(based on http://marc.info/?l=tomcat-dev&m=124192105131636&w=2) In WebappClassLoader#findResourceInternal() there is a lot of code between opening the binaryStream and starting to use it. There is a lot of processing, e.g.: if (!openJARs()) { return null; } if (antiJARLocking). If something happens in those steps, it is possible to leak InputStream references. One case is fixed with rev.772872, but it would be better to add a global try/finally block.
Fixed in trunk and proposed for 6.0.x
This has been fixed in 6.0.x and will be included in 6.0.25 onwards.
This has also been fixed in 5.5.x and will be included in 5.5.29 onwards.