Skip to content

chore(deps): Bump io.undertow:undertow-core from 2.4.0.Alpha1 to 2.4.0.Beta2#21750

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/io.undertow-undertow-core-2.4.0.Beta2
Closed

chore(deps): Bump io.undertow:undertow-core from 2.4.0.Alpha1 to 2.4.0.Beta2#21750
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/maven/io.undertow-undertow-core-2.4.0.Beta2

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 6, 2026

Bumps io.undertow:undertow-core from 2.4.0.Alpha1 to 2.4.0.Beta2.

Release notes

Sourced from io.undertow:undertow-core's releases.

v.2.4.0.Beta1

Release 2.4.0.Beta1 Fixes CVE-2024-3884 CVE-2024-4027 CVE-2025-12543 Full list of Jiras: view in Jira

    Release Notes - Undertow - Version 2.4.0.Beta1

... (truncated)

Commits
  • a90f94f Prepare 2.4.0.Beta2
  • b9f9aac Merge pull request #1910 from pferraro/2.4.x
  • 00e9ce8 Merge pull request #1916 from jamezp/UNDERTOW-2712-2.4.x
  • c3263c5 [UNDERTOW-2712] Create a new CookieStore and remove the 4 other types that we...
  • 84df739 UNDERTOW-2714 Refactor Session.getSessionManager() -> SessionReference.getSes...
  • 92713d3 Next is 2.4.0.Beta2
  • 528c541 Prepare 2.4.0.Beta1
  • b9c3985 Merge pull request #1909 from fl4via/UNDERTOW-2710
  • 1b7a750 [UNDERTOW-2710] Remove the references to undertow-servlets and undertow-webso...
  • d3024de Merge pull request #1907 from fl4via/backport-features_2.4.x
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added dependencies Pull requests that update a dependency file java Pull requests that update Java code labels Mar 6, 2026
@github-actions
Copy link
Contributor

github-actions bot commented Mar 6, 2026

🌟 Thank you for your contribution to the Apache Camel project! 🌟
🤖 CI automation will test this PR automatically.

🐫 Apache Camel Committers, please review the following items:

  • First-time contributors require MANUAL approval for the GitHub Actions to run
  • You can use the command /component-test (camel-)component-name1 (camel-)component-name2.. to request a test from the test bot although they are normally detected and executed by CI.
  • You can label PRs using build-all, build-dependents, skip-tests and test-dependents to fine-tune the checks executed by this PR.
  • Build and test logs are available in the summary page. Only Apache Camel committers have access to the summary.

⚠️ Be careful when sharing logs. Review their contents before sharing them publicly.

apupier
apupier requested changes Mar 6, 2026
View reviewed changes
Copy link
Contributor

@apupier apupier left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

manual change required:

Error: undertow] [ERROR] Tests run: 1, Failures: 0, Errors: 1, Skipped: 0, Time elapsed: 0.009 s <<< FAILURE! -- in org.apache.camel.component.undertow.spi.ProviderWithServletTest
Error: undertow] [ERROR] org.apache.camel.component.undertow.spi.ProviderWithServletTest.test -- Time elapsed: 0.008 s <<< ERROR!
java.lang.NoSuchMethodError: 'io.undertow.server.session.SessionCookieConfig io.undertow.server.session.SessionCookieConfig.setPath(java.lang.String)'
	at io.undertow.servlet.spec.SessionCookieConfigImpl.setPath(SessionCookieConfigImpl.java:130)
	at io.undertow.servlet.spec.ServletContextImpl.<init>(ServletContextImpl.java:138)
	at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:154)
	at org.apache.camel.component.undertow.DefaultUndertowHost.registerHandler(DefaultUndertowHost.java:159)
	at org.apache.camel.component.undertow.DefaultUndertowHost.registerHandler(DefaultUndertowHost.java:105)
	at org.apache.camel.component.undertow.UndertowComponent.registerEndpoint(UndertowComponent.java:377)
	at org.apache.camel.component.undertow.UndertowConsumer.doStart(UndertowConsumer.java:134)
	at org.apache.camel.support.service.BaseService.start(BaseService.java:123)
	at org.apache.camel.support.service.ServiceHelper.startService(ServiceHelper.java:127)
	at org.apache.camel.impl.engine.AbstractCamelContext.startService(AbstractCamelContext.java:3521)
	at org.apache.camel.impl.engine.InternalRouteStartupManager.doStartOrResumeRouteConsumers(InternalRouteStartupManager.java:430)
	at org.apache.camel.impl.engine.InternalRouteStartupManager.doStartRouteConsumers(InternalRouteStartupManager.java:346)
	at org.apache.camel.impl.engine.InternalRouteStartupManager.safelyStartRouteServices(InternalRouteStartupManager.java:222)
	at org.apache.camel.impl.engine.InternalRouteStartupManager.doStartOrResumeRoutes(InternalRouteStartupManager.java:132)
	at org.apache.camel.impl.engine.AbstractCamelContext.doStartCamel(AbstractCamelContext.java:3127)
	at org.apache.camel.impl.engine.AbstractCamelContext.doStartContext(AbstractCamelContext.java:2738)
	at org.apache.camel.impl.engine.AbstractCamelContext.doStart(AbstractCamelContext.java:2693)
	at org.apache.camel.support.service.BaseService.start(BaseService.java:123)
	at org.apache.camel.impl.engine.AbstractCamelContext.start(AbstractCamelContext.java:2279)
	at org.apache.camel.impl.DefaultCamelContext.start(DefaultCamelContext.java:213)
	at org.apache.camel.test.junit6.util.CamelContextTestHelper.startCamelContext(CamelContextTestHelper.java:231)
	at org.apache.camel.test.junit6.util.CamelContextTestHelper.startCamelContextOrService(CamelContextTestHelper.java:249)
	at org.apache.camel.test.junit6.TransientCamelContextManager.tryStartCamelContext(TransientCamelContextManager.java:180)
	at org.apache.camel.test.junit6.TransientCamelContextManager.initialize(TransientCamelContextManager.java:131)
	at org.apache.camel.test.junit6.TransientCamelContextManager.createCamelContext(TransientCamelContextManager.java:66)
	at org.apache.camel.test.junit6.CamelTestSupport.setUp(CamelTestSupport.java:150)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)

@dependabot @apupier
chore(deps): Bump io.undertow:undertow-core and
833e7b5 
io.undertow.ee:undertow-servlet

Bumps [io.undertow:undertow-core](https://github.com/undertow-io/undertow)
from 2.4.0.Alpha1 to 2.4.0.Beta2.
- [Release notes](https://github.com/undertow-io/undertow/releases)
- [Commits](undertow-io/undertow@2.4.0.Alpha1...2.4.0.Beta2)

---
updated-dependencies:
- dependency-name: io.undertow:undertow-core
  dependency-version: 2.4.0.Beta2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Bump io.undertow.ee:undertow-servlet from 2.0.0.Alpha2 to 2.0.0.Beta2

Signed-off-by: dependabot[bot] <support@github.com>
@apupier apupier force-pushed the dependabot/maven/io.undertow-undertow-core-2.4.0.Beta2 branch from ef0011e to 833e7b5 Compare March 6, 2026 14:45
@apupier
Copy link
Contributor

apupier commented Mar 6, 2026

the update of io.undertow.ee:undertow-servlet from 2.4.0Alpha2 to 2.0.0.Beta2 must be done at the same time than undertow-core

@apupier
Copy link
Contributor

apupier commented Mar 6, 2026

seems we need a new release of cxf-rt-transports-http-undertow:

java.lang.NoSuchMethodError: 'io.undertow.server.session.SessionCookieConfig io.undertow.server.session.SessionCookieConfig.setPath(java.lang.String)'
	at io.undertow.servlet.spec.SessionCookieConfigImpl.setPath(SessionCookieConfigImpl.java:130)
	at io.undertow.servlet.spec.ServletContextImpl.<init>(ServletContextImpl.java:138)
	at io.undertow.servlet.core.DeploymentManagerImpl.deploy(DeploymentManagerImpl.java:154)
	at org.apache.cxf.transport.http_undertow.UndertowHTTPServerEngine.buildServletContext(UndertowHTTPServerEngine.java:225)
	at org.apache.cxf.transport.http_undertow.UndertowHTTPServerEngine.addServant(UndertowHTTPServerEngine.java:158)
	at org.apache.cxf.transport.http_undertow.UndertowHTTPDestination.activate(UndertowHTTPDestination.java:154)
	at org.apache.cxf.transport.AbstractObservable.setMessageObserver(AbstractObservable.java:53)
	at org.apache.cxf.binding.AbstractBindingFactory.addListener(AbstractBindingFactory.java:95)
	at org.apache.cxf.jaxrs.JAXRSBindingFactory.addListener(JAXRSBindingFactory.java:91)
	at org.apache.cxf.endpoint.ServerImpl.start(ServerImpl.java:130)
	at org.apache.cxf.jaxrs.JAXRSServerFactoryBean.create(JAXRSServerFactoryBean.java:207)
	at org.apache.camel.component.cxf.jaxrs.CxfRsProducerStreamCacheTest.startRsEchoServer(CxfRsProducerStreamCacheTest.java:73)

the main branch already upgraded to 2.0.0.Beta2 of undertow-servlet https://github.com/apache/cxf/blame/38494776241f9bfdb78528939ed28b619f5f2259/parent/pom.xml#L230

or maybe we could force the usage of 2.0.0.Beta2. i tis a bit ugly but could work and it is used in tests only in cxf

This was referenced Mar 6, 2026
Closed
Closed
@gnodet gnodet mentioned this pull request Mar 9, 2026
Merged
@gnodet
Copy link
Contributor

gnodet commented Mar 9, 2026

Superseded by #21869 which bumps both undertow-core and undertow-ee together to RC1.

@gnodet gnodet closed this Mar 9, 2026
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 9, 2026

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@dependabot dependabot bot deleted the dependabot/maven/io.undertow-undertow-core-2.4.0.Beta2 branch March 9, 2026 13:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@apupier apupier apupier requested changes

@oscerd oscerd oscerd approved these changes

Assignees

No one assigned

Labels

core-build-and-dependencies dependencies Pull requests that update a dependency file java Pull requests that update Java code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@apupier @gnodet @oscerd