CIB seven 2.1.4 CE+ - Release Notes
Release Notes
Release Date: February 19, 2026
Highlights
- Updated CIB seven to resolve CVE in third party libraries
- Multi-engine support: Use the base REST URL for the “default” engine (omitting the
/engine/defaultsuffix) to provide a fallback forCIB seven 2.1.3implementations that require an explicit engine definition.
Technical Updates
Dependency Updates
- Update
Spring Bootfrom3.5.9to3.5.10 - Update
tomcatfrom10.1.49to10.1.52 - Update
nodejsfrom20.14.0to24.13.1 - Update
npmfrom10.7.0to11.8.0 - Update
wildflyfrom37.0.1.Finalto39.0.1.Final - Update
wildfly.corefrom29.0.1.Finalto31.0.3.Final
Resolved CVE Vulnerabilities
Critical Severity
- CVE-2025-15467 - CVSS 9.8. affects 2 packages:
libcrypto3,libssl3 - CVE-2025-12543 - CVSS 9.6. Package:
io.undertow:undertow-core
High Severity
- CVE-2024-3884 - CVSS 7.5. Package:
io.undertow:undertow-core - CVE-2024-4027 - CVSS 7.5. Package:
io.undertow:undertow-core - CVE-2025-9784 - CVSS 7.5. Package:
io.undertow:undertow-core - CVE-2025-23368 - CVSS 8.1. Package:
org.wildfly.core:wildfly-elytron-integration - CVE-2025-69419 - CVSS 7.4. affects 2 packages:
libcrypto3,libssl3 - CVE-2025-69421 - CVSS 6.5. affects 2 packages:
libcrypto3,libssl3 - CVE-2026-21932 - CVSS 7.4. Package:
openjdk21-jre-headless - CVE-2026-21945 - CVSS 7.5. Package:
openjdk21-jre-headless
Medium Severity
- CVE-2025-58057 - CVSS 7.5. Package:
io.netty:netty-codec - CVE-2025-67735 - CVSS 6.5. Package:
io.netty:netty-codec-http - CVE-2026-1002 - Package:
io.vertx:vertx-core - CVE-2025-11187 - CVSS 6.1. affects 2 packages:
libcrypto3,libssl3 - CVE-2025-15468 - CVSS 5.9. affects 2 packages:
libcrypto3,libssl3 - CVE-2025-15469 - CVSS 5.5. affects 2 packages:
libcrypto3,libssl3 - CVE-2025-66199 - CVSS 5.9. affects 2 packages:
libcrypto3,libssl3 - CVE-2025-68160 - CVSS 4.7. affects 2 packages:
libcrypto3,libssl3 - CVE-2025-69418 - CVSS 4.0. affects 2 packages:
libcrypto3,libssl3 - CVE-2025-69420 - CVSS 5.9. affects 2 packages:
libcrypto3,libssl3 - CVE-2026-22795 - CVSS 5.5. affects 2 packages:
libcrypto3,libssl3 - CVE-2026-22796 - CVSS 5.9. affects 2 packages:
libcrypto3,libssl3 - CVE-2026-21925 - CVSS 4.8. Package:
openjdk21-jre-headless - CVE-2026-21933 - CVSS 6.1. Package:
openjdk21-jre-headless
Low Severity
- CVE-2026-1225 - Package:
ch.qos.logback:logback-core - CVE-2025-58056 - CVSS 7.5. Package:
io.netty:netty-codec-http