If you find a vulnerability, please send an email to secalert@redhat.com. To expedite things, you can copy Flavia Rainone (frainone@redhat.com). This will ensure the bug is properly handled without causing unnecessary negative impacts for the Undertow's user base. You can find more information about the security procedures at this page.