Hi! On Fri, Mar 02, 2018 at 08:46:51PM +0100, Markus Koschany wrote: > Control: severity -1 important > > I am no longer sure undertow is affected. The issue is marked resolved > upstream and one of the fixing commits > > https://github.com/wildfly/wildfly/pull/10748/files > > indicates the bug was in WildFly's undertow extension but not in > Undertow itself. I keep this bug report open for a little while longer > until UNDERTOW-1295 is resolved and we get more information about the > vulnerabilities.
Alright, if that turns out to be indeed in WildFly, then the security-tracker entry should be changed to a NOT-FOR-US. If you don't want to loose the triage done now, still adding a note would be good. Thanks a lot for your investigations! Regards, Salvatore
