Hi WildFly Team,
We would like to double check/confirm on the CVE-2021-3503.
We are currently on 26.1.2.Final WildFly with JDK17 (and in the process of upgrading to 27.0.1.Final).
There is a CVE, CVE-2021-3503, reported against WildFly related jars, including
licenses-plugin-2.0.0.Final.jar, transformer-5.2.10.Final.jar ( (shaded: org.wildfly.extras.batavia:transformer-api:1.0.12.Final)), transformer-5.2.10.Final.jar, and
wildfly-galleon-plugins-5.2.10.Final.jar.
Are you able to confirm that 26.1.2.Final WildFly and 27.0.1.Final are not vulnerable to CVE-2021-3503?
Thanks in advance!
Regards,
Ming