WildFly 26.1.3 is released

By Brian Stansberry | January 18, 2023

WildFly 26.1.3.Final is now available for download.

We’ve received requests from members of our community to address a recent critical severity CVE in Apache CXF. The WildFly project generally doesn’t continue to produce bug-fix releases for older versions once a new major or minor release is out. But we recognize that the transition to WildFly 27 and EE 10 is likely to take our users longer than it does for most releases, so given the severity of CVE-2022-46364 we decided to do an additional limited payload bug fix release for the 26.1 series.

The following issues were resolved in 26.1.3:

Component Upgrades

WFLY-17384 - Upgrade Jackson Databind 2.12.7.1 (addresses CVE-2022-42003 and CVE-2022-42004)
WFLY-17474 - Upgrade CXF from 3.4.7 to 3.4.10 (addresses CVE-2022-46364)
WFLY-17494 - Upgrade jaxb-ri to 2.3.3-b02-jbossorg-2

Tasks

WFLY-17489 - Default to https://www.w3.org instead of http://www.w3.org to resolve XML Binding TCK failures

Thank you for your support of WildFly.

WildFly is fully open. All components are open source and follow a community-focused development process.

This website was built with Jekyll is hosted on Github Pages and is completely open source. If you want to make it better, fork it and show us what you’ve got.

Navigation

Contribute

Get Help

Find more Red Hat Middleware Community Projects

CC by 3.0 | Privacy Policy Sponsored by