Groups keyboard shortcuts have been updated
Dismiss
See shortcuts

WF 36.0.0.Final CVE-2016-6311

47 views
Skip to first unread message

Loca4368

unread,
May 6, 2025, 11:44:43 PMMay 6
to WildFly
Hi Wildfly Team,

We have upgraded to WF 36.0.0.Final, but our dependency check reported
CVE-2016-6311 against undertow-core-2.3.18.Final.jar.

Are we able to confirm that whether WF 36.0.0.Final is vulnerable to the CVE-2016-6311 or not?

Thanks,
Ming

James Perkins

unread,
May 7, 2025, 11:52:59 AMMay 7
to WildFly
What dependency checker are you using? That CVE is 9 years old and was fixed that long ago as well.

Aaron Ogburn

unread,
May 7, 2025, 9:54:23 PMMay 7
to WildFly
This was fixed by https://github.com/wildfly/wildfly/pull/9095/files and not even specifically a fix to undertow-core so this dependency check suggesting any undertow-core version is vulnerable is incorrect.
Reply all
Reply to author
Forward
0 new messages