Skip to content
This repository has been archived by the owner on Oct 6, 2024. It is now read-only.

fix(deps): update dependency io.undertow:undertow-servlet to v2.3.17.final #46

Open
wants to merge 1 commit into
base: mainline-k
Choose a base branch
from
Open

fix(deps): update dependency io.undertow:undertow-servlet to v2.3.17.final #46

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Oct 4, 2024
edited
Loading

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
io.undertow:undertow-servlet (source) 2.3.4.Final -> 2.3.17.Final age adoption passing confidence
io.undertow:undertow-servlet (source) 2.3.7.Final -> 2.3.17.Final age adoption passing confidence

Release Notes

undertow-io/undertow (io.undertow:undertow-servlet)

v2.3.17.Final

Compare Source

Includes CVEs: CVE-2024-7885

    Release Notes - Undertow - Version 2.3.17.Final

Bug

v2.3.16.Final

Compare Source

Release Notes - Undertow - Version 2.3.16.Final

Bug

  • [UNDERTOW-2256] - Resource predicate presentation differs depending on how it is set up
  • [UNDERTOW-2312] - multibytes language in URL request to http/https are broken in EAP access log.
  • [UNDERTOW-2381] - Invalid/benevolent hpack decoding of huffman-encoded string literal with EOS symbol
  • [UNDERTOW-2424] - Undertow produces malformed Http/1.1 responses under heavy concurrent load
  • [UNDERTOW-2425] - io.undertow.servlet.spec.ServletPrintWriter.close() high CPU when encoding characters on previously errored writer

v2.3.15.Final

Compare Source

v2.3.14.Final

Compare Source

Includes CVES: CVE-2024-6162 CVE-2024-27316 CVE-2023-5685

    Release Notes - Undertow - Version 2.3.14.Final

Sub-task

  • [UNDERTOW-2400] - ResponseWriterTestCase fails because ServletinputStream is closed before read

Bug

  • [UNDERTOW-2332] - CachingResource mishandling with TTL =0 and FS exhaustion
  • [UNDERTOW-2334] - CVE-2024-6162 url-encoded request path information can be broken on ajp-listener
  • [UNDERTOW-2378] - Adjust properly session timeout also in case when custom auth mechanisms are used
  • [UNDERTOW-2383] - Canonicalized query string in redirect location can break included links
  • [UNDERTOW-2385] - Memory leak in ThreadLocalCache
  • [UNDERTOW-2389] - DefaultByteBufferPool leaks buffers for released threads
  • [UNDERTOW-2405] - CVE-2024-27316 HTTP-2: httpd: CONTINUATION frames DoS
  • [UNDERTOW-2407] - NullPointerException on DefaultByteBufferPool.close
  • [UNDERTOW-2409] - Adjust properly session timeout also in case when GET requests with custom auth mechanisms are used

Component Upgrade

Enhancement

  • [UNDERTOW-2408] - Make fields final in DefaultByteBufferPool when appliable

v2.3.13.Final

Compare Source

v2.3.12.Final

Compare Source

v2.3.11.Final

Compare Source

v2.3.10.Final

Compare Source

v2.3.9.Final

Compare Source

v2.3.8.Final

Compare Source

v2.3.7.Final

Compare Source

v2.3.6.Final

Compare Source

v2.3.5.Final

Compare Source

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@semanticdiff-com SemanticDiff.com
Copy link

Review changes with SemanticDiff.

@renovate renovate bot force-pushed the renovate/io.undertow-undertow-servlet-2.x branch from e86d49b to 38bccff Compare October 4, 2024 08:39
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants