JBoss Enterprise Application Platform 7.4 Update 3 Release Notes

Updated -

In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.

Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.

For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+

This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 02

Download JBoss Enterprise Application Platform 7.4 Update 3

This update includes fixes for the following security related issues:

ID Component Summary
CVE-2021-20318 JMS Incomplete fix of CVE-2016-4978 in HornetQ library
CVE-2021-3859 Undertow undertow: client side invocation timeout raised when calling EJB over HTTP and HTTP2

This update includes the following bug fixes or changes:

ID Component Summary
JBEAP-22850 WEJBHTTP-65 - PoolAuthenticationContext incompatible with Elytron Web 1.9.2.Final
JBEAP-21218 A-MQ7 WFLY-14408 - journal-import command fails if in-vm connector has a server-id other than "0"
JBEAP-22538 ActiveMQ JBoss EAP does not allow setting of routing-type on core bridges [details]
JBEAP-22645 ActiveMQ WFLY-15597 - Can't create a pooled CF with a discovery group
JBEAP-21124 CDI / Weld Anything in jboss-all.xml after element is ignored
JBEAP-23184 Clustering JBEAP-22636 - "ISPN000073: Unexpected error while replicating: java.util.ConcurrentModificationException" happens in org.wildfly.clustering.marshalling.spi.util.MapExternalizer.writeMap()
JBEAP-21934 Clustering JGroups AZURE_PING cannot specify independent cloud EndpointSuffix
JBEAP-22092 EJB EJB Timers out of sync within cluster causing inexistent timer to be triggered
JBEAP-20981 EJB EJBCLIENT-415 - Improve logging when client trying to connect with wrong protocol
JBEAP-22557 EJB WFLY-15372 Remove the use of TimerHandle in ejb timer management operations
JBEAP-22612 EJB contention due to the synchronized block in TimerServiceImpl.getTimers()
JBEAP-19093 EJB memory growth when starting huge number of EJB timers on EAP
JBEAP-21384 Hibernate HHH-14540 - Interceptor instance is shared between ORM session and Enver's temporary session resulting in multiple calls.
JBEAP-22438 JCA JBJCA-1429 - Connection leak following transaction timeout during XAResource enlistment
JBEAP-22165 JMS JmsXA connection factory not binding to java:jboss/DefaultJMSConnectionFactory
JBEAP-22505 JPA/Hibernate WFLY-14923 - Update JPA handling to support initialize-in-order [details]
JBEAP-22401 REST RESTEASY-2997 - RESTEASY003210 is appeared in response body when request resource is not found
JBEAP-22569 Remoting XNIO-388 - IOException Broken pipe error on JsseSslConduitEngine.doFlush when closing connection
JBEAP-8360 Scripts Escape Windows service.bat arguments
JBEAP-23015 Scripts Can't write/acquire credentials from a store using the elytron-tool script
JBEAP-22348 Security Fix FIPS detection so that it also works with Java 17
JBEAP-22822 Security Update ElytronHttpExchange#getRequestURI to no longer use the 7 argument URI constructor
JBEAP-20627 Security ELY-1626 - Programmatic web authentication (HttpServletRequest.login()) does not trigger sso
JBEAP-22261 Security WFLY-15038 - Kerberos authenticated database connections (e.g. to SQL Server) not reusable when using legacy security and remote EJBs
JBEAP-22599 Server XP should not warn about use of an EAP micro later than its base but in the same minor stream
JBEAP-22657 Undertow UNDERTOW-1883 - Enable mod_cluster proxy to register apps in stopped or disabled state
JBEAP-22460 Undertow UNDERTOW-1964 - IPAddressAccessControlHandler (ip-access-control) stops working when ProxyPeerAddressHandler (proxy-address-forwarding="true") is enabled on listener and the X-Forwarded-For request header contains multiple IP addresses
JBEAP-22679 Undertow UNDERTOW-1984 - GOAWAY sent by HTTP2 server when a RST is sent after upgrade
JBEAP-22735 Undertow UNDERTOW-1989 - JNDI lookup of 'java:module' namespace fails with NameNotFoundException from AsyncContext
JBEAP-20813 Web Services Regression failures when deploy JMS webservice endpoint and session endpoint
JBEAP-22574 mod_cluster MODCLUSTER-731 - Adding a non-started context should register the context in stopped stage
JBEAP-21289 mod_cluster WFLY-14121 - Starting JBoss in suspended mode and mod_cluster


Note: This update should only be applied to installer or zip-based installations.

To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:

bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.3-patch.zip"

To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:

bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.3-patch.zip"

These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide