WildFly 37.0.1.Final Released

74 views
Skip to first unread message

Farah Juma

unread,
Sep 4, 2025, 12:43:02 PMSep 4
to WildFly
WildFly 37.0.1.Final is now available for download from https://www.wildfly.org/downloads/

See the release announcement at https://www.wildfly.org/news/2025/09/04/WildFly-37-0-1-is-released/ for more details.

Please update to this release, and we will continue working towards WildFly 38.

Enjoy!

morten hoffmann

unread,
Sep 8, 2025, 5:10:40 AMSep 8
to WildFly
security scan of 37.0.1.Final identifies package " org.apache.tomcat:tomcat-coyote" version 11.0.4 to be vulnerable and it's recommended to update pakcage to 11.0.6
CVE-2025-31650
second...are there plans to update the netty-codec and netty-codec-http package to 4.1.125 innext release?

kind regards
Morten Hoffmann


Darran Lofthouse

unread,
Sep 8, 2025, 5:28:17 AMSep 8
to morten hoffmann, WildFly
On Mon, Sep 8, 2025 at 10:10 AM morten hoffmann <mhoff...@gmail.com> wrote:
security scan of 37.0.1.Final identifies package " org.apache.tomcat:tomcat-coyote" version 11.0.4 to be vulnerable and it's recommended to update pakcage to 11.0.6
CVE-2025-31650

Are you able to identify which jar your scanner is identifying as containing tomcat-coyote? The HTTP server in WildFly is Undertow not Apache Tomcat.
 
second...are there plans to update the netty-codec and netty-codec-http package to 4.1.125 innext release?

kind regards
Morten Hoffmann


On Thursday, September 4, 2025 at 6:43:02 PM UTC+2 Farah Juma wrote:
WildFly 37.0.1.Final is now available for download from https://www.wildfly.org/downloads/

See the release announcement at https://www.wildfly.org/news/2025/09/04/WildFly-37-0-1-is-released/ for more details.

Please update to this release, and we will continue working towards WildFly 38.

Enjoy!

--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/wildfly/3ae2fea0-7e04-454a-bed1-aa1bb3c1500bn%40googlegroups.com.

morten hoffmann

unread,
Sep 12, 2025, 4:55:54 AMSep 12
to WildFly
Hi Darran

I managed to identify the tomcat-coyote. it was from a internal app which I now have excluded.
However I still encounter some vulnerabilities 

io.netty:netty-codec 4.1.124.Final:/opt/jboss/wildfly-37.0.1.Final/bin/client/jboss-client.jar
io.netty:netty-codec 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/modules/system/layers/base/io/netty/netty-codec/main/netty-codec-4.1.124.Final.jar
io.netty:netty-codec-http 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/bin/client/jboss-client.jar
io.netty:netty-codec-http 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/modules/system/layers/base/io/netty/netty-codec-http/main/netty-codec-http-4.1.124.Final.jar
io.netty:netty-codec-dns 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/modules/system/layers/base/io/netty/netty-codec-dns/main/netty-codec-dns-4.1.124.Final.jar
io.netty:netty-codec-http2 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/modules/system/layers/base/io/netty/netty-codec-http2/main/netty-codec-http2-4.1.124.Final.jar
io.netty:netty-codec-socks 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/bin/client/jboss-client.jar
io.netty:netty-codec-socks 4.1.124.Final: /opt/jboss/wildfly-37.0.1.Final/modules/system/layers/base/io/netty/netty-codec-socks/main/netty-codec-socks-4.1.124.Final.jar

CVE-2025-58056, CVE-2025-58057, CVE-2025-58056, CVE-2025-58057

Suggested fix: 4.1.125.Final

What are the consequences if I remove these from my image?

Kind regards
Morten Hoffmann
Reply all
Reply to author
Forward
0 new messages