Update dependency io.undertow:undertow-servlet to v2.3.17.Final

[mend-for-github-com[bot]]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
io.undertow:undertow-servlet (source)	2.2.18.Final -> 2.3.17.Final

---

[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

undertow-io/undertow (io.undertow:undertow-servlet)

### [`v2.3.17.Final`](https://togithub.com/undertow-io/undertow/releases/tag/2.3.17.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.16.Final...2.3.17.Final) Includes CVEs: CVE-2024-7885 ``` Release Notes - Undertow - Version 2.3.17.Final ```

Bug

• [UNDERTOW-2429] - CVE-2024-7885 undertow: Improper State Management in Proxy Protocol parsing causes information leakage

### [`v2.3.16.Final`](https://togithub.com/undertow-io/undertow/releases/tag/2.3.16.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.15.Final...2.3.16.Final) Release Notes - Undertow - Version 2.3.16.Final

Bug

• [UNDERTOW-2256] - Resource predicate presentation differs depending on how it is set up
• [UNDERTOW-2312] - multibytes language in URL request to http/https are broken in EAP access log.
• [UNDERTOW-2381] - Invalid/benevolent hpack decoding of huffman-encoded string literal with EOS symbol
• [UNDERTOW-2424] - Undertow produces malformed Http/1.1 responses under heavy concurrent load
• [UNDERTOW-2425] - io.undertow.servlet.spec.ServletPrintWriter.close() high CPU when encoding characters on previously errored writer

### [`v2.3.15.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.14.Final...2.3.15.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.14.Final...2.3.15.Final) ### [`v2.3.14.Final`](https://togithub.com/undertow-io/undertow/releases/tag/2.3.14.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.13.Final...2.3.14.Final) Includes CVES: CVE-2024-6162 CVE-2024-27316 CVE-2023-5685 ``` Release Notes - Undertow - Version 2.3.14.Final ```

Sub-task

• [UNDERTOW-2400] - ResponseWriterTestCase fails because ServletinputStream is closed before read

Bug

• [UNDERTOW-2332] - CachingResource mishandling with TTL =0 and FS exhaustion
• [UNDERTOW-2334] - CVE-2024-6162 url-encoded request path information can be broken on ajp-listener
• [UNDERTOW-2378] - Adjust properly session timeout also in case when custom auth mechanisms are used
• [UNDERTOW-2383] - Canonicalized query string in redirect location can break included links
• [UNDERTOW-2385] - Memory leak in ThreadLocalCache
• [UNDERTOW-2389] - DefaultByteBufferPool leaks buffers for released threads
• [UNDERTOW-2405] - CVE-2024-27316 HTTP-2: httpd: CONTINUATION frames DoS
• [UNDERTOW-2407] - NullPointerException on DefaultByteBufferPool.close
• [UNDERTOW-2409] - Adjust properly session timeout also in case when GET requests with custom auth mechanisms are used

Component Upgrade

• [UNDERTOW-2391] - CVE-2023-5685 Upgrade XNIO to 3.8.16.Final

Enhancement

• [UNDERTOW-2408] - Make fields final in DefaultByteBufferPool when appliable

### [`v2.3.13.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.12.Final...2.3.13.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.12.Final...2.3.13.Final) ### [`v2.3.12.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.11.Final...2.3.12.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.11.Final...2.3.12.Final) ### [`v2.3.11.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.10.Final...2.3.11.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.10.Final...2.3.11.Final) ### [`v2.3.10.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.9.Final...2.3.10.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.9.Final...2.3.10.Final) ### [`v2.3.9.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.8.Final...2.3.9.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.8.Final...2.3.9.Final) ### [`v2.3.8.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.7.Final...2.3.8.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.7.Final...2.3.8.Final) ### [`v2.3.7.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.6.Final...2.3.7.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.6.Final...2.3.7.Final) ### [`v2.3.6.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.5.Final...2.3.6.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.5.Final...2.3.6.Final) ### [`v2.3.5.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.4.Final...2.3.5.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.4.Final...2.3.5.Final) ### [`v2.3.4.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.3.Final...2.3.4.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.3.Final...2.3.4.Final) ### [`v2.3.3.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.2.Final...2.3.3.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.2.Final...2.3.3.Final) ### [`v2.3.2.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.1.Final...2.3.2.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.1.Final...2.3.2.Final) ### [`v2.3.1.Final`](https://togithub.com/undertow-io/undertow/compare/2.3.0.Final...2.3.1.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.3.0.Final...2.3.1.Final) ### [`v2.3.0.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.36.Final...2.3.0.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.36.Final...2.3.0.Final) ### [`v2.2.36.Final`](https://togithub.com/undertow-io/undertow/releases/tag/2.2.36.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.35.Final...2.2.36.Final) Includes CVES: CVE-2024-7885 ``` Release Notes - Undertow - Version 2.2.36.Final ```

Bug

• [UNDERTOW-2429] - CVE-2024-7885 undertow: Improper State Management in Proxy Protocol parsing causes information leakage

Enhancement

• [UNDERTOW-2432] - Bump javadoc plugin to 3.3.0+ in maintenance branches

### [`v2.2.35.Final`](https://togithub.com/undertow-io/undertow/releases/tag/2.2.35.Final): v.2.2.35.Final [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.34.Final...2.2.35.Final) Release Notes - Undertow - Version 2.2.35.Final

