Keycloak w/ Tomcat >= 9.0.30 responds with 403


my customer has an application running on Tomcat with Keycloak Tomcat adapter. Keycloak is on 8.0.2 and Tomcat is on 9.0.29 (Dockerized environment).

When trying to update Tomcat to 9.0.30 (or .31), all authenticated requests fail with 403. This is not happening with TC 9.0.29. There’s no other change than the Tomcat version. No config changes!
We found nothing useful in the changelog, yet.

Do you have any ideas what the cause can be for this behaviour? Any hint is appreciated!