diff --git a/bitnami/tomcat/8.5/debian-11/Dockerfile b/bitnami/tomcat/8.5/debian-11/Dockerfile
index f1058bcaf5ef..d6ab0cf2ca7a 100644
--- a/bitnami/tomcat/8.5/debian-11/Dockerfile
+++ b/bitnami/tomcat/8.5/debian-11/Dockerfile
@@ -4,10 +4,10 @@ ARG JAVA_EXTRA_SECURITY_DIR="/bitnami/java/extra-security"
 ARG TARGETARCH
 
 LABEL org.opencontainers.image.base.name="docker.io/bitnami/minideb:bullseye" \
-      org.opencontainers.image.created="2023-02-26T22:44:43Z" \
+      org.opencontainers.image.created="2023-03-02T01:27:34Z" \
       org.opencontainers.image.description="Application packaged by VMware, Inc" \
       org.opencontainers.image.licenses="Apache-2.0" \
-      org.opencontainers.image.ref.name="8.5.85-debian-11-r15" \
+      org.opencontainers.image.ref.name="8.5.85-debian-11-r16" \
       org.opencontainers.image.title="tomcat" \
       org.opencontainers.image.vendor="VMware, Inc." \
       org.opencontainers.image.version="8.5.85"
diff --git a/bitnami/tomcat/8.5/debian-11/rootfs/opt/bitnami/scripts/java/postunpack.sh b/bitnami/tomcat/8.5/debian-11/rootfs/opt/bitnami/scripts/java/postunpack.sh
index f74cbaa0ade9..131803abaeea 100755
--- a/bitnami/tomcat/8.5/debian-11/rootfs/opt/bitnami/scripts/java/postunpack.sh
+++ b/bitnami/tomcat/8.5/debian-11/rootfs/opt/bitnami/scripts/java/postunpack.sh
@@ -18,7 +18,7 @@ set -o pipefail
 # Override default files in the Java security directory. This is used for
 # custom base images (with custom CA certificates or block lists is used)
 
-if ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then
+if [[ -n "${JAVA_EXTRA_SECURITY_DIR:-}" ]] && ! is_dir_empty "$JAVA_EXTRA_SECURITY_DIR"; then
     info "Adding custom CAs to the Java security folder"
     cp -Lr "$JAVA_EXTRA_SECURITY_DIR" /opt/bitnami/java/lib/security
 fi