Skip to content

v2.2.34.Final

Compare
Choose a tag to compare
@fl4via fl4via released this 14 Aug 08:58
· 632 commits to main since this release

Includes CVES: CVE-2024-3653 CVE-2024-5971

    Release Notes - Undertow - Version 2.2.34.Final

Bug

  • [UNDERTOW-2033] - secure predicate unreliable with HTTP/2
  • [UNDERTOW-2046] - ProxyHandler passes hostname not IP in X-Forwarded-For
  • [UNDERTOW-2343] - Zero-Byte Response and Empty Response Code on Page Refresh with Wildfly 30 and Firefox
  • [UNDERTOW-2382] - CVE-2024-3653 LearningPushHandler can lead to remote memory DoS attacks
  • [UNDERTOW-2397] - Handle Huffman encoding properly
  • [UNDERTOW-2413] - CVE-2024-5971 undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket
  • [UNDERTOW-2418] - Adjust properly session timeout also in case when FORM is combined with other mechanisms

Documentation

  • [UNDERTOW-2193] - UndertowOptions class doesn't specify what many size settings represent

Enhancement