On 11/11/2025 03:32, Srivastav, Tushar wrote:
Hi Team,
I’d like to bring attention to a breaking change we’ve encountered in our
ThingWorx clustered deployment following a recent Tomcat upgrade.
Background:
- We run ThingWorx in cluster mode, with two containers listening on ports 9080
and 9081.
- Recently, we upgraded from Tomcat 11.0.10 to Tomcat 11.0.13 (the issue began
from 11.0.12).
- When making an update request via Postman, the change would correctly
reflect on container 9080, but the update would not sync to container 9081.
Root Cause:
- After investigation, we discovered the sync issue related to how Tomcat
processes HTTP request headers.
* We are using a header to propagate and synch the changes in our
application
- We were sending a custom header (e.g., `ABC_XYZ`) in uppercase. This
worked correctly in Tomcat 11.0.10.
- In Tomcat 11.0.12 and later, unless the custom header is sent in
lowercase (`abc_xyz`), the update does not properly propagate across the
cluster.
Tomcat Code Change:
- This behavior change maps directly to a Tomcat commit:
[https://github.com/apache/tomcat/commit/09e30aeb68edfd3ae79bfc5e8ba3211d884aeb4c#diff-
1115e493b03a0e9c02f350ca5835b67463e4a2b652c33c400027868c7e35d7c7](https://github.com/apache/tomcat/commit/09e30aeb68edfd3ae79bfc5e8ba3211d884aeb4c#diff-1115e493b03a0e9c02f350ca5835b67463e4a2b652c33c400027868c7e35d7c7)
This commit remove the conversion of header from uppercase to lower case
- Any custom header sent in uppercase (e.g., `ABC_XYZ`) will no longer be
recognized for operations in Tomcat 11.0.12+.
- This affects ThingWorx deployments specifically when custom headers are used
for critical operations, resulting in inconsistent state across clustered
containers.
Let me know if further technical details are needed.
Tomcat does not replicate HTTP fields across a cluster.
This appears to be application/ ThingWorx specific behaviour.
HTTP field names are case insensitive (RFC 9110, section 5.1, 2nd
paragraph).
This definition is unchanged from RFC 7230 and RFC 2616 (i.e. for more
than 25 years).
It appears that the application / ThingWorx has a bug in that it expects
headers to be lower case rather than treating them as case insensitive.
That is an application / ThingWorx bug, not a Tomcat bug.
There does not appear to be anything for the Tomcat team to do here.
For the record, the forcing to lower case was removed because Tomcat
treats field names as case insensitive throughout and the forcing to
lower case was unnecessary processing which had a (minor) performance
impact on every single request.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
