JBoss Enterprise Application Platform 7.4 Update 7 Release Notes
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 06
Download JBoss Enterprise Application Platform 7.4 Update 7
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2022-25857 | REST | snakeyaml: Denial of Service due missing to nested depth limitation for collections. |
| CVE-2022-2053 | Undertow | undertow: Large AJP request may cause DoS |
| CVE-2022-1259 | Server | undertow: potential security issue in flow control over HTTP/2 may lead to DOS (incomplete fix for CVE-2021-3629) |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| JBEAP-19742 | SIGSEGV in libaio when running RHEL 7.8 | |
| JBEAP-9505 | ActiveMQ | Artemis is not fully-JTA 1.2 compliant XAResource |
| JBEAP-23783 | EJB | EJBCLIENT-424 - EJB remote invocation response payload contain ContextData not part of 'jboss.returned.keys' |
| JBEAP-23804 | EJB | EJBCLIENT-425 - EJB client API does not delete ContextData that has been removed on the server side |
| JBEAP-23842 | EJB | WEJBHTTP-83 - WF Http EJB Client does not delete ContextData that has been removed on the server side |
| JBEAP-23784 | EJB | WFLY-16567 - EJB response contain ContextData that has been removed on the server side |
| JBEAP-23818 | EJB | WFLY-16607 - Application deployment fails with EJB components in EAP 7.4 Update 5 and works fine with Update 1 |
| JBEAP-23836 | EJB | WFLY-16666 - Do not use component class as superclass for local home interface proxy |
| JBEAP-23880 | Hibernate | HHH-15425 - org.hibernate.QueryException: could not resolve property is thrown when Hibernate criteria tries to select the id of an association annotated with @NotFound |
| JBEAP-23909 | JCA | Reset autocommit during cleanup part 2 - use property to disable [details] |
| JBEAP-22461 | JMS | Change the default value of verifyHost parameter in connectors |
| JBEAP-23771 | JSF | JSF AttachedObjectListHolder IndexOutOfBounds fix #4260 |
| JBEAP-23825 | Management | WFCORE-5970 - Server does not start when configuration file is a soft link to a file outside of the server configuration directory |
| JBEAP-21340 | Management | WFCORE-5527 - WFLYDR0010: Couldn't delete content .../domain/data/content/ed: java.nio.file.DirectoryNotEmptyException:... |
| JBEAP-23781 | Management | WFCORE-5960 - relative-to="jboss.domain.base.dir" is not set correctly |
| JBEAP-23789 | REST | RESTEASY-3155 - Resteasy concurrency issue with JDK 17 |
| JBEAP-12458 | Remoting | WFCORE-5958 - The warning message when changing worker of remoting endpoint is not fully correct |
| JBEAP-22979 | Scripts | Failed to start JBoss EAP using with jbcs-jsvc-1.2.4-SP10-win6-x86_64 |
| JBEAP-23684 | Security | SNICombinedWithALPNTestCase fails with security manager on OpenJDK 17 |
| JBEAP-23793 | Security | ELY-2358 - Option extract-rdn selects the rightmost matching RDN instead of the leftmost one |
| JBEAP-23616 | Server | WFCORE-5927 - Misleading message for embedded server configuration file |
| JBEAP-23729 | Undertow | UNDERTOW-2104 - JSP compilation error when using inner classes |
| JBEAP-23873 | Undertow | UNDERTOW-2124 - ProgramaticLazyEndpointTest and BinaryEndpointTest failures with JDK-17 |
| JBEAP-23732 | Undertow | WFLY-16464 - SSO not require restart |
| JBEAP-23868 | VFS | WFLY-16322 - ClassCastException VirtualJarInputStream cannot be cast to VirtualFile due to "JDK-8273655 content-types.properties files are missing some common types" |
| JBEAP-23617 | Web Console | HAL-1793 - Console shows "Statistics Disabled" but "wildfly.statistics-enabled" is set |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.7-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.7-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
Notes
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- The Helm Chart for JBoss EAP 7.4 / JBoss EAP XP 3 allows to build and deploy applications on OpenShift using Helm package manager
- The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
- Hibernate Search 5 APIs Deprecated in JBoss EAP 7.4 that will be changed in EAP 8 / Hibernate 6
- The RHSSO Galleon Layer is deprecated in JBoss EAP 7.4, see more details.
- JBoss EAP 7.4 Update 7+ now supports OpenJDK 17, Oracle JDK17 is in technical preview, see configuration changes needed here.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 7
Comments