-
Component Upgrade
-
Resolution: Done
-
Major
-
None
-
None
Upgrade Undertow from 2.2.14.Final to 2.2.16.Final
Fixes CVE-2021-3859
Upgrade Undertow to 2.2.16.Final: https://github.com/undertow-io/undertow/tree/2.2.16.Final
Diff: https://github.com/undertow-io/undertow/compare/2.2.14.Final...2.2.16.Final
Full list of Jiras: https://issues.redhat.com/projects/UNDERTOW/versions/12378538 + https://issues.redhat.com/projects/UNDERTOW/versions/12381819
- incorporates
-
UNDERTOW-1979 CVE-2021-3859 Continuation frames are not read correctly
- Resolved
-
UNDERTOW-1994 Method declareRoles not implemented in ServletContextImpl
- Resolved
-
UNDERTOW-2002 StackOverflowError upon AJP read timeout
- Resolved
-
UNDERTOW-2007 Digest mechanism needs sticky sessions
- Resolved
-
UNDERTOW-2011 NPE from PathResource.getName() for drive root
- Resolved
-
UNDERTOW-2012 Undertow does't create temporary directory use to save upload files when it does not exist
- Resolved
-
UNDERTOW-2015 URLUtils QueryStringParser#parse() should not add a query parameter to HttpServerExchange when parameter name and value are empty
- Resolved
-
UNDERTOW-2017 Nullpointer in HttpRequestConduit
- Resolved
-
UNDERTOW-2018 FixedLengthStreamSourceConduit NPE after a failure parsing request
- Resolved
-
UNDERTOW-2019 Content-Length response header for HEAD requests wrong when using BlockingHandler
- Resolved
-
UNDERTOW-2026 Do not create a session on DigestAuthenticationMechanism.sendChallenge (reverts UNDERTOW-2007)
- Resolved
- is cloned by
-
JBEAP-23045 (7.4.z) Upgrade Undertow from 2.2.13.SP2-redhat-00001 to 2.2.16.Final-redhat-0001
- Closed