[Snyk] Security upgrade org.wildfly.core:wildfly-server from 21.1.0.Final to 30.0.0.Final

[ISGA]

User description

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Allocation of Resources Without Limits or Throttling (MadeYouReset) SNYK-JAVA-IOUNDERTOW-12458577	124	org.wildfly.core:wildfly-server: 21.1.0.Final -> 30.0.0.Final Major version upgrade No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

CodeAnt-AI Description

Upgrade WildFly core to 30.0.0.Final to fix Undertow resource-allocation vulnerability

What Changed

• Project now builds with WildFly core 30.0.0.Final, replacing the previous version reference in the build configuration
• Fixes a high-severity Undertow vulnerability that could allow allocation of resources without limits or throttling (reduces risk of resource-exhaustion attacks against the server)
• Cleans up the project metadata by converting an empty contributors element to a self-closing tag (no functional change)

Impact

✅ Fewer high-severity security findings
✅ Safer server against resource-exhaustion attacks
✅ Builds use WildFly 30.0.0.Final

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[codeant-ai]

Suggestion: Replace the hardcoded version with a centralized property reference (use eap8.wildfly.core.version) to avoid duplicating the literal and prevent version drift. [maintainability]

[codeant-ai]

Suggestion: Replace the hardcoded version with a property reference (use upstream.wildfly.core.version) so the upstream-adapters profile uses the centralized version and avoids duplicate literals. [maintainability]

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[amplify-security]

🔍 Amplify code check status:  

⚠️ 0 issues detected in   📄 1 file and   ❇️ 6 lines of code   🛠️ using Opengrep

Last updated by commit 4b958ee at 2025-10-26 10:05:24 UTC.

[socket-security]

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	maven/​io.undertow.jastow/​jastow@​2.2.5.Final
	maven/​org.apache.sshd/​sshd-core@​2.4.0 ⏵ 2.7.0
	maven/​org.wildfly.security/​wildfly-elytron@​1.11.2.Final ⏵ 2.5.2.Final	-25	+20	-8		-30
	maven/​net.java.dev.jna/​jna@​5.8.0
	maven/​com.sun.xml.ws/​rt@​4.0.0
	npm/​eslint-config-prettier@​9.1.0
	maven/​org.jboss.shrinkwrap.resolver/​shrinkwrap-resolver-api-maven@​3.2.1
	npm/​dagre@​0.8.5
	npm/​es6-promise@​4.2.8
	npm/​eslint-plugin-lodash@​8.0.0
	npm/​eslint-plugin-react@​7.36.1
	npm/​cypress-axe@​1.5.0
	npm/​cypress@​13.14.2
	npm/​eslint-plugin-cypress@​3.5.0
	npm/​eslint-plugin-playwright@​1.6.2
	npm/​eslint-plugin-mocha@​10.5.0
	maven/​org.wildfly.security.elytron-web/​undertow-server@​1.9.0.Final
	npm/​eslint-plugin-prettier@​5.2.1
	npm/​cypress-split@​1.24.0
	npm/​eslint-plugin-react-hooks@​4.6.2
	npm/​eslint@​9.10.0
	maven/​org.jboss.arquillian.container/​undertow-embedded@​1.0.0.Final

View full report

[socket-security]

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert  (click "▶" to expand/collapse)
Warn		maven/io.undertow/undertow-core@2.3.3.Final has a Critical CVE. CVE: GHSA-pfcc-3g6r-8rg8 Undertow client not checking server identity presented by server certificate in https connections (CRITICAL) Affected versions: >= 2.3.0 < 2.3.5.Final; < 2.2.24.Final Patched version: 2.3.5.Final From: pom.xml → maven/org.jboss.arquillian.container/undertow-embedded@1.0.0.Final → maven/io.undertow/undertow-core@2.3.3.Final ℹ Read more on: This package | This alert | What is a critical CVE? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev. Suggestion: Remove or replace dependencies that include known critical CVEs. Consumers can use dependency overrides or npm audit fix --force to remove vulnerable dependencies. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore maven/io.undertow/undertow-core@2.3.3.Final. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

[zeropath-ai]

✅ No security or compliance issues detected. Reviewed everything up to 4b958ee.

Security Overview

• 🔎 Scanned files: 1 changed file(s)
• 🔗 Scan Link: https://zeropath.com/app/repositories/0e111b51-ae74-4faa-8067-84c4c8db1568?scanId=4d61ea1c-b733-45be-8d00-2db6c769d879&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Configuration changes	► pom.xml     Convert to self-closing and update wildfly.core.version to 30.0.0.Final

Reply to this PR with @zeropath-ai followed by a description of what change you want and we'll auto-submit a change to this PR to implement it.