JBoss Enterprise Application Platform 7.4 Update 7 Release Notes

Updated -

In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.

Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.

For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+

This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 06

Download JBoss Enterprise Application Platform 7.4 Update 7

This update includes fixes for the following security related issues:

ID Component Summary
CVE-2022-25857 REST snakeyaml: Denial of Service due missing to nested depth limitation for collections.
CVE-2022-2053 Undertow undertow: Large AJP request may cause DoS
CVE-2022-1259 Server undertow: potential security issue in flow control over HTTP/2 may lead to DOS (incomplete fix for CVE-2021-3629)



This update includes the following bug fixes or changes:

ID Component Summary
JBEAP-19742 SIGSEGV in libaio when running RHEL 7.8
JBEAP-9505 ActiveMQ Artemis is not fully-JTA 1.2 compliant XAResource
JBEAP-23783 EJB EJBCLIENT-424 - EJB remote invocation response payload contain ContextData not part of 'jboss.returned.keys'
JBEAP-23804 EJB EJBCLIENT-425 - EJB client API does not delete ContextData that has been removed on the server side
JBEAP-23842 EJB WEJBHTTP-83 - WF Http EJB Client does not delete ContextData that has been removed on the server side
JBEAP-23784 EJB WFLY-16567 - EJB response contain ContextData that has been removed on the server side
JBEAP-23818 EJB WFLY-16607 - Application deployment fails with EJB components in EAP 7.4 Update 5 and works fine with Update 1
JBEAP-23836 EJB WFLY-16666 - Do not use component class as superclass for local home interface proxy
JBEAP-23880 Hibernate HHH-15425 - org.hibernate.QueryException: could not resolve property is thrown when Hibernate criteria tries to select the id of an association annotated with @NotFound
JBEAP-23909 JCA Reset autocommit during cleanup part 2 - use property to disable [details]
JBEAP-22461 JMS Change the default value of verifyHost parameter in connectors
JBEAP-23771 JSF JSF AttachedObjectListHolder IndexOutOfBounds fix #4260
JBEAP-23825 Management WFCORE-5970 - Server does not start when configuration file is a soft link to a file outside of the server configuration directory
JBEAP-21340 Management WFCORE-5527 - WFLYDR0010: Couldn't delete content .../domain/data/content/ed: java.nio.file.DirectoryNotEmptyException:...
JBEAP-23781 Management WFCORE-5960 - relative-to="jboss.domain.base.dir" is not set correctly
JBEAP-23789 REST RESTEASY-3155 - Resteasy concurrency issue with JDK 17
JBEAP-12458 Remoting WFCORE-5958 - The warning message when changing worker of remoting endpoint is not fully correct
JBEAP-22979 Scripts Failed to start JBoss EAP using with jbcs-jsvc-1.2.4-SP10-win6-x86_64
JBEAP-23684 Security SNICombinedWithALPNTestCase fails with security manager on OpenJDK 17
JBEAP-23793 Security ELY-2358 - Option extract-rdn selects the rightmost matching RDN instead of the leftmost one
JBEAP-23616 Server WFCORE-5927 - Misleading message for embedded server configuration file
JBEAP-23729 Undertow UNDERTOW-2104 - JSP compilation error when using inner classes
JBEAP-23873 Undertow UNDERTOW-2124 - ProgramaticLazyEndpointTest and BinaryEndpointTest failures with JDK-17
JBEAP-23732 Undertow WFLY-16464 - SSO not require restart
JBEAP-23868 VFS WFLY-16322 - ClassCastException VirtualJarInputStream cannot be cast to VirtualFile due to "JDK-8273655 content-types.properties files are missing some common types"
JBEAP-23617 Web Console HAL-1793 - Console shows "Statistics Disabled" but "wildfly.statistics-enabled" is set


Installation

Note: This update should only be applied to installer or zip-based installations.

To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:

bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.7-patch.zip"

To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:

bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.7-patch.zip"

These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide

Notes