2019-05-03 19:25:58
redhat
PUBLISHED
It was discovered that the ElytronManagedThread in Wildflys Elytron subsystem in versions from 11 to 16 stores a SecurityIdentity to run the thread as. These threads do not necessarily terminate if the keep alive time has not expired. This could allow a shared thread to use the wrong security identity when executing.