We are currently running on Wildfly 9.0.2 with undertow 1.2.9 and we just discovered that it suffers from the Directory traversal vulnerability as described below.

[WFLY-9620] ServletContext.getResourceAsStream, for deployments which have (Java EE) servlet overlays, serves files whic…

The fix for this issue was implemented in Wildfly 12.0.0. Since the bug was in the underlying undertow libraries, can we just not upgrade to the undertow libraries containing the fix without upgrading to wildfly 12.0.0? If yes, what version of undertow should we be upgrading to and is that version of undertwo compatible with wildfly 9.0.2?

Thanks

Vineet