Widlfy 26.1.3 still has CVE-2023-1108

[Nate]

I am on WildFly 26.1.3 bootable jar and wish to mitigate  CVE-2023-1108. It seems to have been fixed in Undertow 2.2.24 but WildFly 26.1.3 is using Undertow 2.2.19. I realize I can possibly provision WildFly with a newer Undertow version using a custom galleon layer, but, is there an easier way, at build time, to get the newer Undertow version?

Thanks,

Nate

[Jean Francois Denise]

Hi Nate,

using Bootable JAR you can upgrade a server artifact: https://docs.wildfly.org/bootablejar/#wildfly_jar_advanced_upgrade

Regards.

JF

--
You received this message because you are subscribed to the Google Groups "WildFly" group.
To unsubscribe from this group and stop receiving emails from it, send an email to wildfly+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/wildfly/3596a8ad-dc93-4239-b78b-a180baaffee3n%40googlegroups.com.

[Nate]

Thanks and sorry, I should have seen that.