Release 2.3.20.Final fixes CVE-2025-9784
Full list of issues: view in Jira
Release Notes - Undertow - Version 2.3.20.Final
Bug
- [UNDERTOW-2235] - Properly handle non servlet methods dispatched as error into container
- [UNDERTOW-2598] - CVE-2025-9784 MadeYouReset HTTP/2 DDoS Vulnerability
- [UNDERTOW-2604] - 2.3.19 regression w/ Java's HTTP client
- [UNDERTOW-2608] - Undertow Servlet 2.3.19 fails SecurityManager checks
Enhancement
- [UNDERTOW-2607] - Syntax error in CONTRIBUTING.md file