The fix for this bug is in JAVA Buildpack version 4.5.1 and later. Pivotal Recommends upgrading to the latest Buildpack. The fix handles the case where the http client library is creating new security contexts for each request.
If you are experiencing this issue and are unable to upgrade to the latest Buildpack then here is an available workaround to this problem. One option would be to modify your app to use the Spring HTTP Client library. Or if you null out the $CF_INSTANCE_CERT and $CF_INSTANCE_KEY the java app will not spin up new file watcher threads for the diego issued client cert and key.
This workaround will only help if the app does not require Mutual TLS authentication as this change will break mutual TLS. The reason is diego will regenerate new a new client cert and key for the app instances every day and without filewatcher reloading the cert and key the java app will be using an expired certificate.
- Using cf cli create two environmental variables for the given app