--- java/org/apache/catalina/authenticator/FormAuthenticator.java.orig	2017-06-09 13:00:33.854323751 -0400
+++ java/org/apache/catalina/authenticator/FormAuthenticator.java	2017-06-09 13:00:33.861323775 -0400
@@ -406,9 +406,9 @@
         RequestDispatcher disp =
             context.getServletContext().getRequestDispatcher(loginPage);
         try {
-            if (context.fireRequestInitEvent(request)) {
+            if (context.fireRequestInitEvent(request.getRequest())) {
                 disp.forward(request.getRequest(), response);
-                context.fireRequestDestroyEvent(request);
+                context.fireRequestDestroyEvent(request.getRequest());
             }
         } catch (Throwable t) {
             ExceptionUtils.handleThrowable(t);
@@ -450,12 +450,11 @@
         }
 
         RequestDispatcher disp =
-            context.getServletContext().getRequestDispatcher
-            (config.getErrorPage());
+                context.getServletContext().getRequestDispatcher(config.getErrorPage());
         try {
-            if (context.fireRequestInitEvent(request)) {
+            if (context.fireRequestInitEvent(request.getRequest())) {
                 disp.forward(request.getRequest(), response);
-                context.fireRequestDestroyEvent(request);
+                context.fireRequestDestroyEvent(request.getRequest());
             }
         } catch (Throwable t) {
             ExceptionUtils.handleThrowable(t);
--- java/org/apache/catalina/core/AsyncContextImpl.java.orig	2017-06-09 13:00:33.855323755 -0400
+++ java/org/apache/catalina/core/AsyncContextImpl.java	2017-06-09 13:02:46.108767706 -0400
@@ -157,6 +157,7 @@
                 }
             }
         } finally {
+            context.fireRequestDestroyEvent(request.getRequest());
             clearServletRequestResponse();
             if (Globals.IS_SECURITY_ENABLED) {
                 PrivilegedAction<Void> pa = new PrivilegedSetTccl(oldCL);
--- java/org/apache/catalina/core/StandardHostValve.java.orig	2017-06-09 13:00:33.856323758 -0400
+++ java/org/apache/catalina/core/StandardHostValve.java	2017-06-09 13:05:06.702248405 -0400
@@ -66,7 +66,7 @@
 
     static {
         STRICT_SERVLET_COMPLIANCE = Globals.STRICT_SERVLET_COMPLIANCE;
-        
+
         String accessSession = System.getProperty(
                 "org.apache.catalina.core.StandardHostValve.ACCESS_SESSION");
         if (accessSession == null) {
@@ -146,7 +146,7 @@
             if (Globals.IS_SECURITY_ENABLED) {
                 PrivilegedAction<Void> pa = new PrivilegedSetTccl(
                         context.getLoader().getClassLoader());
-                AccessController.doPrivileged(pa);                
+                AccessController.doPrivileged(pa);
             } else {
                 Thread.currentThread().setContextClassLoader
                         (context.getLoader().getClassLoader());
@@ -156,9 +156,9 @@
             request.setAsyncSupported(context.getPipeline().isAsyncSupported());
         }
 
-        boolean asyncAtStart = request.isAsync(); 
+        boolean asyncAtStart = request.isAsync();
         boolean asyncDispatching = request.isAsyncDispatching();
-        if (asyncAtStart || context.fireRequestInitEvent(request)) {
+        if (asyncAtStart || context.fireRequestInitEvent(request.getRequest())) {
 
             // Ask this Context to process this request. Requests that are in
             // async mode and are not being dispatched to this resource must be
@@ -197,7 +197,7 @@
             if (!context.getState().isAvailable()) {
                 return;
             }
-    
+
             // Look for (and render if found) an application level error page
             if (response.isErrorReportRequired()) {
                 if (t != null) {
@@ -208,7 +208,7 @@
             }
 
             if (!request.isAsync() && (!asyncAtStart || !response.isErrorReportRequired())) {
-                context.fireRequestDestroyEvent(request);
+                context.fireRequestDestroyEvent(request.getRequest());
             }
         }
 
@@ -222,7 +222,7 @@
         if (Globals.IS_SECURITY_ENABLED) {
             PrivilegedAction<Void> pa = new PrivilegedSetTccl(
                     StandardHostValve.class.getClassLoader());
-            AccessController.doPrivileged(pa);                
+            AccessController.doPrivileged(pa);
         } else {
             Thread.currentThread().setContextClassLoader
                     (StandardHostValve.class.getClassLoader());
@@ -258,7 +258,7 @@
         // Ask this Context to process this request
         context.getPipeline().getFirst().event(request, response, event);
 
-        
+
         // Error page processing
         response.setSuspended(false);
 
@@ -469,7 +469,7 @@
 
             if (response.isCommitted()) {
                 // Response is committed - including the error page is the
-                // best we can do 
+                // best we can do
                 rd.include(request.getRequest(), response.getResponse());
             } else {
                 // Reset the response (keeping the real error code and message)
--- webapps/docs/changelog.xml.orig	2017-06-09 13:00:33.858323765 -0400
+++ webapps/docs/changelog.xml	2017-06-09 13:02:03.530622703 -0400
@@ -57,6 +57,16 @@
   They eventually become mixed with the numbered issues. (I.e., numbered
   issues do not "pop up" wrt. others).
 -->
+<section name="Tomcat 7.0.69-12 (csutherl)">
+  <subsection name="Coyote">
+    <changelog>
+      <fix>
+        Ensure request and response facades are used when firing application
+        listeners. (markt/remm)
+      </fix>
+    </changelog>
+  </subsection>
+</section>
 <section name="Tomcat 7.0.69-11 (csutherl)">
   <subsection name="Coyote">
     <changelog>