Skip to content

[SCA] Security upgrade @io.undertow:undertow-core from 2.2.13.Final to 2.3.24.Final #176

Open
gwnlng wants to merge 1 commit intomainfrom
snyk-upgrade-f7008a62628757b1b0fa37cdeeb1d485
Open

[SCA] Security upgrade @io.undertow:undertow-core from 2.2.13.Final to 2.3.24.Final #176
gwnlng wants to merge 1 commit intomainfrom
snyk-upgrade-f7008a62628757b1b0fa37cdeeb1d485

Conversation

@gwnlng
Copy link
Copy Markdown
Owner

@gwnlng gwnlng commented Apr 27, 2026

snyk-top-banner

This is a PR from Snyk, initiated by the Security team, to fix 22 vulnerabilities in the dependencies of this project.

Snyk changed the following file(s):

  • log4shell-goof/log4shell-server/pom.xml

Important

  • This PR was automatically generated by our security tool to help you fix known vulnerabilities in your project's third-party libraries more efficiently. However, there is a possibility that these changes could introduce functional regressions or breakages. Please ensure you test this PR thoroughly before merging.
  • If you have any questions or concerns, please seek support in the #sca-support Slack channel.

References:

  1. Latest project report in Snyk
  2. How to access Snyk via SSO?
  3. Snyk knowledge base

@snyk-bot
fix: upgrade io.undertow:undertow-core from 2.2.13.Final to 2.3.24.Final
36029da 
Snyk has created this PR to upgrade io.undertow:undertow-core from 2.2.13.Final to 2.3.24.Final.

See this package in maven:
io.undertow:undertow-core

See this project in Snyk:
https://app.snyk.io/org/gwunleong.lee/project/7b9f70d3-b8b5-4067-ae7e-7580f10d43c1?utm_source=github&utm_medium=referral&page=upgrade-pr
@gwnlng
Copy link
Copy Markdown
Owner Author

gwnlng commented Apr 27, 2026

Merge Risk: High

This upgrade from Undertow 2.2.x to 2.3.x introduces a significant breaking change by migrating from the javax to the jakarta namespace to support Jakarta EE 10.

Breaking Changes:

  • Namespace Migration: All Java EE APIs have been migrated from the javax.* package to the jakarta.* package. This affects core functionalities like Servlets and WebSockets. For example, javax.servlet.http.HttpServlet is now jakarta.servlet.http.HttpServlet.

Action Required:

  • Your application code and dependencies must be updated to use the new jakarta.* namespaces. If your project is not ready to migrate to Jakarta EE, you should remain on the 2.2.x branch of Undertow, which will continue to be maintained with security fixes.

Recommendation:
This is a major migration that requires careful planning and code modification across the application. It is recommended to handle this upgrade as a separate, dedicated effort before merging.

Source: Undertow 2.3.0.Final Release Announcement

Notice 🤖: This content was augmented using artificial intelligence. AI-generated content may contain errors and should be reviewed for accuracy before use.

@gwnlng
Copy link
Copy Markdown
Owner Author

gwnlng commented Apr 27, 2026
edited
Loading

Snyk checks have passed. No issues have been found so far.

Status Scan Engine Critical High Medium Low Total (0)
Open Source Security 0 0 0 0 0 issues
Licenses 0 0 0 0 0 issues
Code Security 0 0 0 0 0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@gwnlng @snyk-bot