Loading...

XML

Word

Printable

Type: Bug
Resolution: Done
Priority: Trivial
Fix Version/s: 2.3.0.Final, 2.3.0.Beta1, 2.2.20.Final
Affects Version/s: None
Component/s: None
Labels:
- core

Git Pull Request:
https://github.com/undertow-io/undertow/pull/1373, https://github.com/undertow-io/undertow/pull/1376

https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/session/InMemorySessionManager.java#L235 check serverExchange != null, but at https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/session/InMemorySessionManager.java#L233 its being used as argument. Interface does not specify if null is allowed and in fact in impl, ie https://github.com/undertow-io/undertow/blob/master/core/src/main/java/io/undertow/server/session/SessionCookieConfig.java#L83

is incorporated by

WFCORE-6057 Upgrade Undertow to 2.3.0.Final (CVE-2022-2764)

Closed

WFLY-17017 Upgrade Undertow to 2.3.0.Beta1

Closed

WFCORE-6056 Upgrade Undertow to 2.3.0.Beta1

Closed

WFLY-17107 Upgrade Undertow legacy to 2.2.20.Final

Closed

mentioned on

Merge request - [RHSSO-2350] ElytronSessionTokenStore#logoutHttpSessions() does not work as expected due to...

Assignee:: Bartosz Baranowski

Reporter:: Bartosz Baranowski

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/09/07 8:04 AM

Updated:: 2023/02/14 9:43 AM

Resolved:: 2022/09/16 6:09 AM