-
Component Upgrade
-
Resolution: Done
-
Blocker
-
None
-
None
Upgrade Undertow to 2.3.0.Final, containing both Servlet 6 and WebSockets 2.1 final
Upgrade Undertow from 2.3.0.Beta1 to 2.3.0.Final
Diff: https://github.com/undertow-io/undertow/compare/2.3.0.Beta1...2.3.0.Final
Release: https://issues.redhat.com/projects/UNDERTOW/versions/12384184
Full list of Jiras: https://issues.redhat.com/browse/UNDERTOW-2095?jql=project%20%3D%20Undertow%20AND%20fixVersion%20~%202.3.0.Final
(includes Jiras that were added in Beta and Alpha)
Solves CVE-2022-2764, and previous 2.3.0 Beta and Alpha upgrades also included CVE-2022-1259 and CVE-2022-1319
- clones
-
WFLY-16230 Upgrade Undertow to 2.3.0.Alpha1
- Closed
- incorporates
-
UNDERTOW-2058 Session.getRequestURI() must return full URI not just request path
- Closed
-
UNDERTOW-2084 Adjust ServletResponse.setCharacterEncoding() behavior after spec clarification
- Closed
-
UNDERTOW-2085 Implement fallback locale to charset mapping if such mapping wasn't specified in DD
- Closed
-
UNDERTOW-2086 ASYNC and REQUEST dispatch types must return redirected path -> servlet mapping
- Closed
-
UNDERTOW-2087 All ServletContext modification methods must throw UnsupportedOperationException
- Closed
-
UNDERTOW-2088 All SessionCookieConfig modification methods must throw IllegalStateException
- Closed
-
UNDERTOW-2089 RFC 6265 treats the attributes of an RFC 2109 cookie as a separate cookies
- Closed
-
UNDERTOW-1593 Track processing time of in flight requests
- Closed
-
UNDERTOW-2051 Upgrade WebSocket API to 2.1.0
- Closed
-
UNDERTOW-2053 Upgrade Servlet to 6.0
- Closed
-
UNDERTOW-2079 CPU spinning in AbstractFramedStreamSinkChannel
- Closed
-
UNDERTOW-1902 Undertow allows session creation and session ID change after response is committed.
- Closed
-
UNDERTOW-1997 SecurityPathMatches fails to match default path ('/')
- Closed
-
UNDERTOW-2048 CVE-2022-2764 UndertowInputStream.close() blocks waiting to read= -1
- Closed
-
UNDERTOW-2069 Filter.destroy can deadlock with running filter on shutdown
- Closed
-
UNDERTOW-2082 HTTP/2 doesn't reassemble cookie headers violating rfc7540 8.1.2.5
- Closed
-
UNDERTOW-2142 ChunkedStreamSinkConduit write with a buffer array writes too few buffers
- Closed
-
UNDERTOW-2147 race condition between session invalidate and changeSessionId leads to UT000010
- Closed
-
UNDERTOW-1934 onClose not called when network drops
- Closed
-
UNDERTOW-2034 Http2StreamSinkChannel.awaitWritable could throw "Out of control window" IOException before awaitWritable timeout has fully ellapsed
- Closed
-
UNDERTOW-2035 Http2StreamSinkChannel overrides awaitWritable() but does not override awaitWritable(long, TimeUnit)
- Closed
-
UNDERTOW-2036 AbstractFramedChannel.awaitWritable does not guard against spurious wakes
- Closed
-
UNDERTOW-2066 AbstractFramedChannel.freeNotifier checks for receivesSuspendedByUser instead of receivesSuspendedTooManyBuffers
- Closed
-
UNDERTOW-2068 AbstractFramedStreamSourceChannel read listener prevents read from running again
- Closed
-
UNDERTOW-2080 Use currentTimeMillis instead of nanoTime to measure times in awaitWritable
- Closed
-
UNDERTOW-2093 Fix spotbugs reported errors
- Closed
-
UNDERTOW-2094 Bad relative redirect is generated if app is mapped to trailing slash context
- Closed
-
UNDERTOW-2102 ServletPrintWriterDelegate throws exception using OpenJDK 19 EA
- Closed
-
UNDERTOW-2111 rewrite() handler doesn't guard against missing leading slash
- Closed
-
UNDERTOW-2116 ServletOutputStreamImpl incorrectly sets Content-Length to 0
- Closed
-
UNDERTOW-2135 Properly handle HTTP Continue with HTTP2 upgrade
- Closed
-
UNDERTOW-2140 SSLSessionInfo.calculateKeySize(String cipherSuite) doesn't account for all cipher suits
- Closed
-
UNDERTOW-2141 NPE in ServletContextImpl after session timed out
- Closed
-
UNDERTOW-2162 Query parameters should not be canonicalized in servlet path when get request dispatcher
- Closed
-
UNDERTOW-2163 Predicate Language cannot set attribute to empty string
- Closed
-
UNDERTOW-2166 When both IDLE_TIMEOUT and READ_TIMEOUT are configured the minimum of both should be used
- Closed
-
UNDERTOW-1357 Difference between RequestProtocolAttribute and TransportProtocolAttribute
- Closed
-
UNDERTOW-2061 IP address filter with netmask not working as expected
- Closed
-
UNDERTOW-2083 bad read timeout message
- Closed
-
UNDERTOW-2159 InMemorySessionManager#getSession - null check inconsistency
- Closed
-
UNDERTOW-2049 Move Undertow to JDK11
- Closed
-
UNDERTOW-2050 Move Undertow to Jakarta Specs by Default
- Closed
-
UNDERTOW-2117 Fix issues found by SonarQube
- Closed
-
UNDERTOW-1771 APIs deprecated in JDK 9+ are in use
- Closed
-
UNDERTOW-1971 Change in handling of concurrent session creation with id reuse
- Closed
-
UNDERTOW-2067 AbstractFramedChannel should hold from resuming reads immediately after max buffer queue is hit
- Closed
-
UNDERTOW-2138 Remove JDK8 support from ALPN providers
- Closed
-
UNDERTOW-2145 UndertowOutputStream and ServletOutputStreamImpl awaitWritable unnecessarily
- Closed
-
UNDERTOW-2131 ContentEncodingRepository.getContentEncodings allocates many ArrayList iterators in hot path
- Closed
- is blocked by
-
WFLY-16987 Make Undertow dependencies be driven by WildFly Core
- Closed
-
WFLY-16234 Upgrade Jakarta Servlet API to 6.0
- Closed
-
WFLY-16235 Upgrade Jakarta WebSockets to 2.1
- Closed
- is cloned by
-
WFLY-17017 Upgrade Undertow to 2.3.0.Beta1
- Closed
- relates to
-
WFLY-15698 Jakarta Servlet 6.0 in WildFly Preview
- Closed
-
WFLY-15700 Jakarta WebSocket 2.1 in WildFly Preview
- Closed
-
WFCORE-6056 Upgrade Undertow to 2.3.0.Beta1
- Closed