According to Mitre four CVE were recently assigned for undertow. These are CVE-2017-7559, CVE-2017-12165, CVE-2018-1047 and CVE-2018-1048. Unfortunately detailed information about the vulnerabilities and how they were addressed are not available.

Please consider being more transparent about security vulnerabilities, e.g. by creating a dedicated web page which announces security vulnerabilities and documents how they were resolved. Adding CVE identifiers to commit messages at github.com would also be helpful to determine which commit addressed a certain CVE.