Loading...

XML

Word

Printable

Type: Component Upgrade
Resolution: Done
Priority: Major
Fix Version/s: 18.1.0.Beta1, 18.1.0.Final, 19.0.0.Beta5, 19.0.0.Final
Affects Version/s: None
Component/s: None
Labels:
- downstream_dependency

Upgrade Undertow from 2.2.14.Final to 2.2.16.Final

Fixes CVE-2021-3859

Upgrade Undertow to 2.2.16.Final: https://github.com/undertow-io/undertow/tree/2.2.16.Final
Diff: https://github.com/undertow-io/undertow/compare/2.2.14.Final...2.2.16.Final

Full list of Jiras: https://issues.redhat.com/projects/UNDERTOW/versions/12378538 + https://issues.redhat.com/projects/UNDERTOW/versions/12381819

incorporates

UNDERTOW-1979 CVE-2021-3859 Continuation frames are not read correctly

Resolved

UNDERTOW-1994 Method declareRoles not implemented in ServletContextImpl

Resolved

UNDERTOW-2002 StackOverflowError upon AJP read timeout

Resolved

UNDERTOW-2007 Digest mechanism needs sticky sessions

Resolved

UNDERTOW-2011 NPE from PathResource.getName() for drive root

Resolved

UNDERTOW-2012 Undertow does't create temporary directory use to save upload files when it does not exist

Resolved

UNDERTOW-2015 URLUtils QueryStringParser#parse() should not add a query parameter to HttpServerExchange when parameter name and value are empty

Resolved

UNDERTOW-2017 Nullpointer in HttpRequestConduit

Resolved

UNDERTOW-2018 FixedLengthStreamSourceConduit NPE after a failure parsing request

Resolved

UNDERTOW-2019 Content-Length response header for HEAD requests wrong when using BlockingHandler

Resolved

UNDERTOW-2026 Do not create a session on DigestAuthenticationMechanism.sendChallenge (reverts UNDERTOW-2007)

Resolved

is cloned by

JBEAP-23045 (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001

Closed

(6 incorporates, 1 is cloned by)

Assignee:: Flavia Rainone

Reporter:: Flavia Rainone

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2022/02/06 11:05 AM

Updated:: 2023/12/10 2:44 AM

Resolved:: 2022/02/10 9:20 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates