[Snyk] Security upgrade org.wildfly.core:wildfly-server from 21.1.0.Final to 24.0.0.Final

[ISGA]

User description

Snyk has created this PR to fix 1 vulnerabilities in the maven dependencies of this project.

Snyk changed the following file(s):

• pom.xml

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score	Upgrade
	Improper Validation of Syntactic Correctness of Input SNYK-JAVA-IOUNDERTOW-14908846	164	org.wildfly.core:wildfly-server: 21.1.0.Final -> 24.0.0.Final Major version upgrade No Known Exploit

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

CodeAnt-AI Description

Upgrade WildFly core to 24.0.0.Final to fix a known Undertow input-validation vulnerability

What Changed

• Updated the WildFly core dependency version to 24.0.0.Final in EAP8 and upstream adapter build profiles so builds use the fixed runtime
• Replaced an empty contributors element with a self-closing contributors tag in the POM (no behavioral change beyond XML cleanup)

Impact

✅ Fixes Undertow input-validation vulnerability (SNYK-JAVA-IOUNDERTOW-14908846)
✅ Fewer security vulnerabilities in produced builds
✅ Builds for EAP8 and upstream adapters now target WildFly 24

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

CodeAnt AI is reviewing your PR.

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[zeropath-ai]

✅ No security or compliance issues detected. Reviewed everything up to fe1e00a.

Security Overview

• 🔎 Scanned files: 1 changed file(s)
• 🔗 Scan Link: https://zeropath.com/app/repositories/0e111b51-ae74-4faa-8067-84c4c8db1568?scanId=7fe3c31d-03af-4c92-a5d3-90995facbf5e&codeScanTypes=PrScan&tab=issues

Detected Code Changes

Change Type	Relevant files
Configuration changes	► pom.xml     Update contributors tag     Set wildfly.core.version to 24.0.0.Final for eap8 profile     Set wildfly.core.version to 24.0.0.Final for upstream.wildfly profile

[amplify-security]

🔍 Amplify code check status:  

⚠️ 0 issues detected in   📄 1 file and   ❇️ 6 lines of code   🛠️ using Opengrep

Last updated by commit fe1e00a at 2026-01-11 11:15:44 UTC.

[codeant-ai]

Sequence Diagram

This PR updates pom.xml to bump org.wildfly.core:wildfly-server (wildfly.core.version) to 24.0.0.Final to address a reported vulnerability. The diagram shows the high-level flow from Snyk PR creation through the build resolving the upgraded dependency and confirming the fix.

sequenceDiagram
    participant Snyk
    participant Repository
    participant CI
    participant MavenRepo

    Snyk->>Repository: Create PR updating pom.xml (wildfly.core.version -> 24.0.0.Final)
    Repository->>CI: Trigger build for PR
    CI->>MavenRepo: Resolve org.wildfly.core:wildfly-server:24.0.0.Final
    MavenRepo-->>CI: Provide upgraded artifact
    CI-->>Repository: Build & tests pass; vulnerability fixed confirmation

Loading

---

Generated by CodeAnt AI

[codeant-ai]

Nitpicks 🔍

🔒 No security issues identified

⚡ Recommended areas for review Inconsistent Properties The top-level properties (e.g. upstream.wildfly.core.version, eap8.wildfly.core.version and tests.wildfly.core.version) remain at older values while profiles now set wildfly.core.version to 24.0.0.Final. This may produce unexpected dependency/version resolution depending on which profile is active and lead to hard-to-debug incompatibilities during builds or tests. Hardcoded Version The PR injects the literal value <wildfly.core.version>24.0.0.Final</wildfly.core.version> directly into two profiles. Hardcoding the same version in multiple profile sections creates duplication and increases the risk of mismatched versions across the POM (the top-level properties still point to older wildfly core versions). Prefer a single authoritative property to avoid drift and make future upgrades safer.

[codeant-ai]

CodeAnt AI finished reviewing your PR.

[openhands-ai]

Looks like there are a few issues preventing this PR from being merged!

• GitHub Actions are failing:
  • Keycloak Operator CI
  • Keycloak CI
  • Keycloak JavaScript CI
  • Keycloak Documentation
  • Keycloak Operator CI
  • CodeQL
  • Keycloak CI
  • Automatic Dependency Submission (Maven)
  • Automatic Dependency Submission (Maven)

If you'd like me to help, just leave a comment, like

@OpenHands please fix the failing actions on PR #534 at branch `snyk-fix-e018e39fb8df6d2459e3b94a496cb67a`

Feel free to include any additional details that might help me get this PR into a better state.

_{^{You can manage your notification settings}}