Reputation: 622
Wildfly security/bugfix updates
I've been using Wildfly for a couple of years, but still cannot understand it's update policy.
As far as I see, it doesn't install any updates automagically. Wildfly.org doesn't have any updates, except for patch to next release. I could google nothing about security patches.
So, the question is: is it unsafe to expose Wildfly to Internet? I do not believe in software without security bugs.
Well, if there are NO security updates for months, I'm not sure it is safe even for large Intranet. :(
Am I missing something?
Update: judging by cvedetails.com there were no vulnerabilities in releases. Wow! (but still, what if?)
Upvotes: 2
Views: 1887
Answers (1)
Reputation: 1807
Wildfly is the community project of JBoss Application Server. They only release from time to time a new version that includes fixes and therewith also security patches.
If you need recent patches you will want to buy the corresponding Red Hat Enterprise Application Platform (EAP) release. This will get you patches for each version (including security patches). For JBoss EAP 7.0 you have for example 25 patches (and each patch includes up to hundred jar files and has a size of about 100 MB) that address up to 22 security advisories.
Upvotes: 2
Related Questions
- Wildfly Security Constraint Ignored
- wildfly 25 JSF Security
- WildFly Jakarta EE and legacy projects
- Reliable 2018 statistics study/report on WildFly version usage in 2018/2019
- SpringSecurity error on Wildfly
- Wildfly Security Manager : Permission failed for javax.management.MBeanPermission
- WildFly dependencies
- Wildfly, JAAS and SecurityContext
- WildFly 8 patching
- Wildfly 8 - ejb client issues