Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-18876

Observing CVE-2023-1108 with Wildfly 24 versions

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • 24.0.0.Final
    • Web (Undertow)
    • ---
    • ---

      Hi Team,
       
      Currently, we using the Wildfly-24 application server with the default undertow-core as 2.2.8.
      Due to the exploitation of CVE-2023-1108, we wanted to upgrade undertow to the patched version 2.3.5/2.3.10 which has the fix.
       
      Upgrading the overall Wildfly Application Server to a higher version [29/30] is time-consuming so that's not a solution for a quick workaround. 
       
      The ask would be : 

      1. Can undertow-core only be upgraded in the wildfly suite?
      2. Is 2.3.5/2.3.10 supported in Wildfly-24?
        Also, wanted to check if there is any plan to provide a new docker image with the fix for wildfly-24 versions

              bstansbe@redhat.com Brian Stansberry
              sivasaran558 Reddy SivaSaran (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: