If a V1 cookie contains a CTL character in a quoted value, no error is logged or raised. This differs from CTLs in unquoted values that result in an IllegalArgumentException and a 500 response. Example: Cookie: $Version=1; foo="b_BS_r" where _BS_ is a BS character (0x08) RFC2109 allows the value to be "quoted-string" which from RFC2616 may contain TEXT which must not contain CTLs.
The new RFC6265 cookie parser (that also includes a new RFC2109 parser) correctly handles these values. I don't propose fixing the old parser.