I was wondering, even in the latest version of wildfly 11 is Picketlink 2.5.5.SP8 is affected by https://www.cvedetails.com/cve/CVE-2015-0277/ ?
I think it's better to ask this in the wildfly-dev mailing list wildfly-dev Info Page where the developers who know more about PicketLink status in context of WildFly, would be able to respond.
Pedro claimed in past  fix is in product version. Though can't find commit for upstream version now.
Retrieving data ...