JBoss Enterprise Application Platform 7.4 Update 3 Release Notes
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 02
Download JBoss Enterprise Application Platform 7.4 Update 3
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2021-20318 | JMS | Incomplete fix of CVE-2016-4978 in HornetQ library |
| CVE-2021-3859 | Undertow | undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2 |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| JBEAP-22850 | WEJBHTTP-65 - PoolAuthenticationContext incompatible with Elytron Web 1.9.2.Final | |
| JBEAP-21218 | A-MQ7 | WFLY-14408 - journal-import command fails if in-vm connector has a server-id other than "0" |
| JBEAP-22538 | ActiveMQ | JBoss EAP does not allow setting of routing-type on core bridges [details] |
| JBEAP-22645 | ActiveMQ | WFLY-15597 - Can't create a pooled CF with a discovery group |
| JBEAP-21124 | CDI / Weld | Anything in jboss-all.xml after |
| JBEAP-23184 | Clustering | JBEAP-22636 - "ISPN000073: Unexpected error while replicating: java.util.ConcurrentModificationException" happens in org.wildfly.clustering.marshalling.spi.util.MapExternalizer.writeMap() |
| JBEAP-21934 | Clustering | JGroups AZURE_PING cannot specify independent cloud EndpointSuffix |
| JBEAP-22092 | EJB | EJB Timers out of sync within cluster causing inexistent timer to be triggered |
| JBEAP-20981 | EJB | EJBCLIENT-415 - Improve logging when client trying to connect with wrong protocol |
| JBEAP-22557 | EJB | WFLY-15372 Remove the use of TimerHandle in ejb timer management operations |
| JBEAP-22612 | EJB | contention due to the synchronized block in TimerServiceImpl.getTimers() |
| JBEAP-19093 | EJB | memory growth when starting huge number of EJB timers on EAP |
| JBEAP-21384 | Hibernate | HHH-14540 - Interceptor instance is shared between ORM session and Enver's temporary session resulting in multiple calls. |
| JBEAP-22438 | JCA | JBJCA-1429 - Connection leak following transaction timeout during XAResource enlistment |
| JBEAP-22165 | JMS | JmsXA connection factory not binding to java:jboss/DefaultJMSConnectionFactory |
| JBEAP-22505 | JPA/Hibernate | WFLY-14923 - Update JPA handling to support initialize-in-order [details] |
| JBEAP-22401 | REST | RESTEASY-2997 - RESTEASY003210 is appeared in response body when request resource is not found |
| JBEAP-22569 | Remoting | XNIO-388 - IOException Broken pipe error on JsseSslConduitEngine.doFlush when closing connection |
| JBEAP-8360 | Scripts | Escape Windows service.bat arguments |
| JBEAP-23015 | Scripts | Can't write/acquire credentials from a store using the elytron-tool script |
| JBEAP-22348 | Security | Fix FIPS detection so that it also works with Java 17 |
| JBEAP-22822 | Security | Update ElytronHttpExchange#getRequestURI to no longer use the 7 argument URI constructor |
| JBEAP-20627 | Security | ELY-1626 - Programmatic web authentication (HttpServletRequest.login()) does not trigger sso |
| JBEAP-22261 | Security | WFLY-15038 - Kerberos authenticated database connections (e.g. to SQL Server) not reusable when using legacy security and remote EJBs |
| JBEAP-22599 | Server | XP should not warn about use of an EAP micro later than its base but in the same minor stream |
| JBEAP-22657 | Undertow | UNDERTOW-1883 - Enable mod_cluster proxy to register apps in stopped or disabled state |
| JBEAP-22460 | Undertow | UNDERTOW-1964 - IPAddressAccessControlHandler (ip-access-control) stops working when ProxyPeerAddressHandler (proxy-address-forwarding="true") is enabled on listener and the X-Forwarded-For request header contains multiple IP addresses |
| JBEAP-22679 | Undertow | UNDERTOW-1984 - GOAWAY sent by HTTP2 server when a RST is sent after upgrade |
| JBEAP-22735 | Undertow | UNDERTOW-1989 - JNDI lookup of 'java:module' namespace fails with NameNotFoundException from AsyncContext |
| JBEAP-20813 | Web Services | Regression failures when deploy JMS webservice endpoint and session endpoint |
| JBEAP-22574 | mod_cluster | MODCLUSTER-731 - Adding a non-started context should register the context in stopped stage |
| JBEAP-21289 | mod_cluster | WFLY-14121 - Starting JBoss in suspended mode and mod_cluster |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.3-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.3-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
Notes
- OpenJ9 images for IBM Z and IBM Power Systems are deprecated, OpenJDK11 is now supported on x86 (x86_64), s390x (IBM Z) and ppc64le (IBM Power Systems). If you want to use the OpenJ9 Java Virtual Machine (JVM) with the OpenJDK11 images, see Java Change in Power and Z OpenShift Images.
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- The Helm Chart for JBoss EAP 7.4 / JBoss EAP XP 3 allows to build and deploy applications on OpenShift using Helm package manager
- The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
Comments