[
https://issues.jboss.org/browse/WFCORE-2126?page=com.atlassian.jira.plugi...
]
Brian Stansberry reassigned WFCORE-2126:
----------------------------------------
Fix Version/s: 2.2.1.CR2
Assignee: Frank Langelage
Resolution: Done
Thanks, Frank!
Upgrade to Undertow 1.4.3+ in WFCORE 2.2.1 to resolve CVE-2016-4993
-------------------------------------------------------------------
Key: WFCORE-2126
URL:
https://issues.jboss.org/browse/WFCORE-2126
Project: WildFly Core
Issue Type: Component Upgrade
Affects Versions: 2.2.1.CR1
Reporter: Falko Modler
Assignee: Frank Langelage
Fix For: 2.2.1.CR2
WFCORE-1688 upgraded Undertow to 1.4.0.Final which contains a rather serious sercurity
vulnerability which was fixed in Undertow 1.4.3.Final (see UNDERTOW-827).
WildFly Swarm already builds on top of WFCORE 2.2.1.CR1 and will probably switch to
2.2.1.Final once it is released, so from my perspective it would be very sensible to
upgrade to a corrected version of Undertow in the next CR (or Final) of WFCORE 2.2.1.
PS: WFCORE seems to build just fine (including tests) when upgrading the Undertow version
to 1.4.7.Final in pom.xml.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)