JBoss Enterprise Application Platform 7.2 Update 2 Release Notes

Updated -

Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:

In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.

Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.

For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+

This update includes all fixes and changes from JBoss Enterprise Application Platform 7.2 Update 01

Download JBoss Enterprise Application Platform 7.2 Update 2

This update includes fixes for the following security related issues:

ID Component Summary
CVE-2019-3888 Web (Undertow) leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed
CVE-2019-3873 Security URL injection via xinclude parameter
CVE-2019-3872 Server reflected XSS in SAMLRequest via RelayState parameter



This update includes the following bug fixes or changes:

ID Component Summary
JBEAP-16619 CDI / Weld org.infinispan.commons.marshall.NotSerializableException: org.jboss.weld.bean.proxy.PrivateMethodHandler
JBEAP-15853 Class Loading WFCORE-4265 - Latest DB2 11.1 JDBC driver requires additional IBM JDK system dependency
JBEAP-15665 Clustering JGRP-2302 - Default ASYM_ENCRYPT asym_keylength is considered breakable
JBEAP-16585 Clustering WFLY-11884 - Mutations following HttpSession.setAttribute(...) lost on failover when using ATTRIBUTE granularity distributed web session with a non-transactional cache
JBEAP-16584 Clustering WFLY-11882 - Mutable getAttribute(...) and setAttribute(...) combination triggers redundant cache operation when using ATTRIBUTE granularity distributed web sessions with a transactional cache
JBEAP-16810 Clustering WFLY-12022 - Concurrent singleton service installation can cause service to run simultaneously on 2 members.
JBEAP-16390 EJB EJBCLIENT-319 - Update affinities on return in NamingEJBClientInterceptor
JBEAP-16057 EJB WFLY-11489 - SFSB not sticky on a single cluster node when clustering of the bean is disabled [details]
JBEAP-16341 EJB WFLY-11682 - Clustered SLSB membership anomalies when all cluster members removed
JBEAP-16891 EJB WFLY-12064 - SFSBs left in invalid/inconsistent state if @PrePassivate throws an exception/error.
JBEAP-16716 EJB WFDISC-34 - Add ability to perform a service discovery with timeout
JBEAP-16699 EJB WEJBHTTP-24 - Cannot invoke EJB over HTTP on JDK 11
JBEAP-15737 EJB WFLY-10150 - EJB race condition can cause client to be in awaitResponse while server is done
JBEAP-16509 EJB EJB Client side heartbeat settings not working
JBEAP-16545 EJB EJBCLIENT-324 - Phantom NoSuchEJBExceptions
JBEAP-16690 EJB REM3-331 - Configure the hearbeat timeout by default for auto created remote EJB client connections [details]
JBEAP-16601 EJB SFSB expiration can fail
JBEAP-12237 EJB Too Many Dependencies Error occurs while deploying a large number of SLSBs to EAP 7
JBEAP-16391 EJB WEJBHTTP-23 - EJB contextData not sent back to client in response when using EJB over HTTP
JBEAP-16543 EJB WFLY-11819 - max-allowed-connected-nodes element in jboss-ejb-client.xml not used
JBEAP-16550 EJB WFLY-11848 - EJB WFLYEJB0473: JNDI bindings for ... ejb: is not correct when there is not an appName [details]
JBEAP-16573 EJB WFLY-11866 - Cannot get exception as pass-by-reference [details]
JBEAP-16576 EJB WFLY-11870 - abstract classes with @EJB annotation included in libraries will cause deployment failures [details]
JBEAP-16703 EJB WFLY-11970 - SFSB memory leak due to Date() usage
JBEAP-11207 EJB Setting wrong protocol in EJB client results in client freezeup
JBEAP-16422 Hibernate HHH-12939 Database name not quoted at schema update
JBEAP-16456 Hibernate HHH-13277 - HibernateMethodLookupDispatcher - Issue with Security Manager
JBEAP-16771 Hibernate HHH-13300 Query.getSingleResult() throws org.hibernate.NonUniqueResultException instead of javax.persistence.NonUniqueResultException
JBEAP-16645 Hibernate HHH-13326 Transaction passed to Hibernate Interceptor methods is null when JTA is used
JBEAP-16638 Hibernate HHH-13343 Bytecode enhancement using ByteBuddy fails when the class is not available from the provided ClassLoader
JBEAP-16781 Hibernate HHH-13376 Upgrade Javassist dependency to 3.23.2-GA
JBEAP-16315 Hibernate HHH-13241 / HHH-13138 - Constraint violation when deleting entites in bi-directional, lazy OneToMany association with bytecode enhancement
JBEAP-16478 Hibernate HHH-13266 - LocalDateTime values are wrong around 1900 [details]
