arquillian-cube icon indicating copy to clipboard operation
arquillian-cube copied to clipboard

Published 20 hours ago verified publisher icon arquillian

Arquillian cube test may fail with newer versions of undertow.

Open jelmew opened this issue 5 years ago • 3 comments

Issue Overview

Withouth specifically specifying Undertow on the classpath, test fail with the error:

java.lang.NoClassDefFoundError: io/undertow/protocols/spdy/SpdyChannel Caused by: java.lang.ClassNotFoundException: io.undertow.protocols.spdy.SpdyChannel

Expected Behaviour

Expecting test to succesfully complete (by either placing the correct undertow on the classpath for arquillian or by being compatible with newer versions).

Current Behaviour

A newer version of Undertow may be on the classpath. For example (undertow-core-2.0.23.Final). This version does not contain SpdyChannel, causing the test to fail.

Steps To Reproduce
  1. [step 1] Place a newer version of undertow-core onthe compile path
  2. [step 2] Run a test. (For example, HelloPodOPenShiftItCase from org.arquillian.cube.openshift.ftest).

jelmew avatar Aug 20 '19 07:08 jelmew

Hi. Any news? i have same exception

voronovmaksim avatar Oct 29 '21 08:10 voronovmaksim

Hi Any update on compatibility with the newer versions of undertow? . Undertow 1.x come with many Vulnerabilities listed below:

  • CVE-2020-10719 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2018-1067 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2021-20220 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2019-10212 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2016-6311 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2020-10687 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2019-14888 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2020-27782 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2020-10705 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2020-1745 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2020-1757 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2019-3888 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2021-3597 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2018-14642 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2021-3859 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2018-1114 = io.undertow:undertow-core:1.3.33.Final
  • CVE-2018-1048 = io.undertow:undertow-core:1.3.33.Final

These all vulnerabilities can only get resolved by updated to the 2.x version of undertow. Please make Arquillian cube compatible with the same (undertow 2.x) and maybe update to the same already in the poms.

Sachpat avatar Jul 06 '22 14:07 Sachpat

Hi @Sachpat. Have you tried to overwrite dependency with Undertow 2.x? Does it result in an error?

bartoszmajsak avatar Sep 13 '22 15:09 bartoszmajsak