Bug

• [UNDERTOW-2256] - Resource predicate presentation differs depending on how it is set up
• [UNDERTOW-2312] - multibytes language in URL request to http/https are broken in EAP access log.
• [UNDERTOW-2381] - Invalid/benevolent hpack decoding of huffman-encoded string literal with EOS symbol
• [UNDERTOW-2424] - Undertow produces malformed Http/1.1 responses under heavy concurrent load
• [UNDERTOW-2425] - io.undertow.servlet.spec.ServletPrintWriter.close() high CPU when encoding characters on previously errored writer

### [`v2.2.34.Final`](https://togithub.com/undertow-io/undertow/releases/tag/2.2.34.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.33.Final...2.2.34.Final) Includes CVES: CVE-2024-3653 CVE-2024-5971 ``` Release Notes - Undertow - Version 2.2.34.Final ```

Bug

• [UNDERTOW-2033] - secure predicate unreliable with HTTP/2
• [UNDERTOW-2046] - ProxyHandler passes hostname not IP in X-Forwarded-For
• [UNDERTOW-2343] - Zero-Byte Response and Empty Response Code on Page Refresh with Wildfly 30 and Firefox
• [UNDERTOW-2382] - CVE-2024-3653 LearningPushHandler can lead to remote memory DoS attacks
• [UNDERTOW-2397] - Handle Huffman encoding properly
• [UNDERTOW-2413] - CVE-2024-5971 undertow: response write hangs in case of Java 17 TLSv1.3 NewSessionTicket
• [UNDERTOW-2418] - Adjust properly session timeout also in case when FORM is combined with other mechanisms

Documentation

• [UNDERTOW-2193] - UndertowOptions class doesn&#​39;t specify what many size settings represent

Enhancement

• [UNDERTOW-2386] - Update ci.yml link to git docs
• [UNDERTOW-2398] - Tweak workflow to allow manual re-runs

### [`v2.2.33.Final`](https://togithub.com/undertow-io/undertow/releases/tag/2.2.33.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.32.Final...2.2.33.Final) Includes CVES: CVE-2024-6162 CVE-2024-27316 CVE-2023-5685 ``` Release Notes - Undertow - Version 2.2.33.Final ```

Sub-task

• [UNDERTOW-2400] - ResponseWriterTestCase fails because ServletinputStream is closed before read

Bug

• [UNDERTOW-2332] - CachingResource mishandling with TTL =0 and FS exhaustion
• [UNDERTOW-2334] - CVE-2024-6162 url-encoded request path information can be broken on ajp-listener
• [UNDERTOW-2378] - Adjust properly session timeout also in case when custom auth mechanisms are used
• [UNDERTOW-2383] - Canonicalized query string in redirect location can break included links
• [UNDERTOW-2385] - Memory leak in ThreadLocalCache
• [UNDERTOW-2389] - DefaultByteBufferPool leaks buffers for released threads
• [UNDERTOW-2405] - CVE-2024-27316 HTTP-2: httpd: CONTINUATION frames DoS
• [UNDERTOW-2407] - NullPointerException on DefaultByteBufferPool.close
• [UNDERTOW-2409] - Adjust properly session timeout also in case when GET requests with custom auth mechanisms are used

Component Upgrade

• [UNDERTOW-2391] - CVE-2023-5685 Upgrade XNIO to 3.8.16.Final
• [UNDERTOW-2406] - Upgrade XNIO from 3.8.8.Final to 3.8.15.Final

Enhancement

• [UNDERTOW-2291] - Shush the javadoc plugin
• [UNDERTOW-2408] - Make fields final in DefaultByteBufferPool when appliable
• [UNDERTOW-2415] - Disable JDK8 CI tests for Mac OS

### [`v2.2.32.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.31.Final...2.2.32.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.31.Final...2.2.32.Final) ### [`v2.2.31.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.30.Final...2.2.31.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.30.Final...2.2.31.Final) ### [`v2.2.30.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.29.Final...2.2.30.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.29.Final...2.2.30.Final) ### [`v2.2.29.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.28.Final...2.2.29.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.28.Final...2.2.29.Final) ### [`v2.2.28.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.27.Final...2.2.28.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.27.Final...2.2.28.Final) ### [`v2.2.27.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.26.Final...2.2.27.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.26.Final...2.2.27.Final) ### [`v2.2.26.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.25.Final...2.2.26.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.25.Final...2.2.26.Final) ### [`v2.2.25.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.24.Final...2.2.25.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.24.Final...2.2.25.Final) ### [`v2.2.24.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.23.Final...2.2.24.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.23.Final...2.2.24.Final) ### [`v2.2.23.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.22.Final...2.2.23.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.22.Final...2.2.23.Final) ### [`v2.2.22.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.21.Final...2.2.22.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.21.Final...2.2.22.Final) ### [`v2.2.21.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.20.Final...2.2.21.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.20.Final...2.2.21.Final) ### [`v2.2.20.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.19.Final...2.2.20.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.19.Final...2.2.20.Final) ### [`v2.2.19.Final`](https://togithub.com/undertow-io/undertow/compare/2.2.18.Final...2.2.19.Final) [Compare Source](https://togithub.com/undertow-io/undertow/compare/2.2.18.Final...2.2.19.Final)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box