JBEAP-16730 Hibernate HHH-13364: Query.getSingleResult and getResultList() throw PessimisticLockException when pessimistic lock fails with timeout [details]
JBEAP-16583 IIOP WFLY-11784 (WF Core part) - app classloader leaked by IIOP WorkCacheManager cache
JBEAP-16465 IIOP WFLY-11784 (WF part) - app classloader leaked by IIOP WorkCacheManager cache
JBEAP-16472 IIOP WFLY-11971 - OpenJDK ORB IndexOutOfBoundsException when when the actionString does not contain any slash character
JBEAP-16722 JCA JBJCA-1388 - Validator is created using rar ClassLoader as the TCCL
JBEAP-16702 JCA WFLY-11974 - resource adapter configured as module not finding validation provider [details]
JBEAP-16535 JSF WFLY-11869 - JSF Session / View Beans @Destroy not invoked after GC
JBEAP-16450 Localization Typo in the ServerLogger for Japanese in WildFly Core
JBEAP-15120 Management WFCORE-3995 - Deployer or Maintainer RBAC role unable to write datasource credential after setting sensitive-classification credential requires-write=false [details]
JBEAP-15755 Management WFCORE-4195 - CLI/Admin Console does not prompt for a reload after adding a new server-group to server-scoped-roles.
JBEAP-16105 Migration WFLY-11584 - Legacy Web migrate op fails if a connector has scheme https and no SSL config
JBEAP-16484 Migration CMTOOL-242 - Unable to migrate EAP 7.1 configuration using the Multi-JSF feature
JBEAP-16679 Modules MODULES-375 - A NullPointerException is thrown when an artifact fails to be resolved
JBEAP-16681 Modules MODULES-382 - Previous stack trace is lost when converting ModuleLoadException to error
JBEAP-16631 Modules MODULES-387 - Expose a classLocation(module-name, class-name) via JMX
JBEAP-16721 Modules WFCORE-4413 - Fix backward compatibility issues of javax.api & javax.sql.api modules
JBEAP-16841 OpenShift [OCP 4.1] Tests using openshift.KUBE_PING are failing
JBEAP-16427 REST RESTEASY-2148 - Add the ability to disable Filename encoding in Content-Disposition
JBEAP-16542 REST RESTEASY-2157 - Resteasy is not able to load the proxy interface
JBEAP-15396 RPM WFCORE-4129 - WFLYSRV0266: Server home is set to... info msg in domain for RPM installation
JBEAP-16469 Remoting JBMAR-222 - JBoss Marshalling - Vector marshalling not serialized
JBEAP-16669 Remoting REM3-330 - Log wildfly-config.xml parsing issue at WARN
JBEAP-16566 Remoting XNIO-336 - Socket accept error should log at ERROR level before closing the channel [details]
JBEAP-16410 Scripts Windows service install script assumes incorrect prunsrv.exe location
JBEAP-16740 Security PicketLink : Change use of HTTP download locations to HTTPS
JBEAP-16741 Security PicketLink bindings: Change use of HTTP download locations to HTTPS
JBEAP-16526 Security Manager WFCORE-4374 - security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does [details]
JBEAP-16816 Server WFCORE-4390 - Introduce COMPONENT_JNDI_DEPENDENCIES attachment key
JBEAP-15939 Server WFCORE-4239 - WARN if system-property is already set and is being overridden
JBEAP-16522 Server WFCORE-4373 - org.jboss.log4j.logmanager module requires java.sql module
JBEAP-16624 VFS JDK 11 Multi-Release jars - Classes for newer versions are not loaded and VFSResourceLoader doesn't take into account the Multi-Release manifest attribute value [details]
JBEAP-16644 Web (Undertow) UNDERTOW-1504 - Move UNDERTOW-1159 configuration property of DeploymentInfo
JBEAP-16395 Web (Undertow) Internal Server Error (500) when using directory-listing in FileHandler
JBEAP-16777 Web (Undertow) UNDERTOW-1504 - Move UNDERTOW-1159 configuration property of DeploymentInfo
JBEAP-16496 Web Console HAL-1570 - Do not automatically set datasource-class at datasource wizard [details]
JBEAP-16534 Web Console HAL-1572 - Console fails to display datasources correctly when a datasource has a property substitution
JBEAP-16719 Web Console HAL-1583 - Management Console says to close the tab to logout, but closing the browser is needed


Note: This update should only be applied to installer or zip-based installations.

To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:

bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.2.2-patch.zip"

To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:

bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.2.2-patch.zip"

These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.2 Patching And Upgrading Guide