Hello Seeing that Undertow 2.2 is mentioned, I'd just like to highlight that it's no longer an OSGi bundle (see https://issues.redhat.com/browse/UNDERTOW-1684) - if this matter at all for CXF :)
kind regards Grzegorz Grzybek pt., 29 sty 2021 o 11:19 Colm O hEigeartaigh <[email protected]> napisaĆ(a): > Hey Freeman, > > Can you check if the latest Undertow 2.1.x release (2.1.5) is still > vulnerable to this CVE? > > https://nvd.nist.gov/vuln/detail/CVE-2020-10687 > > If yes, can we update CXF to Undertow 2.2.x to avoid the CVE? I see Camel > has already updated. > > Thanks, > > Colm. >
