Loading...

XML

Word

Printable

Type: Component Upgrade
Resolution: Done
Priority: Major
Fix Version/s: 8.0.0.GA-CR2, 8.0.0.GA
Affects Version/s: None
Component/s: Test Suite
Labels:
- core

Blocked:
False
Blocked Reason:
None
Ready:
False
CDW pm_ack:
CDW release:
Target Release:

8.0.0.GA
Git Pull Request:
https://github.com/jbossas/wildfly-core-eap/pull/1332
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

In WildFly Core we use `io.netty` as a purely test suite dependency, it is not released with the project itself. That means the WildFly Core component is not affected by this CVE at all. The main upgrading motivation is just to help security scanners avoid flagging the project with this CVE.

https://github.com/netty/netty/releases/tag/netty-4.1.100.Final

Fixes https://access.redhat.com/security/cve/CVE-2023-44487

clones

WFCORE-6557 CVE-2023-44487 Upgrade Netty to 4.1.100.Final

Resolved

is incorporated by

JBEAP-25882 (8.0.0) Upgrade WildFly Core from 21.0.3.Final-redhat-00001 to 21.0.4.Final-redhat-00001

Closed

Assignee:: Yeray Borges Santana

Reporter:: Yeray Borges Santana

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2023/10/12 1:28 PM

Updated:: 2024/02/21 1:14 PM

Resolved:: 2023/10/13 10:53 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates