6.3 Release Notes

JBoss Enterprise Application Platform 6.3

Notable features and fixes for this release. Released August 4, 2014.

Nidhi Chaudhary

Lucas Costi

Russell Dickenson

Sande Gilda

Vikram Goyal

Eamon Logue

Darrin Mison

Scott Mumford

David Ryan

Nidhi Srinivas

Misty Stanley-Jones

Keerat Verma

Tom Wells

Abstract

These release notes contain important information related to Red Hat JBoss Enterprise Application Platform 6.3. Read these Release Notes in their entirety before installing the product.

1. Overview

Red Hat JBoss Enterprise Application Platform 6 (JBoss EAP 6) is Red Hat's response to significant changes in the way organizations develop and deploy enterprise applications. As organizations seek to lower operational costs and reduce time to market for new applications, JBoss EAP 6 has been rebuilt for a vision of the future, boasting an innovative modular, cloud-ready architecture, powerful management and automation, and world class developer productivity.
JBoss EAP 6 is Java EE 6 certified and features powerful yet flexible management, improved performance and scalability, and many new features to improve developer productivity. All with Red Hat's market-leading reputation for certification and support, ensuring your administration and development needs continue to drive forward into the future and beyond.

2. Frequently Asked Questions

Q: What has changed in this release?
Q: Where is the complete suite of documentation?
Q: Where are the upgrade instructions ?
Q: What operating systems, Java Virtual Machines, and database servers is this product supported on?
Q: Is the included H2 database supported in production?
Q: What industry standards does JBoss EAP 6.3.0 support?
Q: What issues might I encounter when migrating to this release?
Q: What components are included in this release and what version are they?
Q: What Tech Previews are included in this release?
Q: Where can I find out more details about my support contract ?
Q: I found a mistake in this document. How do I report it?
Q:
What has changed in this release?
A:
JBoss EAP 6.3.0 includes many improvements and fixes. For specific details see Changes in this Release.
Q:
Where is the complete suite of documentation?
A:
The full JBoss EAP 6.3.0 documentation suite can be found at https://access.redhat.com/site/documentation/JBoss_Enterprise_Application_Platform/.
Q:
Where are the upgrade instructions ?
A:
The upgrade instructions can be found in the Installation Guide.
Q:
What operating systems, Java Virtual Machines, and database servers is this product supported on?
A:
See https://access.redhat.com/site/articles/111663 for a complete list of the operating system, Java Virtual Machine, database server and JDBC driver combinations that have been tested and verified with JBoss EAP 6.3.0.
Q:
Is the included H2 database supported in production?
A:
No. The H2 database is included only for evaluation, testing and demonstration purposes. It is not a supported configuration for a production environment. Refer to https://access.redhat.com/site/solutions/148633 for additional information.
Q:
What industry standards does JBoss EAP 6.3.0 support?
A:
See https://access.redhat.com/site/articles/113373 for a complete list of supported specifications and standards.
Q:
What issues might I encounter when migrating to this release?
A:
See Changes in this Release to learn about the differences between this release of JBoss EAP and previous releases that may cause difficulties when migrating your applications to this version.
Q:
What components are included in this release and what version are they?
A:
See https://access.redhat.com/site/articles/112673 for a complete list of the included components.
Q:
What Tech Previews are included in this release?
A:
JBoss EAP 6.3.0 includes a number of tech preview features. These features are not supported, may not be functionally complete, and are not intended for production use. They are included to provide customers with early access to upcoming product innovations, enabling them to test functionality and provide feedback during the development process.
See Features Provided as Tech Preview Only for a complete list of Technology Preview features in this release.
Q:
Where can I find out more details about my support contract ?
A:
Details of support policies are located at the following URLs:
Q:
I found a mistake in this document. How do I report it?
A:
To provide feedback on this document, file a bug at https://bugzilla.redhat.com and specify the product JBoss Enterprise Application Platform 6, version 6.3.0, and component doc-Release_Notes.

3. New Features

The following new features have been added in JBoss EAP 6.3.
PicketLink Enhancements
Major revision of the PicketLink component of JBoss EAP that brings:
  • Management subsystems for IDP and Federation
  • CDI injection of security configurations
  • Certificate based login with IDP
  • Kerberos based authorization with IDP
  • IDP indicated SSO capability
  • Dynamic Account Chooser at a Service Provider
  • Custom paths to picketlink.xml.
Domain Recovery Improvements
JBoss EAP 6.3 host controllers can now be configured with a backup IP address for a JBoss EAP domain controller. This capability enables administrators to configure automatic failover of host controllers to a backup domain controller, ensuring the availability of the management domain. However, before failover will occur, administrators will still need to manually promote a backup host controller to act as the new Domain Controller.
Support for PKCS11 Keystores
JBoss EAP security domains and the JMS subsystem (HornetQ) have been enhanced to support authorization with PKCS11 keystores in addition to the Java Keystore supported in earlier versions.
Patching Available in Web Management Console
The patching feature introduced in JBoss EAP 6.2 and exposed through the management APIs in JBoss EAP 6.2, is available in the Web Management Console in JBoss EAP 6.3. The capability to install and roll-back patches, as well as view patch state and patch history are available.
New 'Home Page' in Web Management Console
The JBoss EAP Web Management Console now starts with a home page that provides links to the most common administrative functions, easing and speeding navigation through the console.
Testing Datasources in Web Management Console
The Web Management Console now exposes the capability to test datasources, enabling administrators with the proper access rights to ensure that their datasources are connected following creation or before deploying an application.
Top Level Naming Changes
Top level navigational labels have been unified across both standalone and domain modes.
The new labels are:
Configuration
This tab displays persistent configuration regarding profiles.
Runtime
This tab displays runtime information about the server.
Administration
This tab displays access control settings.
Domain
This tab displays domain configuration (domain mode only).
Analytics Collection
The Web Management Console now has the ability to report usage back to Red Hat. Red Hat will use the data to drive usability enhancements in future versions of JBoss EAP. The capability is off by default, and can be enabled in the console setting. Red Hat encourages you to enable the collection of analytical data.
Deployment Overlay Enhancement
Deployment overlays that offered the ability to virtually replace a deployment descriptor in a deployed application have been enhanced with the ability to override a binary of the deployment. This enhancement expands the ability of a system administrator to modify the behavior of an application without modifying the application archive.
Support for Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012 R2 has been tested and added to the supported configurations.
Support for Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 7 has been tested and added to the supported configurations.
Support for PowerPC architecture with Red Hat Enterprise Linux
JBoss EAP 6.3.0 has been tested in Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7 on the PPC64 architecture and is supported in both configurations.
WSI-Basic Security 1.1
JBoss Web Services has been tested to assure compliance with the WSI-Basic Security 1.1 Profile.
Hibernate
Improved and expanded bytecode enhancement.
WS-Atomic Transactions/XA Bridge
The WS-AT/XA transaction bridge functionality has been transitioned from technology preview to full support status. The bridge provides a developer a bi-directional link between the WebServices and Java EE transaction domains.
Restored ServiceMBean Helper Classes
The org.jboss.as.system-jmx module has been introduced to restore helper classes available in earlier versions of JBoss EAP that assist users in creating MBeans.
EJB and MDB Property Substitution
JBoss EAP now allows you to enable property substitution in EJBs and MDBs using the @ActivationConfigProperty and @Resource annotations.
Garbage Collection Logging
Garbage collection logging is enabled by default in standalone mode. This change improves aids diagnostics since log files are available on demand, instead of enabling garbage collection logging, then waiting for the issue to occur again.
Annotations in Web Deployments
Annotated servlet components can be defined in shared modules, which are then picked up by the servlet container and applied to all web deployments with a defined dependency on that module. This reduces the need to define all servlet dependencies in a web.xml file. An annotated web filter or listener, for example, can now be added to a shared module and picked up by all web applications automatically.
Logging
It is now possible to configure JBoss EAP so that logging modules are not added to deployments by default.
Transaction Manager Enhancements
In addition to Last Resource Commit Optimization (LRCO) support, Commit Markable Resource (CMR) transaction optimization is now available.
Configure IOR Settings for CORBA relays
It is now possible to configure IOR settings for CORBA relays.
Java EE
The Java EE subsystem now supports an annotation flag in the global module XML configuration. When set to true, the global module exports its annotation index to all Java EE deployments on the server.
Configure mod_cluster sessionDrainingStrategy
With this release of JBoss EAP 6 it is now possible to configure session draining strategy (session-draining-strategy attribute). Although mod_cluster itself did support this configuration, it was not possible to configure it. It has now been exposed to users.

4. Features Provided as Tech Preview Only

The following configurations and features are known to have issues and are provided as technology previews only. They are not supported in a production environment.
Stateless Identity Bean
JBoss EAP 6.3 includes a new identity management feature in PicketLink, which provides the ability to use both stateless and session-scoped identity beans.
WS-Trust/STS with JBoss Web Services
JBoss Web Services now exposes WS-Trust/STS capabilities from the underlying CXF implementation.
Adding and Removing Modules with the JBoss CLI
The CLI offers new commands to add and remove modules.
RestEasy Validation with the Hibernate Validator
RestEasy now includes a validation provider to support the Hibernate Validator delivered with JBoss EAP 6.
Multi-JSF
This feature enables a user to replace the JSF implementation provided with JBoss EAP 6 with a user-supplied JSF implementation.
mod_jk and IPv6
The mod_jk version has been updated from 1.2.36 to 1.2.40. This new version contains support for IPv6, however this feature has not been fully tested.
WebSockets
The WebSocket protocol provides two way communication between web clients and servers. Communications between clients and the server are event-based, allowing for faster processing and smaller bandwidth compared with polling-based methods.

5. Unsupported Features

The following features are not currently supported in JBoss EAP.
mod_jk and mod_cluster with Apache on RHEL 7
The Apache HTTP server installable on Red Hat Enterprise Linux 7 via RHN channels introduces incompatibility problems with mod_cluster and mod_jk and is not supported. The Apache HTTP server shipped with JBoss EAP, however, is fully supported.
mod_rt and mod_snmp
The mod_rt (mod_rt.so) and mod_snmp (snmpmonagt.so) modules that are shipped with JBoss EAP 6's Apache HTTP Server distribution are not supported.
More information about support for these modules can be found in the Enterprise Web Server 2.1 documentation.
STOMP Protocol with HornetQ
HornetQ has community level support for the STOMP protocol. That protocol has not received testing from Red Hat and is not supported by JBoss EAP.
REST Protocol with HornetQ
HornetQ has community level support for the REST protocol. That protocol has not received testing from Red Hat and is not supported by JBoss EAP.
Infinispan API
Direct use of the Infinispan API is not supported in JBoss EAP 6. Infinispan is used as an implementation detail for various clustering technologies internal to JBoss EAP 6. Direct use of the Infinispan API requires a subscription to JBoss Data Grid.
IPv6 Limitations of JDK 6
The following IPv6 limitations are caused by JDK 6, and are not defects in JBoss EAP 6.
  • On Microsoft Windows Server, JDK 6 has only a partial IPv6 implementation. This implementation is not sufficient to run JBoss EAP 6. Full IPv6 support on Microsoft Windows Server requires JDK 7.
  • On Red Hat Enterprise Linux, a bug in Oracle JDK 6 means that any address specified on a client (the network point establishing the connection) which contains a zone-id will fail. To use a zone-id, either upgrade to JDK 7, or use IcedTea/OpenJDK 6, which is available for Red Hat Enterprise Linux, and does not exhibit this bug. For more information about the bug, refer to http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6800096 and https://issues.jboss.org/browse/JBPAPP-8833.
JPA 2.0 Context Propagation Outside of a JTA Transaction
The propagation of Extended Persistence Contexts (XPC) was not taking into account the existence of a transaction, with the XPC always being propagated. That behaviour is not in accordance with the JPA 2.0 specification. The handling of XPC has been modified so that when there is no transaction active the XPC's propagation is ignored and the bean being invoked has its own Persistence Context instead of the XPC.
If your application expects extended persistence contexts to be propagated outside of JTA transactions, you need to consider if your application needs to be modified. Refer to the JBoss EAP 6 Migration Guide for instructions on updating your application.
JBoss Enterprise Application Platform 5 provided a system property (JBPAPP-923.alwaysPropagate) to enable this behaviour. This system property is not available in JBoss EAP 6.
For more information about this decision, refer to https://issues.jboss.org/browse/AS7-1663.
PicketLink subsystem
The PicketLink subsystem is not supported in JBoss EAP 6.3.
STS Client Pooling
The PicketLink provides a pool of STS clients on the server. This removes STS Client creation as a bottleneck.
Client pooling can be utilized from login modules that need an STS client to obtain SAML tickets.
Login Modules that can utilize STS client pooling:
  • org.picketlink.identity.federation.core.wstrust.auth.STSIssuingLoginModule
  • org.picketlink.identity.federation.core.wstrust.auth.STSValidatingLoginModule
  • org.picketlink.trust.jbossws.jaas.JBWSTokenIssuingLoginModule
The default number of clients in the pool for each login module is configured via the initialNumberOfClients login module option.
The STSClientPoolFactory class org.picketlink.identity.federation.bindings.stspool.STSClientPoolFactory provides client pool functionality to applications.

Using STSClientPoolFactory

STS clients are inserted into sub pools using their configuration as a key. Obtain STSClientPool instance and then initialize a sub pool based on configuration, optionally with initial number of STS clients or rely on default number.
final STSClientPool pool = STSClientPoolFactory.getPoolInstance();
pool.createPool(20, stsClientConfig);
final STSClient client = pool.getClient(stsClientConfig);
When you are done with a client, you can return it to the pool like so:
pool.returnClient();
To check if a subpool already exists for a given configuration:
if (! pool.configExists(stsClientConfig) {  
    pool.createPool(stsClientConfig);  
}
When the PicketLink Federation subsystem is enabled, all client pools created for a deployment are destroyed automatically during the undeploy process. To manually destroy a pool:
pool.destroyPool(stsClientConfig);
Tanuki Service Wrapper
The Tanuki Service Wrapper is not supported with JBoss EAP 6. More information can be found at https://issues.jboss.org/browse/JBPAPP-8651.
XA Recovery on Microsoft SQL Server 2008
XA recovery does not work with Microsoft SQL Server 2008 R1. This features does work with Microsoft SQL Server 2008 R2 SP2. For more information refer to the following URLs:
XA Recovery on MySQL
The MySQL JDBC driver does not implement XA recovery properly and returns incorrect error codes for exceptions when the connection to the database is halted.
JBoss OSGi
JBoss OSGi, an implementation of the OSGi specification, has been demoted from Technology Preview to Unsupported. For additional information refer to https://access.redhat.com/site/solutions/362814.
Quickstarts
Because OSGi has never been supported and has been removed from product, the helloworld-osgi quickstart has been removed from the examples that ship with JBoss EAP 6.3.
The wicket-war and wicket-ear quickstarts depend on the seam-conversation-weld.jar. Because Seam is not supported, these quickstarts have been removed from the examples that ship with JBoss EAP 6.3.

6. Components

The JBoss EAP 6 component matrix is available at the following location: https://access.redhat.com/knowledge/articles/112673.

7. Changes in this release

7.1. Bug Fixes

CDI/Weld

1051375 - If multiple beans.xml files exist in a war deployed in an EAR all CDI beans will be registered twice

In previous version of EAP 6, when an EAR deployment contained a WAR subdeployment with multiple beans.xml files, e.g. in WEB-INF/beans.xml and WEB-INF/classes/META-INF/beans.xml, all beans would be registered twice and the deployment would fail. This has been fixed by ammending the deployment processor to take this possibility into account and such deployments no longer fail to deploy.
1029099 - NPE when replicating CDI bean on EAP 6.1.0 cluster

The session ID created in clustered instances of earlier JBoss EAP versions contained a full source in a deployed bean's metadata (used to create a session ID). This was causing beans deployed across different nodes in the cluster to be recreated if a session ID was reused when accessing a different node. A NullPointerException could also been seen in the later node's log.

New code has been introduced that obtains a relative path, rather than an absolute path. This means that beans are no longer recreated and the NPE no longer presents.
1050963 - Permanent fix for: org.jboss.weld.exceptions.DeploymentException: WELD-001414 Bean name is ambiguous

Bean name ambiguity validation was not isolated in deployments with multiple sub-deployments, and this caused DeploymentException in some scenarios. This has been resolved with an upgrade of the Weld component in this release of Red Hat JBoss EAP 6.
1070069 - Timed out conversation unexpectedly alive on next request

In previous versions of JBoss EAP 6 it was found that a conversation could be unexpectedly activated and associated with a request even after the conversation expires, resulting in a NonExistentConversationException.

This was because, in a JSF application, Weld did not properly check conversation state at the beginning of requests.

This release of the product includes an updated conversation context activation and invalidation procedure to check conversation state more thoroughly. As a result, expired conversations no longer get mistakenly associated with requests.

CLI

988283 - CLI GUI - write attribute dialog for string value should enclose value in generated command to double quotes

Attempting to set a value using the jboss-cli tool that contained a property would only save the character $ in the value instead of the property unless the entire value was contained in double-quotes. This was because the CLI command line parser would incorrectly parse any ${X} expression as only $ unless it was contained in double-quotes.

The command line parser has been fixed in this release, so that attributes with properties will be correctly parsed even if they are not contained in double-quotes.
1007831 - CLI GUI - add operation for webservices client-config and endpoint-config fails

In previous releases of JBoss EAP 6 an add operation which did not have any arguments was treated as an operation that did not require any input from the user of the CLI GUI.

This caused the user to be able to execute the operation without providing the required argument name which would lead to a failure.

In this release the add operation without arguments is now treated by the GUI interface logic as one having required name argument.

Now, before allowing the user to execute an add operation which in the management model description does not require any argument, the user will be prompted to provide the required name argument.
1019232 - jboss-cli.sh throws NullPointerException when using tab complete on data-source node

In previous versions of JBoss EAP 6, the jboss-cli tool would throw an exception and exit when the user attempted to use the tab completion feature in some circumstances.

This was due to inadequate exception handling in the command parser for these situations and has been corrected in this release.
1031173 - jboss-cli.bat does not work when EAP installed into directory with spaces

The jboss-cli tool would not launch successfully on Microsoft Windows if JBoss EAP 6 was installed in a directory that had spaces or other special characters such as parentheses in its path. For example, the following error message was displayed if JBoss EAP 6 was installed in the directory C:\JBoss EAP\jboss-eap-6.2:
Error: Could not find or load main class EAP\jboss-eap-6.2\bin\jboss-cli-logging.properties

This issue has been fixed in this release by changing how the jboss-cli tool declares and uses file paths on Microsoft Windows. As a result, it can be used without workarounds in JBoss EAP 6 installations in directories that have spaces or other special characters in their path on Microsoft Windows systems.
1026418 - Command passed as argument is not executed while accepting SSL certificate.

When starting the JBoss EAP 6 CLI with a command being passed as an argument, if that server prompted the user to accept a server certificate, it logged that prompt as an error. This resulted in any command passed as an argument being skipped, as those commands are only executed if no errors have occurred.

This issue was fixed by outputting the certificate acceptance prompt as normal output instead of as an error. As a result, a command as an argument when starting the CLI is successfully executed after the user has accepted the server's certificate.

CLI,Remoting

1037574 - OOM when running multiple CLI operations probably caused by improper cleanup

Users of previous versions of JBoss EAP 6 may have encountered OutOfMemory errors when performing multiple operations through the command line interface.

The issue was traced to memory leaks caused by incorrect memory cleanup when using the CLI.

This issue has been corrected in this release of the product.

Class Loading

1060997 - testConnection should account for deployment classloader

A bug was uncovered that could cause earlier versions of JBoss EAP to throw an exception when testing a datasource. The exception presented while using the LDAP protocol in the datasource "connection-url" tag. The product was failing to instantiate InitialContextFactory because the "org.jboss.as.connector" module was not able to access some of the JDK provided classes (such as com.sun.jndi.ldap.LdapCtxFactory). This resulted in a datasource connection test failure when the Datasource "connection-url" was using "ldap://" protocol.

This issue was resolved by adding a dependency on sun.jdk to the org.jboss.as.connector module. This makes the required JDK classes accessible from the connector module and the datasource testing using CLI using "test-connection-in-pool" operation succeeds.
1054972 - Initialization of MBeans uses wrong TCCL

In previous versions of JBoss EAP, it was found that an application's TCCL (thread context class loader) was not appropriately set when initializing MBeans found in .sar files. This meant that resources in the deployment were not available to the MBean upon initialization. In this update to the product, the TCCL is now set appropriately surrounding the call to the MBean initialization and MBeans can now access deployment resources upon initialization.
971076 - Module "org.jboss.log4j.logmanager" Needs Dependency On "javax.mail.api" Module

In previous versions of JBoss EAP 6, org.jboss.log4j.logmanager did not specify its dependency on javax.mail.api in its module.xml.

This release adds this dependency to the logmanager module.

Clustering

990567 - ClassCastException when storing http session to PostgreSql

An issue was found which affected the storage of the HTTP session with Postgresql. With the following jdbc-store configuration, a ClassCastException error occurred, like the sample error message shown here. The HTTP session's values would be persisted but the application would fail to redeploy with the same error message.
<binary-keyed-jdbc-store datasource="java:jboss/datasources/testDS" preload="true" passivation="false" purge="false">
 <binary-keyed-table prefix="b">
  <id-column name="id" type="VARCHAR(255)"/>
  <data-column name="datum" type="BYTEA"/>
  <timestamp-column name="ver" type="BIGINT"/>
 </binary-keyed-table>
</binary-keyed-jdbc-store>
14:24:21,262 ERROR [org.infinispan.interceptors.InvocationContextInterceptor] (http-/127.0.0.1:8080-1) ISPN000136: Execution error: java.lang.ClassCastException: java.lang.Class cannot be cast to org.infinispan.loaders.bucket.Bucket...

This issue was resolved with a component upgrade and HTTP session data can be successfully persisted in a Postgresql database.
917010 - CacheException: Failure while unregistering mbeans at server shutdown

Previous versions of JBoss EAP 6 contained a bug in the Infinispan component that could cause the following exception at server shut down:
WARN [org.infinispan.jmx.CacheJmxRegistration] (MSC service thread 1-1) ISPN000032: Problems un-registering MBeans: org.infinispan.CacheException: Failure while unregistering mbeans

The error did not prevent successful shut down of the server and was caused by multiple stop requests (from CacheService and EmbeddedCacheManagerService) being sent to single cache instances.

This issue was resolved with an upgrade to the Infinispan component.
963448 - Incorrect exception handling in CoreGroupCommunicationService#handle

In previous versions of JBoss EAP 6, it was found that CoreGroupCommunicationService#handle was mishandling exceptions, affecting caller of the class.

The class was found to be hiding exceptions and returning null values instead. This value could produce unexpected and unintended behaviors in callers.

In this release, the null response will be dealt with by the distributed lock manager, however the use of CommandDispatcher in future releases of the product will resolve the issue permanently.
1039585 - Clustered session memory leaking

Previous versions of JBoss EAP 6 contained a bug that could lead to an OutOfMemoryException in distributed web sessions. The exception was encountered if a web session expired without the lock objects created by the session manager being released or destroyed. As web sessions continued to expire, the residual lock objects accumulated in memory. Eventually, this would lead to an OutOfMemoryException. The only recourse was to redeploy the web application.

In this release of the product the lock objects are properly released and the OutOfMemory no longer presents
956904 - Infinispan remote-store requires remote-servers but not marked as required in mgmt model

An issue was discovered in the handling of Infinispan's remote-store configuration. The remote-store option required that the value of the remote-server option be set, but this was not enforced, resulting in failure of the remote store. This issue has been resolved by marking the remote-server parameter as being mandatory, preventing an invalid remote-store configuration.

In this example, the management CLI command is incomplete and a warning is displayed.
[standalone@localhost:9990 /] /subsystem=infinispan/cache-container=web/distributed-cache=dist/remote-store=REMOTE_STORE:add(remote-servers=[])     {
  "outcome" => "failed",
  "failure-description" => "JBAS014706: [0] is an invalid size for parameter remote-servers. A minimum length of [1] is required",
  "rolled-back" => true,
  "response-headers" => {"process-state" => "reload-required"}
}

In this example, the management CLI command is complete.
[standalone@localhost:9990 /] /subsystem=infinispan/cache-container=web/distributed-cache=dist/remote-store=REMOTE_STORE:add(remote-servers=[{"outbound-socket-binding" => "fred"}])
{
  "outcome" => "success",
  "response-headers" => {"process-state" => "reload-required"}
}

Domain Management

1015303 - LDAP security realm needs to have configurable timeouts

This release of JBoss EAP 6 contains an enhancement that allows the use of custom properties on outbound LDAP connections.

In previous versions of the product, outbound LDAP connections were created with a limited set of properties leaving the remaining to the default behavior. As a result it was not possible for custom properties to be defined to control aspects such as connection and read timeouts.

In this release, custom properties can now be defined for the outbound LDAP connections with code similar to the following:
<ldap name="LocalLdap" url="ldap://localhost:10389" search-dn="uid=wildfly,dc=simple,dc=wildfly,dc=org" search-credential="password1!">
 <properties>
  <property name="one" value="two"/>
  <property name="three" value="four"/>
 </properties>
</ldap>
1074999 - Application disappears from Manage Deployments section of EAP console

In previous versions of JBoss EAP 6, the status of a deployment was not updated on the filesystem when the console was used.

As a consequence, using both the filesystem scanner and the console to manage the status of a deployment resulted in the scanner believing the deployment to be undeployed.

This release of the product enables the console and the filesystem scanner to share the status of the deployment and users can now use both administrative tools to manage deployments.
1035232 - EAP Domain mode is not working properly with Security manager

In previous versions of JBoss EAP 6, servers in a managed domain would not launch successfully if they were configured to use a Java Security Manager without specifying the classname of the Security Manager.

For example, this is commonly done when using the default Security Manager by specifying -Djava.security.manager in either` domain.conf` or as a command line parameter.

This issue occurred because a system property without a value was passed by Host Controllers to their managed servers with the value of true. This meant that the servers would incorrectly attempt to use a Java Security Manager with the classname of true.

This issue has been fixed in this release by adding extra checks for host controller system properties so that a system property is passed to the managed servers correctly. As a result, using a managed domain and using the default Security Manager by specifying -Djava.security.manager should function as expected.
1047515 - Domain Mode does not start with the IBM JDK

An issue that frequently prevented successfully starting JBoss EAP 6 in IBM JDK environments on Windows machines has been addressed in this release.

The issue has been traced to how binary data (i.e. a byte[]) written to java.lang.Process.getOutputStream() by the parent process is received over System.in by the child process. Any byte whose high order bit is 1 is garbled when received producing the following output in the console log:
[Host Controller] 16:44:06,419 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 1) JBAS014612: Operation ("start") failed - address: ([
[Host Controller] ("host" => "master"),
[Host Controller] ("server-config" => "server-one")
[Host Controller] ]): java.lang.IllegalStateException: JBAS010986: Host-Controller is already shutdown.
[Host Controller] at org.jboss.as.host.controller.ServerInventoryImpl.startServer(ServerInventoryImpl.java:175)

An EAP managed domain Process Controller communicates with the server processes it manages over this mechanism, meaning the problem affected EAP 6 managed domains.

In this release of the product, all communication to a managed process over stdin has been Base64 encoded which ameliorates the problem and Managed domain servers now start properly on Windows with the IBM JDK.
1054776 - ClientConfigurationImpl should not translate IP address to host name

In previous releases of JBoss EAP, when creating an instance of a controller client and passing it an IP address to connect to, the IP address was internally translated to the machine's host name.

Then, when the client attempted to make a connection, it used the host name rather than the IP address.

This not only introduced unnecessary overhead by involving the DNS server, but in some very specific deployment scenarios, it caused the client to try to connect to a different IP address of the same machine than the one where a JBoss EAP instance was bound, resulting in a failure of this connection attempt.

This has been fixed in this release; the controller client code does not internally translate the given IP address to the host name and uses only the IP address (rather than the corresponding host name) for making a connection.

Note that this fix does not affect the scenario when a host name is passed to the controller client's factory method. In this case, the host name will be translated to an IP address and that address will be used, as expected.
1072915 - slaves cannot reconnect to a restarted master if RBAC is enabled

In previous versions of JBoss EAP 6, When reconnecting to the master host-controller, the configuration model was added to the wrong location.

This meant that reconnecting to the master host-controller with RBAC enabled would fail.

In this release, the model is added in the right location, ensuring the slave host connects without problems.
1040621 - Cannot use deployments with same runtime-name in a domain

In previous versions of JBoss EAP 6, the check for duplicate values for deployment runtime-name attributes in a server group on startup was too aggressive. It was incorrectly throwing an error on startup if there were any duplicate runtime-names in the whole domain, instead of just in a single server group.

As a result, including multiple deployments in a domain with the same runtime-name would result in a boot failure even if those deployments are not mapped to the same server group.

For example:
JBAS010932: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: JBAS014676: Failed to parse configuration
...
Caused by: javax.xml.stream.XMLStreamException: ParseError at [row,col]:[1348,9]
...
Message: JBAS014664: An element of this type named 'example.war' has already been declared

In this release the validation of uniqueness of runtime names was moved from the XML parser to the operation execution logic, and the validation logic was adjusted to ignore duplicates not associated with the same server group.

Multiple deployments with the same runtime-name value can now coexist in a domain so long as they are not mapped to the same server group.
1076066 - Can't promote --backup slave HC to master and reload without moving domain.cached-remote.xml

In previous versions of JBoss EAP 6, a bug prevented a slave Host Controller that has been reconfigured to act as Master from loading the cached domain configuration upon restart. This was because the newly promoted Master loads the configuration from the domain/configuration/domain.xml file instead of the domain/configuration/domain.cached-remote.xml file.

In this release of the product, if a slave HostController started with the --backup option is reconfigured to act as master and is then reloaded to pick up that change, the domain.cached-remote.xml file it was maintaining when running as a backup will automatically be detected and used.
1038465 - remote outbound socket binding server is not stopped when the resource is removed

In previous versions of JBoss EAP 6, the remote outbound socket binding service was not stopped when the resource was removed.

This meant it was not possible to add a remote-destination-outbound-socket-binding with the same name, as the :add operation would fail because there was already a service registered with that name.

In this release, when a remote-destination-outbound-socket-binding resource is removed, the corresponding service is stopped.

As a result it is possible to remove and add remote-destination-outbound-socket-binding without any failure.
1110065 - Creating a server on a domain slave followed by setting a system property fails when done in batch mode

In previous versions of JBoss EAP 6, when the HostController processed an update to its configuration, it created operations to apply the changes to all running servers it was managing.

An issue arose because the Host Controller also created operations for non-running servers to add the "env" system property which resulted in "No handler for operation composite at address" errors.

This release of the product no longer creates the operations to modify the environment of non-running servers and the errors no longer occur.
1093866 - The "admin-only-policy" slave HC config option is not implemented correctly

In previous releases of JBoss EAP 6, a slave Host Controller started in admin-only mode would not be able to connect to the master Domain Controller to obtain the domain wide configuration.

As a result, if a slave Host Controller is started with --admin-only and it's host.xml has the admin-only-policy="fetch-from-master" set, the slave cannot connect to the master to get the domain wide configuration. The slave will fail to start.

This prevents the --admin-only slave using RBAC unless a copy of the domain-wide configuration file is stored locally as domain.cached-remote.xml and the slave is started with --cached-dc.

In this release the slave connection logic has been corrected and the slave can connect to the master and get the domain wide configuration, allowing it to obtain the domain-wide RBAC configuration policy.
1024109 - NPE in DelegatingServerInventory

Management requests sent to a Host Controller immediately after the Host Controller had launched may have failed with an exception of type NullPointerException. This was because there was a period of time between when the Host Controller was able to receive requests and when the server management system had fully started. This period of time was usually less than one second, but any requests received in that time would fail.

This issue has been fixed in this release by making sure that a Host Controller will only receive requests once the server management system has fully started. As a result, there is no longer period of time where received requests will trigger a NullPointerException because the the server management system has not fully started.
1085122 - ApplyRemoteMasterDomainModelHandler should apply the values of the root resource

In previous versions of JBoss EAP 6, it was found that the root domain resource from the domain controller was not getting applied to the slave host controllers. Instead the slave host controllers would use their own root resource.

This meant that when connecting to the slave domain controller directly, the version numbers in the root domain resource was the version of the slave domain controller, so the domain configuration was not homogeneous across the controllers in the domain.

In this release of the product, the slave registration process was updated to apply the root domain resource and the version numbers are now the same across the whole domain.
1016995 - Deployment Overlay feature is not able to replace the application libraries.

In previous releases of JBoss EAP 6, the Deployment Overlay feature was not working as documented. It did not overwrite the application jar libraries as it is supposed to. Changes were made to allow the Deployment Overlay feature to overwrite the application jar libraries, and it now works as documented.
1077838 - isSensitiveValue of class SensitiveVaultExpressionConstraint uses incorrect index in java.lang.String.substring method

In previous releases of JBoss EAP 6, the SensitiveVaultExpressionConstraint class was using an incorrect string index when multiple {} occurred in the write attribute value.

As a result, the use of the incorrect index was causing a StringIndexOutOfBoundsException to present.

In this release the isSensitiveValue method of the SensitiveVaultExpressionConstraint class is fixed to use the correct index and the StringIndexOutOfBoundsException no longer prensents.
1074560 - EAP management authorization throws an exception when an LDAP group contains a slash character

Previous versions of JBoss EAP were found to contain a bug that prevented the backslash (/) character from being escaped correctly when it was used in an LDAP group on a Windows Active Directory LDAP server. The bug would cause EAP management authorization to throw a NamingException. This release included an update that ensures the character is escaped correctly and the exception no longer presents.
1077536 - High CPU usage by JMX monitoring client, RBAC seems the hotspot

A performance issue affecting JMX Query was identified, where the CPU load was much higher than expected in previous JBoss EAP releases. The cause of the issue was that role-based access control (RBAC) was checking the address of every query, regardless of whether that address was relevant to JMX Query. To resolve this issue the processing of querie was changed to first check if the address is relevant to JMX Query and if not, avoid the processing involved. The result of this change is that CPU load of JMX monitoring is again at a normal level.
1038397 - Role Based Access Control (RBAC) does not work with Java Security Manager (JSM) enabled

When JBoss EAP 6 was run with the Java Security Manager enabled, the Role-Based Access-Control system was effectively disabled because in this situation all authenticated users were treated as SuperUsers. The only way to use Role-Based Access-Control was without the Java Security Manager enabled.

This issue was fixed in this release by making all access to the current AccessControlContext happen outside of the privileged action. As a result, Role-Based Access-Control is now still effective when enabling the Java Security Manager.
901275 - Usage of vault for system-properties throws java.lang.SecurityException

Previous versions of JBoss EAP 6 could fail to boot if a system property with a vault expression in its value attribute was used.

This was because the system property resources in the XML configuration were processed before the security vault resources. This meant that the security vault was not available as a source for resolving expressions. Any resources using a vault attribute would result in the following error:
java.lang.SecurityException: JBAS013322: Vault is not initialized

In this release of the product, if a system property value expression fails to resolve, a second attempt is made later in the boot process, at a point after the vault (if one is configured) is installed. This resolves the issue and systems using vault expressions now boot as expected.
1092220 - Audit log does not record boot operations correctly

Previous versions of JBoss EAP 6 contained inefficiencies in the audit logging of management operations executed during server boot:
  • Boot operations use special facilities that allow them to execute in parallel. The audit logging facility was not properly accounting for this leading to disorganized and confused logs.
  • Log records that were queued pending execution of the operation that enables audit logging were flushed from the queue before execution of the operations that handle adding log handlers. These records did not appear in any log.

The consequences of these issues included the following:
  • Logs for operations that occurred prior to the addition of audit log handlers were not recorded.
  • Extension add operations were not logged.
  • Internal execution details were logged that should not have been, giving the appearance that some operations executed twice.
  • Parallel boot operations were not organized to reflect the logical stream of operations that come from the XML parsers, but instead were logged in per-subsystem chunks, with the chunks randomly ordered.

In this release of the product, queued log records are not flushed until any log handlers are given a chance to be installed and the way in which tracking events to log has been made more sophisticated, allowing proper tracking of the parallel execution of operations that occur during boot.

All operations that occur during boot are now recorded, without any extraneous internal details of their executing being included. Operations are coherently organized into the two groups that reflect how the server fundamentally organizes boot. The operations that execute in parallel during boot are reported in the order in which they were originally provided by the XML parser.
1092213 - AccessAuditContext domainUUID is not set when the domain-uuid header is set

Previous releases of JBoss EAP 6 contained a bug wherein PrepareStepHandler created a UUID and set "operations-headers" => "domain-uuid" on an operation, but did not then pass that UUID to AccessAuditContext.

In a managed domain operation for an operation on the domain controller, this meant the domainUUID field in the audit log record had no value, however the operation field that showed the operation that was invoked includes a domain-uuid operation header.

This issue has been resolved in this release of the product.
1092206 - OperationContextImpl.readResourceForUpdate assumes all resources represent persistent config

In this previous releases of JBoss EAP 6, the operation execution logic assumed all management resources represented persistent configuration when handling the readResourceForUpdate method for an OperationStepHandler.

As a result, the subsystem=transaction/log-store=log-store resource's probe operation and the subsystem=transaction/log-store=log-store/transactions=* resource's delete operation could not be invoked by an admin in the Operator role.

This issue has been corrected in this release.
1092203 - Not authorized write operation does not get audit logged if log-read-only="false"

Previous versions of JBoss EAP 6 contained a bug that prevented the logging of a "write" operation invoked by an unauthorized user if the "log-read-only attribute" on the management audit-logging resource was set as false.

This was because the model controller used "acquisition of controller lock" as a condition to determine whether an operation should be reported as a "write" operation in the log . When role based access control (RBAC) was enabled and an unauthorized operation was performed the error occurred before the controller lock is taken.

As a result, unauthorized write operations were not reported in the audit log if "log-read-only" was set as false. If "log-read-only" was set as true, the log record incorrectly stated the operation as a "read" operation.

This issue has been resolved in this release of the product.
1049102 - CLI fails to show app status when runtime-name is different from the deployment name

In previous versions of JBoss EAP 6, the management operation handler used to determine the status of a deployment was using the deployment name to find the deployment service instead of using its runtime-name.

As a result, if a deployment had a runtime-name that was different from its management name, an attempt to read its "status" attribute would result in a response of No metrics available.

For example:
[standalone@localhost:9999 /] deploy /home/ABC.ear --name=ABC.ear --runtime-name=XYZ.ear

[standalone@localhost:9999 /] /deployment=ABC.ear:read-attribute(name=status)
{ "outcome" => "success", "result" => "no metrics available" }

In this release of the product, the management handler uses the runtime-name when looking up the deployment service which ensures the status is correctly returned. The response from the above example is now:
[standalone@localhost:9999 /] /deployment=ABC.ear:read-attribute(name=status)
{ "outcome" => "success", "result" => "OK" }
1034700 - whoami operation doesn't work with security manager enabled

The :whoami operation did not run correctly when JBoss EAP 6 was running with the Java Security Manager enabled. Attempting to run this operation in this situation would result in an IllegalArgumentException being thrown. This occurred because of invalid AccessControlContext situations where the identification of the current caller was incorrect.

This issue has been fixed in this release by accessing the current AccessControlContext outside of the privileged action. As a result, the :whoami operation will now run correctly when JBoss EAP 6 is running with the Java Security Manager enabled.

Domain Management,Scripts and Commands

1023444 - Domain fails to start with default memory settings on Windows 32bit JDK

Previous versions of JBoss EAP could fail to start when run in a Windows 32-bit JDK environment with the default memory settings.

In this release of the product, the default memory settings have been lowered to ensure a successful start on a wider array of JVMs.

Customers who rely on the default JVM settings are advised to review their configuration and adjust JVM parameters based on their requirements.

Domain Management,Web Services

987898 - Write to wsdl-url attribute for WS endpoint ends with 'Unknown attribute wsdl-url' instead of 'Attribute wsdl-url is not writable'

Five attributes of deployed SOAP Web Services endpoints (name, context, class, type, and wsdl-url) were not accessible in the management tools. This was because they were not exposed to the management model by the Web Services subsystem. This issue has been fixed in this release, and the attributes can now be configured under the webservices subsystem using the Management CLI.

EE

1056799 - JBMETA-371: DefaultPropertyReplacer + PropertyResolver is broken for vault expressions

In previous versions of JBoss EAP 6, the expression resolving logic in the DefaultPropertyReplacer and PropertyResolver classes (used for parsing deployment descriptor files) assumed that the expression content between "${" and "}" was of a fixed format where any ":" char in the expression represented a separator between a system property name and a default value.

This meant that security vault expressions in deployment descriptors could not be successfully parsed, as ":" is always used in those expressions and not as a separator preceding a default value. Vault expressions would be evaluated incorrectly with the expression content following the first ":" being treated as the resolved value.

In this versions of the product, when the end of an expression is detected, before returning the expression contents following the first ":" as the resolved value, the resolver first checks whether the entire expression can be resolved.

Security vault expressions can now be used in deployment descriptor files where expressions are allowed in general.

EJB

1093128 - Remote client transaction timeout values are overwritten by hardcoded values

Previous releases of JBoss EAP 6 carried an issue that may have resulted in remote client transactions spanning multiple servers timing out earlier or later than expected.

