[WFCORE-6900] CVE-2024-3653 CVE-2024-5971 Upgrade Undertow to 2.3.15.… #6073

fl4via · 2024-07-16T16:26:23Z

…Final

    Release Notes - Undertow - Version 2.3.15.Final

Bug

[UNDERTOW-2033] - secure predicate unreliable with HTTP/2
[UNDERTOW-2046] - ProxyHandler passes hostname not IP in X-Forwarded-For
[UNDERTOW-2343] - Zero-Byte Response and Empty Response Code on Page Refresh with Wildfly 30 and Firefox
[UNDERTOW-2357] - HttpServer2 example does not handle jdk11?
[UNDERTOW-2382] - CVE-2024-3653 LearningPushHandler can lead to remote memory DoS attacks
[UNDERTOW-2397] - Handle Huffman encoding properly
[UNDERTOW-2413] - CVE-2024-5971 undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket
[UNDERTOW-2418] - Adjust properly session timeout also in case when FORM is combined with other mechanisms

[UNDERTOW-2193] - UndertowOptions class doesn't specify what many size settings represent

…Final Signed-off-by: Flavia Rainone <frainone@redhat.com>

bstansberry · 2024-07-16T22:11:54Z

[WFCORE-6900] CVE-2024-3653 CVE-2024-5971 Upgrade Undertow to 2.3.15.…

22ca236

…Final Signed-off-by: Flavia Rainone <frainone@redhat.com>

bstansberry approved these changes Jul 16, 2024

View reviewed changes

github-actions bot added the deps-ok Dependencies have been checked, and there are no significant changes label Jul 16, 2024

bstansberry merged commit 9a00e70 into wildfly:main Jul 16, 2024
12 checks passed

fl4via deleted the WFCORE-6900 branch July 17, 2024 13:50