Possibility to upgrade Undertow

23 views
Skip to first unread message

Per Norrman

unread,
Jun 3, 2020, 9:29:27 AM6/3/20
to Thorntail
Hello,

What would be the best way to upgrade Undertow to at least version 2.1.1.Final? Can it be done without patching Thorntail itself? If so, is that process documented somewhere?

Or maybe a pull request and an interim release?

Btw, are there any more planned releases of Thorntail before EOL?

Cheers,

Per Norrman

Ladislav Thon

unread,
Jun 3, 2020, 11:03:04 AM6/3/20
to thor...@googlegroups.com

Hi,

I'm afraid it isn't exactly possible (or at least easy) to do it yourself. We'd have to do that in Thorntail, but we inherit Undertow and the integration code from WildFly, and are based on WildFly 18 for the time being. (Not sure if we'll ever rebase again.)

You can try replacing the Undertow JARs in your uberjar with the new ones, but no guarantee that things will work.

Thorntail 2.7.0 should be released in a few days, btw, but it won't update neither WildFly nor Undertow.

Is there a specific reason why you're looking for 2.1.1+?

Thanks,

LT

--
You received this message because you are subscribed to the Google Groups "Thorntail" group.
To unsubscribe from this group and stop receiving emails from it, send an email to thorntail+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/thorntail/bef21dd1-a27d-4e8a-a59b-d8cdf58f1d3c%40googlegroups.com.

Per Norrman

unread,
Jun 3, 2020, 1:56:23 PM6/3/20
to Thorntail
Hi Ladislav,

Well, it's a vulnerability in undertow. I don't want to be more specific here, I'm sure you can appreciate that.

Cheers,
Per Norrman


Den onsdag 3 juni 2020 kl. 17:03:04 UTC+2 skrev Ladislav Thon:

Hi,

I'm afraid it isn't exactly possible (or at least easy) to do it yourself. We'd have to do that in Thorntail, but we inherit Undertow and the integration code from WildFly, and are based on WildFly 18 for the time being. (Not sure if we'll ever rebase again.)

You can try replacing the Undertow JARs in your uberjar with the new ones, but no guarantee that things will work.

Thorntail 2.7.0 should be released in a few days, btw, but it won't update neither WildFly nor Undertow.

Is there a specific reason why you're looking for 2.1.1+?

Thanks,

LT

On 03. 06. 20 15:29, Per Norrman wrote:
Hello,

What would be the best way to upgrade Undertow to at least version 2.1.1.Final? Can it be done without patching Thorntail itself? If so, is that process documented somewhere?

Or maybe a pull request and an interim release?

Btw, are there any more planned releases of Thorntail before EOL?

Cheers,

Per Norrman
--
You received this message because you are subscribed to the Google Groups "Thorntail" group.
To unsubscribe from this group and stop receiving emails from it, send an email to thor...@googlegroups.com.

Ladislav Thon

unread,
Jun 4, 2020, 3:04:29 AM6/4/20
to thor...@googlegroups.com

Gotcha. I think fixes are backported to the 2.0 line, and we might be able to update to latest 2.0.x. I'll look more into it.

LT

To unsubscribe from this group and stop receiving emails from it, send an email to thorntail+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/thorntail/13eed682-8748-45ff-82f9-400c4066bc84%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages