-
Bug
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
None
-
https://github.com/undertow-io/undertow/pull/1583, https://github.com/undertow-io/undertow/pull/1581, https://gitlab.cee.redhat.com/undertow-io/undertow/-/commit/dcb2933a87447aaf2d8151fa08653e1b333cce26, https://gitlab.cee.redhat.com/undertow-io/undertow/-/commit/6ab54a4e07dd93b2e7bbf58d81de3ad50d09742d, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/82, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/76, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/102, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/103
FormAuthenticationMechanism creates SessionImpl objects for every attempt to login, even unsuccessful ones. Those sessions have strings with the location attached and are not being cleaned up properly.
- causes
-
JBEAP-27368 [GSS](7.4.z) UNDERTOW-2418 - Adjust properly session timeout also in case when FORM is combined with other mechanisms
- Verified
-
JBEAP-27330 [GSS](8.0.z) UNDERTOW-2409 - Adjust properly session timeout also in case when GET requests with custom auth mechanisms are used
- Verified
-
JBEAP-27369 [GSS](8.0.z) UNDERTOW-2418 - Adjust properly session timeout also in case when FORM is combined with other mechanisms
- Verified
-
UNDERTOW-2378 Adjust properly session timeout also in case when custom auth mechanisms are used
- Resolved
-
UNDERTOW-2409 Adjust properly session timeout also in case when GET requests with custom auth mechanisms are used
- Resolved
-
JBEAP-26990 [GSS](7.4.z) UNDERTOW-2409 / UNDERTOW-2378 - Adjust properly session timeout also in case when custom auth mechanisms are used
- Closed
-
UNDERTOW-2418 Adjust properly session timeout also in case when FORM is combined with other mechanisms
- Closed
-
JBEAP-26991 [GSS](8.0.z) UNDERTOW-2378 - Adjust properly session timeout also in case when custom auth mechanisms are used
- Closed
- is incorporated by
-
WFCORE-6794 CVE-2023-1973 Upgrade Undertow to 2.3.13.Final
- Resolved