Skip to content

Update dependency io.undertow:undertow-core to v2.3.20.Final #6

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update dependency io.undertow:undertow-core to v2.3.20.Final #6

wants to merge 1 commit into from

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Sep 6, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
io.undertow:undertow-core (source) 2.3.18.Final -> 2.3.20.Final age confidence

Release Notes

undertow-io/undertow (io.undertow:undertow-core)

v2.3.20.Final

Compare Source

Release 2.3.20.Final fixes CVE-2025-9784
Full list of issues: view in Jira

    Release Notes - Undertow - Version 2.3.20.Final

Bug

Enhancement

v2.3.19.Final: v.2.3.19.Final

Compare Source

Release 2.3.19.Final fixes CVE-2024-4109
Full list of issues: view in Jira

    Release Notes - Undertow - Version 2.3.19.Final

Sub-task

  • [UNDERTOW-2499] - Review anonymous classes in Undertow io.undertow.websockets.jsr.test.annotated
  • [UNDERTOW-2501] - Review anonymous classes in Undertow io.undertow.websockets.jsr.test.dynamicupgrade
  • [UNDERTOW-2502] - Review anonymous classes in Undertow io.undertow.websockets.jsr.test.extension
  • [UNDERTOW-2503] - Review anonymous classes in Undertow io.undertow.websockets.jsr.test.reconnect
  • [UNDERTOW-2504] - Review anonymous classes in Undertow io.undertow.websockets.jsr.test.security
  • [UNDERTOW-2505] - Review anonymous classes in Undertow io.undertow.websockets.jsr.test.suspendresume
  • [UNDERTOW-2506] - Review anonymous classes in Undertow io.undertow.websockets.jsr.test.stress
  • [UNDERTOW-2518] - WebSocketTimeoutTestCase can fail on CI
  • [UNDERTOW-2574] - BufferLeak on AbstractFramedChannel.allocateReferenceCountedBuffer

Bug

  • [UNDERTOW-2340] - RequestEncodingHandler does not update Content-Length after uncompressing
  • [UNDERTOW-2361] - Deflate request body support (content-encoding in request) does not work as expected
  • [UNDERTOW-2457] - Bytes may get lost across ProxyProtocolReadListener parsing invocations for v1
  • [UNDERTOW-2509] - Unable to set correct HTTP response code when a file upload is too large.
  • [UNDERTOW-2511] - CVE-2024-4109 undertow: information leakage via HTTP/2 request header reuse
  • [UNDERTOW-2520] - Web socket codes for protocol error and wrong code are swapped
  • [UNDERTOW-2532] - Websocket Session NPE
  • [UNDERTOW-2538] - The Servlet ServletRelativePathAttribute has the same priority as the Core RelativePathAttribute
  • [UNDERTOW-2547] - Perform gathering write in HttpRequestConduit to decrease latency
  • [UNDERTOW-2555] - AJP Redirect with unescaped characters in URL is not encoded
  • [UNDERTOW-2565] - HTTP2 sets exchange.queryString unencoded with allow unescaped characters in URL
  • [UNDERTOW-2566] - HttpRequestParser.handleQueryParameters can set an encoded query string
  • [UNDERTOW-2567] - Decoding of query strings with unescaped characters does not work in HTTP2 upgrade
  • [UNDERTOW-2573] - MultiParseParserDefinition can overwrite entity size in exchange request
  • [UNDERTOW-2576] - ProxyHandler can throw NullPointerException if the source address SocketAddress has no ip address
  • [UNDERTOW-2597] - MultiPartParserDefinition must check for entity size larger than zero

Task

Component Upgrade

Enhancement

  • [UNDERTOW-2371] - initialize the DefaultServer once to speed up test HttpContinueSslServletTestCase #​1574
  • [UNDERTOW-2432] - Bump javadoc plugin to 3.3.0+ in maintenance branches
  • [UNDERTOW-2522] - Investigate misleading build failures
  • [UNDERTOW-2556] - Make sure max-post-size check for a request with a content-length is done before any response is sent from the server
  • [UNDERTOW-2562] - AccessLogFileWithUnescapedCharactersTestCase does not clear UndertowOptions
  • [UNDERTOW-2563] - DefaultServer used for tests should apply server options to all openListeners
  • [UNDERTOW-2564] - Validate the signature of @​BeforeServerStarts and @​AfterServerStops methods
  • [UNDERTOW-2571] - Fix util.Security actions as it does not take into account "default"

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot changed the title Update dependency io.undertow:undertow-core to v2.3.19.Final Update dependency io.undertow:undertow-core to v2.3.20.Final Oct 10, 2025
@renovate renovate bot force-pushed the renovate/io.undertow-undertow-core-2.x branch from 32927ea to 678cb94 Compare October 10, 2025 18:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants