connector variants are affected but HTTP/2 and AJP are not affected.
Fixed in https://svn.apache.org/viewvc?view=revision&revision=1774166
Affects: 8.5.7 to 8.5.9