JBoss Enterprise Application Platform 7.4 Update 6 Release Notes

Updated -

In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.

Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.

For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+

This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 05

Download JBoss Enterprise Application Platform 7.4 Update 6

This update includes fixes for the following security related issues:

ID Component Summary
CVE-2022-24823 Server netty: world readable temporary file containing sensitive data
CVE-2022-25647 Server com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson
CVE-2021-44906 Server org.jboss.hal-hal-parent: minimist: prototype pollution

This update includes the following bug fixes or changes:

ID Component Summary
JBEAP-23423 Batch JBERET-543 - sql/jberet.ddl used for database MariaDB instead of sql/jberet-mysql.ddl
JBEAP-21249 Clustering CNFE ManageableThreadPoolExecutorService from Module "org.infinispan"
JBEAP-18799 Clustering Clustering: com.microsoft.sqlserver.jdbc.SQLServerException in SQL Server tests
JBEAP-23510 EJB NPE when EJB Database Timer Persistence adjustCreateAutoTimerStatement is called
JBEAP-23522 EJB WFLY-16298 - Improve performance related to TimerServiceImpl#scheduledTimerFutures
JBEAP-23622 EJB WEJBHTTP-80 - Ejb over http and picketbox stop working with ejb client bom 7.4.3.GA on port 80
JBEAP-16680 IO WorkerResourceDefinition.WorkerWriteAttributeHandler implementations incorrectly handle undefined values
JBEAP-23506 JCA JBJCA-1362 - NPE from SemaphoreConcurrentLinkedDequeManagedConnectionPool.returnForFrequencyCheck
JBEAP-23502 JCA WFLY-16272 - Using an expression in use-java-context for a datasource results in IllegalArgumentException for certain console commands
JBEAP-14177 JMS CLI operation list-prepared-transaction-jms-details-as-json returns Object.toString() instead of Json string
JBEAP-23564 JPA/Hibernate HHH-12338 - Incorrect metamodel for basic collections
JBEAP-23519 JSF JSF application undeploy generates SEVERE log entries
JBEAP-3029 Management Referrals 'throw' does not work correctly for ldap authentication to mgmt console with MS Active Directory
JBEAP-922 Migration [Migration operation] [Web to Undertow] truststore - keystore-password does it really needs to be mandatory?
JBEAP-11074 Remoting Operation removing http-connector requires full server reload but does not change the server state accordingly
JBEAP-23523 Remoting REM3-391 - Remove the lock around Endpoint connection creation
JBEAP-15649 Scripts Check and consider to put escaped quotes (\") back to the -Xloggc in standalone.sh
JBEAP-12448 Scripts standalone.bat script does not parse JAVA_OPTS containing '|' symbol properly
JBEAP-4869 Security PicketLink - SAMLStatusResponseTypeParser.parseStatus fails on IBM JDK (SAMLSloResponseParserTestCase#testSLOResponseFromSalesforce)
JBEAP-3030 Security Referrals roles assignment for referral user does not work for LdapExtLoginModule with Active Directory
JBEAP-20152 Security SASL configuration fails with NPE
JBEAP-3026 Security SECURITY-975 - Default distinguishedNameAttribute value of LdapExtLoginModule causes not working referrals on MS Active Directory
JBEAP-23621 Security WFCORE-5650 - Adding management user newly requires reload
JBEAP-15378 Security PLINK-734 - IdentityUrl element has changed but XSD schema not
JBEAP-15388 Security StaxUtil should write namespaces firstly for IBM JDK (WSTrustRenewTargetParsingTestCase#testWST_ResponseRenew)
JBEAP-4868 Security XML processing in SAMLParserUtil fails on IBM JDK (SAMLAssertionParserTestCase#showParserIsFailingWithEmptyAttributeValue)
JBEAP-23570 Security ELY-2308 ELY-2315 - Digest authentication fails for encoded queries
JBEAP-23689 Security WFCORE-5936 - Ldap authentication using referrals fails on JDK 17 with ApacheDS
JBEAP-23496 Security libwfssl.so doesn't get autmatically loaded on RHEL 9
JBEAP-18546 Security Inconsistent parameter count between in PicketLink request wrapper
JBEAP-15066 Server Cover possible error when host controllers can not connect to domain after creating a rollout plan and restarting the master host controller
JBEAP-21478 Server The Bouncy Castle bcmail module is missing the java.se dependency
JBEAP-23725 Test Suite Test EAP on RHEL9
JBEAP-23525 Undertow UNDERTOW-2069 - Filter.destroy can deadlock with running filter on shutdown
JBEAP-23524 Undertow UNDERTOW-2070 - Empty reply from Undertow if sendRedirect is called after setting content length
JBEAP-23581 Undertow UNDERTOW-2094 - Bad relative redirect is generated if app is mapped to trailing slash context
JBEAP-23796 Undertow UNDERTOW-2116 - java.lang.AssertionError: Content-Encoding header should be defined
JBEAP-12293 Web Console Cannot add new credential store with credential reference store field
JBEAP-12414 Web Console Patching via Management Console double-prompts user to restart
JBEAP-12001 Web Console Unnecessary add and remove button for main-administrator role.
JBEAP-13587 Web Console When editing Elytron Policy in Web Console, policy attribute values are getting lost
JBEAP-13766 Web Services Allow to use remapped elytron application security domain
JBEAP-23190 Web Services CXF-8655 - Incorrect XSD resolution when the file name is the same in different folders


Note: This update should only be applied to installer or zip-based installations.

To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:

bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.6-patch.zip"

To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:

bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.6-patch.zip"

These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide