Loading...

XML

Word

Printable

Type: Component Upgrade
Resolution: Done
Priority: Blocker
Fix Version/s: 19.0.0.Final
Affects Version/s: None
Component/s: None
Labels:
- EE10

Git Pull Request:
https://github.com/wildfly/wildfly-core/pull/5241

Upgrade Undertow to 2.3.0.Final, containing both Servlet 6 and WebSockets 2.1 final

Upgrade Undertow from 2.3.0.Beta1 to 2.3.0.Final
Diff: https://github.com/undertow-io/undertow/compare/2.3.0.Beta1...2.3.0.Final

Release: https://issues.redhat.com/projects/UNDERTOW/versions/12384184

Full list of Jiras: https://issues.redhat.com/browse/UNDERTOW-2095?jql=project%20%3D%20Undertow%20AND%20fixVersion%20~%202.3.0.Final
(includes Jiras that were added in Beta and Alpha)

Solves CVE-2022-2764, and previous 2.3.0 Beta and Alpha upgrades also included CVE-2022-1259 and CVE-2022-1319

clones

WFLY-16230 Upgrade Undertow to 2.3.0.Alpha1

Closed

incorporates

UNDERTOW-2058 Session.getRequestURI() must return full URI not just request path

Closed

UNDERTOW-2084 Adjust ServletResponse.setCharacterEncoding() behavior after spec clarification

Closed

UNDERTOW-2085 Implement fallback locale to charset mapping if such mapping wasn't specified in DD

Closed

UNDERTOW-2086 ASYNC and REQUEST dispatch types must return redirected path -> servlet mapping

Closed

UNDERTOW-2087 All ServletContext modification methods must throw UnsupportedOperationException

Closed

UNDERTOW-2088 All SessionCookieConfig modification methods must throw IllegalStateException

Closed

UNDERTOW-2089 RFC 6265 treats the attributes of an RFC 2109 cookie as a separate cookies

Closed

UNDERTOW-1593 Track processing time of in flight requests

Closed

UNDERTOW-2051 Upgrade WebSocket API to 2.1.0

Closed

UNDERTOW-2053 Upgrade Servlet to 6.0

Closed

UNDERTOW-2079 CPU spinning in AbstractFramedStreamSinkChannel

Closed

UNDERTOW-1902 Undertow allows session creation and session ID change after response is committed.

Closed

UNDERTOW-1997 SecurityPathMatches fails to match default path ('/')

Closed

UNDERTOW-2048 CVE-2022-2764 UndertowInputStream.close() blocks waiting to read= -1

Closed

UNDERTOW-2069 Filter.destroy can deadlock with running filter on shutdown

Closed

UNDERTOW-2082 HTTP/2 doesn't reassemble cookie headers violating rfc7540 8.1.2.5

Closed

UNDERTOW-2142 ChunkedStreamSinkConduit write with a buffer array writes too few buffers

Closed

UNDERTOW-2147 race condition between session invalidate and changeSessionId leads to UT000010

Closed

UNDERTOW-1934 onClose not called when network drops

Closed

UNDERTOW-2034 Http2StreamSinkChannel.awaitWritable could throw "Out of control window" IOException before awaitWritable timeout has fully ellapsed

Closed

UNDERTOW-2035 Http2StreamSinkChannel overrides awaitWritable() but does not override awaitWritable(long, TimeUnit)

Closed

UNDERTOW-2036 AbstractFramedChannel.awaitWritable does not guard against spurious wakes

Closed

UNDERTOW-2066 AbstractFramedChannel.freeNotifier checks for receivesSuspendedByUser instead of receivesSuspendedTooManyBuffers

Closed

UNDERTOW-2068 AbstractFramedStreamSourceChannel read listener prevents read from running again

Closed

UNDERTOW-2080 Use currentTimeMillis instead of nanoTime to measure times in awaitWritable

Closed

UNDERTOW-2093 Fix spotbugs reported errors

Closed

UNDERTOW-2094 Bad relative redirect is generated if app is mapped to trailing slash context

Closed

UNDERTOW-2102 ServletPrintWriterDelegate throws exception using OpenJDK 19 EA

Closed

UNDERTOW-2111 rewrite() handler doesn't guard against missing leading slash

Closed

UNDERTOW-2116 ServletOutputStreamImpl incorrectly sets Content-Length to 0

Closed

UNDERTOW-2135 Properly handle HTTP Continue with HTTP2 upgrade

Closed

UNDERTOW-2140 SSLSessionInfo.calculateKeySize(String cipherSuite) doesn't account for all cipher suits

Closed

UNDERTOW-2141 NPE in ServletContextImpl after session timed out

Closed

UNDERTOW-2162 Query parameters should not be canonicalized in servlet path when get request dispatcher

Closed

UNDERTOW-2163 Predicate Language cannot set attribute to empty string

Closed

UNDERTOW-2166 When both IDLE_TIMEOUT and READ_TIMEOUT are configured the minimum of both should be used

Closed

UNDERTOW-1357 Difference between RequestProtocolAttribute and TransportProtocolAttribute

Closed

UNDERTOW-2061 IP address filter with netmask not working as expected

Closed

UNDERTOW-2083 bad read timeout message

Closed

UNDERTOW-2159 InMemorySessionManager#getSession - null check inconsistency

Closed

UNDERTOW-2049 Move Undertow to JDK11

Closed

UNDERTOW-2050 Move Undertow to Jakarta Specs by Default

Closed

UNDERTOW-2117 Fix issues found by SonarQube

Closed

UNDERTOW-1771 APIs deprecated in JDK 9+ are in use

Closed

UNDERTOW-1971 Change in handling of concurrent session creation with id reuse

Closed

UNDERTOW-2067 AbstractFramedChannel should hold from resuming reads immediately after max buffer queue is hit

Closed

UNDERTOW-2138 Remove JDK8 support from ALPN providers

Closed

UNDERTOW-2145 UndertowOutputStream and ServletOutputStreamImpl awaitWritable unnecessarily

Closed

UNDERTOW-2131 ContentEncodingRepository.getContentEncodings allocates many ArrayList iterators in hot path

Closed

is blocked by

WFLY-16987 Make Undertow dependencies be driven by WildFly Core

Closed

WFLY-16234 Upgrade Jakarta Servlet API to 6.0

Closed

WFLY-16235 Upgrade Jakarta WebSockets to 2.1

Closed

is cloned by

WFLY-17017 Upgrade Undertow to 2.3.0.Beta1

Closed

relates to

WFLY-15698 Jakarta Servlet 6.0 in WildFly Preview

Closed

WFLY-15700 Jakarta WebSocket 2.1 in WildFly Preview

Closed

WFCORE-6056 Upgrade Undertow to 2.3.0.Beta1

Closed

(45 incorporates, 3 is blocked by, 1 is cloned by, 3 relates to)

Assignee:: Flavia Rainone

Reporter:: Flavia Rainone

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2022/04/01 12:24 PM

Updated:: 2023/12/10 2:45 AM

Resolved:: 2022/10/13 3:56 PM

Details

Description

Attachments

Issue Links

Activity

People

Dates