Falko M. created WFCORE-2126: -------------------------------- Summary: Upgrade to Undertow 1.4.3+ in WFCORE 2.2.1 to resolve CVE-2016-4993 Key: WFCORE-2126 URL: https://issues.jboss.org/browse/WFCORE-2126 Project: WildFly Core Issue Type: Component Upgrade Affects Versions: 2.2.1.CR1 Reporter: Falko M. WFCORE-1688 upgraded Undertow to 1.4.0.Final which contains a rather serious sercurity vulnerability which was fixed in Undertow 1.4.3.Final (see UNDERTOW-827). WildFly Swarm already builds on top of WFCORE 2.2.1.CR1 and will probably switch to 2.2.1.Final once it is released, so from my perspective it would be very sensible to upgrade to a corrected version of Undertow in the next CR (or Final) of WFCORE 2.2.1. PS: WFCORE seems to build just fine (including tests) when upgrading the Undertow version to 1.4.7.Final in pom.xml. -- This message was sent by Atlassian JIRA (v7.2.3#72005)