From efad81af2da6f7c6eefe1253c57e6415158a382a Mon Sep 17 00:00:00 2001
From: Thibault Meyer <meyer.thibault@gmail.com>
Date: Tue, 28 Mar 2023 18:55:19 +0200
Subject: [PATCH] Upgrade Undertow version to 2.3.5 (CVE-2022-4492)

The undertow client is not checking the server identity presented by
the server certificate in https connections. This should be performed
by default in https and in http/2.

Signed-off-by: Thibault Meyer <meyer.thibault@gmail.com>
---
 pom.xml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pom.xml b/pom.xml
index 923d434a..88947508 100644
--- a/pom.xml
+++ b/pom.xml
@@ -82,7 +82,7 @@
         <dependency.version.logback>1.4.5</dependency.version.logback>
         <dependency.version.tika>2.7.0</dependency.version.tika>
         <dependency.version.typesafeconfig>1.4.2</dependency.version.typesafeconfig>
-        <dependency.version.undertow>2.3.3.Final</dependency.version.undertow>
+        <dependency.version.undertow>2.3.5.Final</dependency.version.undertow>
 
         <!-- Unit Tests -->
         <dependency.version.hsqldb>2.7.1</dependency.version.hsqldb>