[jboss-jira] [JBoss JIRA] (WFCORE-2126) Upgrade to Undertow 1.4.3+ in WFCORE 2.2.1 to resolve CVE-2016-4993
Falko M. (JIRA)
issues at jboss.org
Sat Dec 17 11:58:00 EST 2016
Falko M. created WFCORE-2126:
--------------------------------
Summary: Upgrade to Undertow 1.4.3+ in WFCORE 2.2.1 to resolve CVE-2016-4993
Key: WFCORE-2126
URL: https://issues.jboss.org/browse/WFCORE-2126
Project: WildFly Core
Issue Type: Component Upgrade
Affects Versions: 2.2.1.CR1
Reporter: Falko M.
WFCORE-1688 upgraded Undertow to 1.4.0.Final which contains a rather serious sercurity vulnerability which was fixed in Undertow 1.4.3.Final (see UNDERTOW-827).
WildFly Swarm already builds on top of WFCORE 2.2.1.CR1 and will probably switch to 2.2.1.Final once it is released, so from my perspective it would be very sensible to upgrade to a corrected version of Undertow in the next CR (or Final) of WFCORE 2.2.1.
PS: WFCORE seems to build just fine (including tests) when upgrading the Undertow version to 1.4.7.Final in pom.xml.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list