Wildfly31.0.1: Netty-Handler-4.1.106.Final.jar flagged by Veracode Scanner
16 views
Skip to first unread message
Bryan Mulkey
unread,
Jun 28, 2024, 11:23:57 AM (9 days ago) Jun 28
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to WildFly
According to a Veracode scan performed on our app running WildFly31.0.1, netty-handler-4.1.106.Final was flagged as vulnerable due to the fact that the SSLEngine used does not enable hostname verification by default.
Is there anything configuration-wise within WildFly that can be done to enable hostname verification?