Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Critical
Fix Version/s: 2.2.30.SP1, 2.3.13.Final, 2.3.11.SP1, 2.2.32.Final, 2.0.41.SP3, 1.4.18.SP13
Affects Version/s: None
Component/s: None
Labels:
None

Git Pull Request:
https://github.com/undertow-io/undertow/pull/1583, https://github.com/undertow-io/undertow/pull/1581, https://gitlab.cee.redhat.com/undertow-io/undertow/-/commit/dcb2933a87447aaf2d8151fa08653e1b333cce26, https://gitlab.cee.redhat.com/undertow-io/undertow/-/commit/6ab54a4e07dd93b2e7bbf58d81de3ad50d09742d, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/82, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/76, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/102, https://gitlab.cee.redhat.com/undertow-io/undertow/-/merge_requests/103

FormAuthenticationMechanism creates SessionImpl objects for every attempt to login, even unsuccessful ones. Those sessions have strings with the location attached and are not being cleaned up properly.

causes

UNDERTOW-2378 Adjust properly session timeout also in case when custom auth mechanisms are used

Resolved

JBEAP-27330 [GSS](8.0.z) UNDERTOW-2409 - Adjust properly session timeout also in case when GET requests with custom auth mechanisms are used

Resolved

UNDERTOW-2409 Adjust properly session timeout also in case when GET requests with custom auth mechanisms are used

Resolved

JBEAP-27369 [GSS](8.0.z) UNDERTOW-2418 - Adjust properly session timeout also in case when FORM is combined with other mechanisms

Resolved

JBEAP-26990 [GSS](7.4.z) UNDERTOW-2409 / UNDERTOW-2378 - Adjust properly session timeout also in case when custom auth mechanisms are used

Closed

UNDERTOW-2418 Adjust properly session timeout also in case when FORM is combined with other mechanisms

Closed

JBEAP-26991 [GSS](8.0.z) UNDERTOW-2378 - Adjust properly session timeout also in case when custom auth mechanisms are used

Closed

JBEAP-27368 [GSS](7.4.z) UNDERTOW-2418 - Adjust properly session timeout also in case when FORM is combined with other mechanisms

Ready for QA

is incorporated by

WFCORE-6794 CVE-2023-1973 Upgrade Undertow to 2.3.13.Final

Resolved

(3 causes, 1 is incorporated by)

Assignee:: Richard Opalka

Reporter:: Flavia Rainone

Involved:: Bartosz Baranowski, Carlo de Wolf, Chao Wang, Chess Hazlett, Flavia Rainone, Jason Lee, Lin Gao, Masafumi Miura, Richard Opalka, Stefano Maestri, Stuart Douglas (Inactive), Tom Jenkinson

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Created:: 2023/04/21 8:24 PM

Updated:: 2024/09/23 2:17 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates