It is possible for instances of ServletInputStream to be used in handling one request after Tomcat has recycled (i.e. reused) the stream for a different request.

Symptoms include, but are not limited to:

• Incorrect user agent reported in access logs. For example where an user agent "git/2.16.55" is reported where it should be "git/2.16.5"
• Incorrect client IP address reported in access logs. This will typically, like the user agent, involved the final character being repeated.
• Users interacting with the user interface experience failures with error "You've switched users"