[jboss-jira] [JBoss JIRA] (WFCORE-2126) Upgrade to Undertow 1.4.3+ in WFCORE 2.2.1 to resolve CVE-2016-4993
Brian Stansberry (JIRA)
issues at jboss.org
Fri Mar 3 17:38:00 EST 2017
[ https://issues.jboss.org/browse/WFCORE-2126?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry reassigned WFCORE-2126:
----------------------------------------
Fix Version/s: 2.2.1.CR2
Assignee: Frank Langelage
Resolution: Done
Thanks, Frank!
> Upgrade to Undertow 1.4.3+ in WFCORE 2.2.1 to resolve CVE-2016-4993
> -------------------------------------------------------------------
>
> Key: WFCORE-2126
> URL: https://issues.jboss.org/browse/WFCORE-2126
> Project: WildFly Core
> Issue Type: Component Upgrade
> Affects Versions: 2.2.1.CR1
> Reporter: Falko Modler
> Assignee: Frank Langelage
> Fix For: 2.2.1.CR2
>
>
> WFCORE-1688 upgraded Undertow to 1.4.0.Final which contains a rather serious sercurity vulnerability which was fixed in Undertow 1.4.3.Final (see UNDERTOW-827).
> WildFly Swarm already builds on top of WFCORE 2.2.1.CR1 and will probably switch to 2.2.1.Final once it is released, so from my perspective it would be very sensible to upgrade to a corrected version of Undertow in the next CR (or Final) of WFCORE 2.2.1.
> PS: WFCORE seems to build just fine (including tests) when upgrading the Undertow version to 1.4.7.Final in pom.xml.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list