Any Docker image that contains a base install of Wildfly 34.0.0.Final will have vulnerabilities reported against that image, with 3 in the very-high-to-critical range.  One of those is against one of the HornetQ jars.

For my purposes, I can discard that jar from my particular install, but it does seem a bit problematic that the released Wildfly archive comes with a jar for a library no longer maintained.

From what I can gather, it appears that the HornetQ dependencies are not needed for compilation.  Obviously, runtime may be a different matter (I don't understand enough about Wildfly internals to know off-hand). Best case is that the HornetQ dependencies are only used for testing and can be added to the "test" scope in Maven but like I said my understanding of Wildfly at this point is limited.