[UNDERTOW-2605 / 2582 / 2534 / 2609 / 2377 / 2656 / 2674 / 2668] CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Backport fixes to branch 2.2.x#1882
Merged
Conversation
…fter exact read of content length
Signed-off-by: Flavia Rainone <frainone@redhat.com>
…dler before invoking the message handler Signed-off-by: Flavia Rainone <frainone@redhat.com>
…eaking to the XnioWorker when this thread is created Signed-off-by: Flavia Rainone <frainone@redhat.com>
…on decoded query string, and replace all internal usage of this method by the new method, getDecodedQueryString() Signed-off-by: Flavia Rainone <frainone@redhat.com>
… more sense in the nomenclature of query strings: * the method getQueryString() is the new standard for getting the original, unencoded, query string. * the method getNonDecodedQueryString is marked for removal in future release * the method setNonDecodedQueryStirng is replaced by setUnencodedQueryString and marked for removal as well * ProxyHandler uses getQueryString instead of getNonDecodedQueryString Signed-off-by: Flavia Rainone <frainone@redhat.com>
fl4via
added
waiting CI check
fl4via
force-pushed
the
backport-fixes_2.2.x
branch
from
8609636 to
3ad055f
Compare
fl4via
changed the title
… HttpServerExchange. The nomenclature queryString refers always to unencoded query, whereas decodedQueryString is the decoded counterpart. Notice that this makes the invocation of setQueryString mandatory while parsing requests, while setDecodedQueryString is optional and can be used only when decoding of the query is performed. Signed-off-by: Flavia Rainone <frainone@redhat.com>
…ery string in its entire form instead of the beginning, apply this to AjpParsingUnitTestCase (although the original form of the query string in this case is unreadable) Signed-off-by: Flavia Rainone <frainone@redhat.com>
…/entity size Signed-off-by: Flavia Rainone <frainone@redhat.com>
…rlyCloseClientSideTestCase. Also: enable the test for all protocol scenarios. Signed-off-by: Flavia Rainone <frainone@redhat.com>
…TIPART_MAX_ENTITY_SIZE to -1 Signed-off-by: Flavia Rainone <frainone@redhat.com>
…ase. Also: [UNDERTOW-2572] enable the test for all protocols except HTTP2. Signed-off-by: Flavia Rainone <frainone@redhat.com>
…tCase and ReceiverTestCase Signed-off-by: Flavia Rainone <frainone@redhat.com>
…in request. Fix NetworkUtils regex patterns to have proper range and include embedded adr Signed-off-by: Flavia Rainone <frainone@redhat.com>
Signed-off-by: Flavia Rainone <frainone@redhat.com>
…PROTOCOL_ERRORS in WebSocketChannel instead of WRONG_CODE Signed-off-by: Flavia Rainone <frainone@redhat.com>
… return absolute path Signed-off-by: Flavia Rainone <frainone@redhat.com>
fl4via
force-pushed
the
backport-fixes_2.2.x
branch
from
3ad055f to
2947b7c
Compare
fl4via
changed the title
This was referenced Jan 29, 2026
This was referenced Jan 29, 2026
Merged
This was referenced Feb 15, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Jiras:
https://issues.redhat.com/browse/UNDERTOW-2605 main PR: #1792
https://issues.redhat.com/browse/UNDERTOW-2582 main PR: #1850
https://issues.redhat.com/browse/UNDERTOW-2534 main PR: #1847
https://issues.redhat.com/browse/UNDERTOW-2609 main PR: #1855
https://issues.redhat.com/browse/UNDERTOW-2377 main PR: #1856
https://issues.redhat.com/browse/UNDERTOW-2656 main PR: #1857
https://issues.redhat.com/browse/UNDERTOW-2674 main PR: #1859
https://issues.redhat.com/browse/UNDERTOW-2668 main PR: #1858
2.3.x PR: #1860
2.4.x PR: #1894
Undertow EE:
Main PR: undertow-io/undertow-ee#52
1.0.x PR: undertow-io/undertow-ee#53