Summary
With Tomcat 9 (9.0.8 on barebone-1.1) - certain characters in an URI lead to an error; the same characters were accepted on our Tomcat-8 on barebone-1.0.
We should aim to allow the same characters as we did on Tomcat-8.

Error on Tomcat 9.0.8

java.lang.IllegalArgumentException: Invalid character found in the request target. The valid characters are defined in RFC 7230 and RFC 3986

(See gist for the complete stack trace)
This did not happen with the barebone-1.0.

Example

curl -g -G "<protocol>//<host>/<context>/.rest/delivery/pagesWithComponents/v1" --data-urlencode "title[like]=%Company%" -u superuser:superuser

Tomcat 9, the way we have configured it, fails on the chars [ ] but accepts |.
Tomcat 8 accepted both pipe and square brackets.

Further reading

• https://tomcat.apache.org/tomcat-9.0-doc/config/http.html (see section about _ relaxedQueryChars_)
• https://stackoverflow.com/questions/41053653/tomcat-8-is-not-able-to-handle-get-request-with-in-query-parameters
• https://stackoverflow.com/questions/11490326/is-array-syntax-using-square-brackets-in-url-query-strings-valid

Possible solution

Set relaxedQueryChars property on Connector.
Example:

<Connector port="8080" protocol="HTTP/1.1" connectionTimeout="20000"
relaxedQueryChars="[]|{}^&#x5c;&#x60;&quot;&lt;&gt;"
redirectPort="8443" />

 See

• https://tomcat.apache.org/tomcat-9.0-doc/config/http.html
• https://stackoverflow.com/questions/50361171/how-to-allow-character-in-urls-for-tomcat-8-5