wildfly 36 Final security vulnabilities discovered
97 views
Skip to first unread message
morten hoffmann
Jun 4, 2025, 3:59:57 AM6/4/25
to WildFly
hi
following security vulnabilities are identified in Wildfly 36.0.1.Final.
Are there any plans to resolve this soon?
PACKAGE TYPE VERSION SUGGESTED FIX CRITICAL HIGH MEDIUM LOW NEGLIGIBLE EXPLOIT
commons-beanutils:commons-beanutils java 1.9.4 1.11.0 1 0 0 0 0 0
commons-beanutils:commons-beanutils java 1.9.4 1.11.0 1 0 0 0 0 0
org.eclipse.jgit:org.eclipse.jgit java 6.10.0.202406032230-r 6.10.1.202505221210-r 1 0 0 0 0 0
org.apache.tomcat:tomcat-coyote java 11.0.4 11.0.6 0 1 0 0 0 0
commons-beanutils:commons-beanutils java 1.9.4 1.11.0 1 0 0 0 0 0
commons-beanutils:commons-beanutils java 1.9.4 1.11.0 1 0 0 0 0 0
org.eclipse.jgit:org.eclipse.jgit java 6.10.0.202406032230-r 6.10.1.202505221210-r 1 0 0 0 0 0
org.apache.tomcat:tomcat-coyote java 11.0.4 11.0.6 0 1 0 0 0 0
James Perkins
Jun 6, 2025, 10:48:56 AM6/6/25
to WildFly
The format seems a bit off, but is the suggestion that common-beanutils be at 1.9.4? If so , that is the version shipped with WildFly 36.0.1.Final. The same is true for the version of jgit.
I don't know where the tomcat-coyote dependency would be coming from as that is not shipped with WildFly at all.
James Perkins
Jun 6, 2025, 10:53:15 AM6/6/25
to WildFly
Ah, just figured out the format :)
The Apache Commons BeanUtils was upgraded with https://github.com/wildfly/wildfly/pull/18964 which will be in WildFly 37.
The JGit upgrade was done in https://github.com/wildfly/wildfly-core/pull/6428 and will also be in WildFly 37.
Again, no idea where the Tomcat dependency is coming from.
Reply all
Reply to author
Forward
0 new messages