[jboss-jira] [JBoss JIRA] (WFCORE-2126) Upgrade to Undertow 1.4.3+ in WFCORE 2.2.1 to resolve CVE-2016-4993

Upgrade to Undertow 1.4.3+ in WFCORE 2.2.1 to resolve CVE-2016-4993 ------------------------------------------------------------------- Key: WFCORE-2126 URL: https://issues.jboss.org/browse/WFCORE-2126 Project: WildFly Core Issue Type: Component Upgrade Affects Versions: 2.2.1.CR1 Reporter: Falko Modler Assignee: Frank Langelage Fix For: 2.2.1.CR2 WFCORE-1688 upgraded Undertow to 1.4.0.Final which contains a rather serious sercurity vulnerability which was fixed in Undertow 1.4.3.Final (see UNDERTOW-827). WildFly Swarm already builds on top of WFCORE 2.2.1.CR1 and will probably switch to 2.2.1.Final once it is released, so from my perspective it would be very sensible to upgrade to a corrected version of Undertow in the next CR (or Final) of WFCORE 2.2.1. PS: WFCORE seems to build just fine (including tests) when upgrading the Undertow version to 1.4.7.Final in pom.xml.