This [1] resource says: x-P(XXX) for the URL encoded (using UTF-8) request parameter with name XXX But the code [2] does: > try { > return URLEncoder.encode(value, "UTF-8"); > } catch (UnsupportedEncodingException e) { > // Should never happen - all JVMs are required to support UTF-8 > return null; > } > } This is java.net.URLEncoder. We all know that this class is deceiving because it actually implements form encoding (Javadoc: Utility class for HTML form encoding. This class contains static methods for converting a String to the application/x-www-form-urlencoded MIME format.) and not URL/URI encoding which produces different results. Tomcat includes a decent URLEcoder class, maybe this one should rather be used, no? Note: I haven't verified with other Tomcat versions, but I guess they have the same problem. [1] https://tomcat.apache.org/tomcat-8.5-doc/config/valve.html#Extended_Access_Log_Valve/Attributes [2] https://github.com/apache/tomcat/blob/cf2015c1350a3f057182dd4c26c20f68df8b3400/java/org/apache/catalina/valves/ExtendedAccessLogValve.java#L412-L418
Fixed in: - 11.0.x for 11.0.0-M2 onwards - 10.1.x for 10.1.5 onwards - 9.0.x for 9.0.71 onwards - 8.5.x for 8.5.85 onwards