Loading...

XML

Word

Printable

Type: Component Upgrade
Resolution: Done
Priority: Blocker
Fix Version/s: 31.0.0.Final
Affects Version/s: None
Component/s: Undertow
Labels:
None

Upgrade Undertow from 2.3.20.Final to 2.3.21.Final
Diff: https://github.com/undertow-io/undertow/compare/2.3.20.Final...2.3.21.Final

Release: https://issues.redhat.com/projects/UNDERTOW/versions/12470370
Full list of Jiras: https://issues.redhat.com/issues/?jql=project%20=%2012312521%20AND%20fixVersion%20=%2012470370%20ORDER%20BY%20priority%20DESC,%20key%20ASC

Particularly to get ~~UNDERTOW-2656~~

incorporates

UNDERTOW-2580 Support SameSite and custom cookie attributes

Resolved

UNDERTOW-2421 ServletSessionConfig is missing support for arbitrary cookie attributes

Resolved

UNDERTOW-2534 ClassLoader of deployed websockets application leaks to XnioWorker

Resolved

UNDERTOW-2377 CVE-2024-3884 CVE-2024-4027 OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded

Resolved

UNDERTOW-2605 FixedLengthStreamSourceConduit does not clean up ReadTimeoutStreamSourceConduit after an exact Content-Length read

Resolved

UNDERTOW-2609 Previous fixes in the handling of decoded characters in query requests reflect in getQueryString of APIs

Resolved

UNDERTOW-2656 CVE-2025-12543 Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF

Resolved

UNDERTOW-2668 ServletRelativePathAttribute switch to %U from %R and return absolute path

Resolved

UNDERTOW-2674 Wrong codes sent on WebSocket connection close

Resolved

UNDERTOW-2675 Make Undertow compatible with RFC6265

Closed

UNDERTOW-1359 HTTP2 - java.lang.IllegalStateException: UT000091: Buffer has already been freed

Closed

UNDERTOW-1561 ServletContext.getResourcePaths() omits Resources that are not available directly on the file system

Closed

UNDERTOW-2165 READ_TIMEOUT is not taken into account in HTTP2 listener

Closed

UNDERTOW-2269 Encode Query string on forward/include and properly handle merging

Closed

UNDERTOW-2591 SSEHandler header Connection is set to close

Closed

UNDERTOW-2662 Quoted cookie versions cannot be parsed correctly

Closed

UNDERTOW-2638 Process all buffers in ChunkedStreamSinkConduit.write(ByteBuffer[], int, int)

Closed

UNDERTOW-2643 At ServletOutputStreamImpl.close remove the conversion of int to String

Closed

UNDERTOW-2644 Upgrade wildfly openssl to 2.2.5.Final

Closed

is triggering

WFLY-21345 Upgrade WildFly Preview Undertow EE to TBD

Open

(14 incorporates, 1 is triggering)

Assignee:: Flavia Rainone

Reporter:: Brian Stansberry

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2026/01/12 2:43 PM

Updated:: 2026/01/13 3:09 PM

Resolved:: 2026/01/13 3:09 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates