JBoss Enterprise Application Platform 8.0 Update 2 Release Notes

Updated -

In order to better meet customer expectations, micro releases for JBoss EAP 8 have been discontinued and replaced with updates delivered on a repeating schedule.

Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.

This update includes all fixes and changes from JBoss Enterprise Application Platform 8.0 Update 1.1

Download JBoss Enterprise Application Platform 8.0 Update 2

This update includes fixes for the following security related issues:

ID Component Impact Summary
CVE-2024-1233 Security Moderate eap: JBoss EAP: wildfly-elytron has a SSRF security issue
CVE-2024-1102 Server Moderate jberet-core: jberet: jberet-core logging database credentials
CVE-2023-4503 Server Moderate eap-galleon: custom provisioning creates unsecured http-invoker
CVE-2023-6236 Security Moderate eap: JBoss EAP: OIDC app attempting to access the second tenant, the user should be prompted to log

This update includes the following bug fixes or changes:

ID Component Summary
JBEAP-25239 A-MQ RA JBoss throws UnknownHostExceptions and XARecovery fails when Connected to an AMQ Cluster in OpenShift
JBEAP-25252 A-MQ7 ENTMQBR-8489 - Unhandled NullPointerException in JournalTransaction::forget
JBEAP-25230 ActiveMQ AMQ212051: Invalid concurrent session usage.
JBEAP-25489 ActiveMQ Artemis is logging warnings during clean shutdown of server in cluster
JBEAP-26036 Batch WFCORE-6592 - Not possible to add new thread factory to batch-jberet subsystem
JBEAP-26691 BootableJar Bootable JAR deployments cannot use the System.Logger
JBEAP-26953 BootableJar Bootable jar app on Operator: No deployment content with hash yyy
JBEAP-26846 BootableJar org.wildfly.core:wildfly-jar-boot artifact is missing from the EAP8 manifest
JBEAP-25588 CDI / Weld Memory leak on :reload operation
JBEAP-26042 Clustering Hotrod : Cache inconsistency
JBEAP-26017 Clustering ISPN-15310 - Duplicated classes in infinispan-objectfilter-14.0.17.Final-redhat-00002.jar and jackson-core-2.15.2.redhat-00001.jar
JBEAP-26212 Clustering ISPN-15368 - Eliminate repeatedly created ThreadGroups
JBEAP-26658 Clustering Regression due to SSLHandshakeException affecting HotRod client when connecting to remote Infinispan
JBEAP-25488 Clustering WFLY-18384 - [CLUSTERING] File containing session data is never shrunk or deleted
JBEAP-26114 Clustering Client fail rate degradation in tests with Oracle database
JBEAP-26112 Clustering : java.io.InvalidClassException with ORACLE Data store
JBEAP-26404 Clustering Shared distributed session manager triggers duplicate expiration listeners
JBEAP-26325 Clustering max-active-sessions=-1 causes ISPN000424 error for distributable webapp
JBEAP-25790 EJB HotRod calls to remote caches use outdated topology information
JBEAP-26390 EJB EJBCLIENT-531 - Discovery: take static blocklist into account during cluster discovery
JBEAP-25221 EJB WFLY-14769 - Lookup of txn:LocalUserTransaction makes it possible to illegally use UserTransaction in a CMT context
JBEAP-25215 Insights MWTELE-90 - Insights artifacts don't comply with EAP rules for MANIFEST.MF content
JBEAP-26508 Insights Use Bearer token auth instead of Basic token auth
JBEAP-26331 Installer All page warnings should be displayed in the validation
JBEAP-26066 Installer Duplicated mnemonic key on Security domain screen, Property file option
JBEAP-26206 Installer GUI installer throws NPE on Windows when trying to enter path on non-existing drive for settings.xml
JBEAP-26207 Installer GUI installer throws NPE on Windows when trying to enter invalid path to settings.xml
JBEAP-26274 Installer jboss eap installation manager does not handle a zip file
JBEAP-25925 Installer [GUI Installer] Add ability for translations to reference other translations
JBEAP-26161 Installer [GUI Installer] Certificate security configuration creates unnecessary configuration
JBEAP-26784 JCA JCA: make sure WorkManager doesn't relate on jboss-threads executor's blocking API
JBEAP-26751 JCA Connector: restore application security configuration
JBEAP-25266 JCA JBJCA-1471 - Prefill pool after returned connection has been destroyed
JBEAP-26220 JCA WFLY-18703 - Misleading error message for XA DataSource class
JBEAP-26507 JDR JDR not collecting server manifest.yaml
JBEAP-26490 JMS "AMQ229014: Did not receive data from invm:0 within the -1ms connection TTL" occurs due to a race condition
JBEAP-25596 JMS ENTMQBR-8367 - MDB reusing Thread is using wrong transactionTimeout
JBEAP-25942 JMX Thread's context classloader for ServiceMBeanSupport startService is not application module
JBEAP-26687 JPA/Hibernate JakartaEE application client: module "org.hibernate" is not added to classpath
JBEAP-25284 Logging MODULES-439 - Create a delegating LoggerFinder
JBEAP-26026 Logging WFCORE-6589 - MDC is ignored when using Log4J 2 API
JBEAP-25513 MP Metrics Memory leak on app redeploy
JBEAP-26661 Migration Configuration migration to EAP 8 fails if jgroup authentication is configured in EAP 7.4.x configuration files.
JBEAP-26832 Migration Server Migration Tool cannot recognize EAP 8 Update X
JBEAP-26194 Modules WFCORE-6697- list-resource-loader-paths fails with MalformedURLException
JBEAP-25694 OpenShift EAP8 env properties overwriting
JBEAP-26694 Packaging and Installing Feature pack is installed even if operation is cancelled
JBEAP-26750 Packaging and Installing Manifest file - include some version string in the name field
JBEAP-26290 Packaging and Installing Reverting an update doesn't use the cache.
JBEAP-26449 Packaging and Installing Unnecessary fields in .installation/manifest.yaml file of installation manager
JBEAP-24913 Packaging and Installing WFCORE-6559 - PowerShell support for Prospero integration
JBEAP-26324 Packaging and Installing WFCORE-6653 - Missing maven-repo-files description on the help of management CLI installer command
JBEAP-25939 Packaging and Installing [jboss-eap-installation-manager] Some use cases don't work with the current channel blocklist implementation.
JBEAP-26805 Packaging and Installing installer-channels.yaml file created by jboss-eap-installation-manager uses wrong property name noStreamStrategy
JBEAP-26022 Packaging and Installing license.xml has different line endings when provisioned on Windows
JBEAP-26785 Packaging and Installing Add ability to modify provisioning configuration when installing certain feature packs
JBEAP-27003 Packaging and Installing Different manifest content in EAP 8.0.2.GA-CR1 and Maven repository ZIP bit
JBEAP-25770 Packaging and Installing Different metadata after Prospero installation on Windows
JBEAP-26480 Packaging and Installing Prospero - add a flag to print debug statements in console
JBEAP-26451 Packaging and Installing Prospero revert operation doesn't change the installation-channels.yaml file
JBEAP-26402 Packaging and Installing [jboss-eap-installation-manager] .installation/.cache/artifacts.txt with non-expected content breaks Prospero
JBEAP-26951 Packaging and Installing [jboss-eap-installation-manager] Revert on fresh EAP install brings unexpected changes
JBEAP-26881 Packaging and Installing [jboss-eap-installation-manager] When adding feature pack, message about conflicts mentions "update"
JBEAP-26938 Packaging and Installing [jboss-eap-installation-manager] When installing XP 5 on top of existing EAP, XP lifecycle notice is not presented to user
JBEAP-26127 REST Predicates not applied correctly to gzip filters
JBEAP-25293 REST RESTEasy StringTextStar provider can produce not-valid output
JBEAP-26037 Scripts WFCORE-4296 - Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions when started by ps1 script
JBEAP-26625 Scripts WFCORE-6531 - standalone.sh and possibly other scripts usage of eval
JBEAP-26354 Security ELY-2538 - Provide a possibility for a caching realm to authenticate users with underlying realm when credential verification with cached credential fails
JBEAP-26646 Security ELYWEB-222 - Add a test for single sign on across two apps
JBEAP-26258 Security ELY-2589 - Elytron SSO does not expire other application sessions for session invalidation like Undertow SSO promptly following sessionid change
JBEAP-26263 Server EAP core sources contains RH internal certificate installation information
JBEAP-25724 Server GSS (8.0.z) WFCORE-6579 - Use Process Controller log file to capture Host Controller and Managed Servers standard error
JBEAP-26221 Server WFLY-18765 - Missing Locale parameter while calling toUpperCase and toLowerCase methods
JBEAP-26364 Transactions WFTC-141 - Wildfly-transaction-client doesn't log that the transaction timeout wasn't set, when the driver returns false.
JBEAP-26648 Transactions Remove the unsupported compensations API
JBEAP-25237 Transactions WFLY-15609 - There is no cleanup of thread bound transaction timeout override on threads used to run servlets [details]
JBEAP-25880 VFS WFCORE-6524 - Do not duplicate managed deployment in content repository in tmp/vfs/temp directory
JBEAP-25879 VFS managed deployment in content repository duplicated in tmp/vfs/temp directory


Archive / zip / installer based installations

Note: This update zip should only be applied to installer or zip-based installations.

See the documentation: JBoss EAP 8.0 update methods

RPM installations

See the documentation: Updating an RPM installation

OpenShift Container installations

Update the containers to use the latest tag., to be current on OpenJDK and RHEL fixes.