Hi WildFly Team,
We are currently on version 26.1.2.Final of WF, and there is a CVE-2022-1278 raised against a few WildFly related jars:
licenses-plugin-2.0.0.Final.jar
transformer-5.2.10.Final.jar (shaded: org.wildfly.extras.batavia:transformer-api:1.0.12.Final)
transformer-5.2.10.Final.jar
wildfly-galleon-plugins-5.2.10.Final.jar
The 26.1.2 WF doesn't seem to be appeared on the CPE list.
But, we would like to double check if 26.1.2.Final is vulnerable to CVE-2022-1278.
If so, is there a plan to address this in the 27.0.0.Final release.
Thanks in advance.
Regards,
Ming