The issue arised because timeout values are not propagated across servers correctly, leaving the system to rely on the hardcoded timeout value (300 seconds).

This issue is resolved in JBoss EAP 6.3.0.
1059911 - @Schedule EJB Timer not using timezone when calculating next timeout

In previous versions of JBoss EAP 6, a bug was encountered where, if the @Schedule EJB timer used a timezone that was different to that used by the server, any timer invocations after the initial invocation would not fire correctly. This release addresses this behavior and all timer invocations fire as expected when timezones differ between the server and the @Schedule.
1035216 - ArrayIndexOutOfBoundsException during periodic recovery on EJBTransactionRecoveryService

An intermittent issue between the periodic recovery and EJBTransactionRecoveryService resulted in an ArrayIndexOutOfBoundsException.
[com.arjuna.ats.jta] (Periodic Recovery) ARJUNA016009: Caught:: java.lang.ArrayIndexOutOfBoundsException: 0
 at org.jboss.as.ejb3.remote.EJBTransactionRecoveryService.getXAResources(EJBTransactionRecoveryService.java:112)
....

The root cause of the issue was that the creation of an XAResource element was not contained within the associated logic loop and this led to the array index error. This element has now been moved so that it is within the logic loop and so the periodic recovery no longer conflicts with the EJBTransactionRecoveryService.
1017673 - ConcurrentModificationException in TimerService.getTimers()

If a bean attempted to create a new timer at the same time as another thread was calling the getTimers() method, a ConcurrentModificationException was thrown. This occurred because the getTimers() method did not call synchronized() on the timers.

This issue is fixed in this release, and the timer service implementation's getTimers() method now properly calls synchronized() on the timers.
1031199 - EJB backing cache's can generate large retention from cancelled tasks in its scheduled executor's DelayedWorkQueue

The cache implementation for @Stateful EJBs in JBoss EAP 6 utilizes a scheduled executor for handling @StatefulTimeout logic. When a bean is accessed, it's previous timeout job is cancelled, and a new one is rescheduled when the invocation completes.

By default, cancelling a task from an executor did not remove it from the queue.

This caused a gradual memory leak, as cancelled tasks remain in the queue.

In this release, the scheduled executor can be configured to remove the task from the queue upon cancellation. This avoids the memory leak.
1045105 - remote ejb client code converts '$$' to '$' in passwords

Previous versions of JBoss EAP 6 carried a bug that caused PropertiesBasedEJBClientConfiguration to attempt to expand passwords containing a double dollar sign ($$) as if it was an expression. This could have caused incorrect passwords to be passed between the server and client.

The PropertiesValueResolver has been modified in this release so that it does not expand passwords by default. This resolves the issue.

If expansion is required, it can be enabled by setting`jboss-ejb-client.expandPasswords` to true.
1055896 - Cannot get exception as pass-by-reference

A bug that prevented servlets from getting EJB exceptions as a pass-by reference, even if it was configured to do so, has been corrected in this release.
901324 - AroundInvokeAnnotationParsingProcessor should fail when more methods with @AroundInvoke annotation are found in the class

In previous versions of JBoss EAP 6, classes were not checked for multiple @AroundInvoke methods.

As a result, the first one discovered would be used, and any others would be ignored.

In this release of the product, the deployment fails if there are multiple @AroundInvoke methods, alerting the developer to the problem.
1056214 - EJB invocation performance issues due to high allocation counts of useless strings

A performance issue has been addressed in this release of JBoss EAP 6. The issue was caused by StatefulComponentInstanceInterceptor which performed a small concatenation in a debug log statement for every invocation. The subsequent extra allocations could cause increased Garbage Collection activity during stateful EJB invocation, leading to higher per-invocation processing overhead. This release of the product has incorporated an upstream patch which resolves this issue and per-invocation overhead is substantially decreased.

EJB,Remoting

1098879 - EJB client failed initially if a cluster should used for EJB invocation with Could not create a connection for cluster node ClusterNode{} -> Operation failed with status WAITING

In previous versions of JBoss EAP 6, there was an issue with EJB clients connecting to a cluster if more than one cluster node was specified for the initial connection.

This was an issue specifically on the Windows platform, causing the first EJB invocation to intermittently fail and was caused by wrong thread synchronization.

This issue has been addressed in this release and no longer presents.

Hibernate

1023994 - java.util.Calendar conversion to java.util.Date fails - HHH-8643

This release of JBoss EAP 6 contains a fix to a bug in the Hibernate component that caused an IllegalArgumentException to be thrown when setting a TemooralType.DATE or TemporalType.TIMESTAMP parameter in a JPA query. The parameter is intended to be able to use a Calendar or a Date value, however this interchangeability did not operate as expected. The issue has now been corrected and the exception no longer presents when using TemporalType parameters in queries.
1048709 - NPE while query.list on a Native SQL, using cache

In previous versions of JBoss EAP 6, the use of scalars within a Query, when using the Hibernate query cache, was causing users to encounter a NullPointerException. An example of a query that would produce the exception is:
query.addScalar("emp_first_name");

The problem was caused by code that attempted to automatically identify the Hibernate Type needed to handle the scalar (StringType, for example). In this release the code has been modified to correctly identify the handler needed.

For releases prior to 6.3.0, explicitly defining the type within the query scalar will avoid the NPE:
query.addScalar("emp_first_name", new StringType());
1070423 - HHH-8983 Database drivers may attach warnings to statement handles and these may accumulate and consume significant memory

In previous versions of JBoss EAP 6 it was found that database drivers could attach warnings to statement handles which could accumulate and consume significant amounts of memory. The issue presented when using Timestamp types with underlying Sybase datetime mappings. The warnings issued by later Sybase drivers could begin to exaggerate the memory footprint in batch updates. This issue has been addressed in this release and no longer presents.
1073076 - HHH-3482: UnsupportedOperationException with StatelessSession

Instances of UnsupportedOperationError being thrown when using StatelessSession and saving a ManyToOne have been addressed in this release of JBoss EAP 6. The error was caused by a call to getTimestamp() method which was not implemented for StatelessSession. The UnsupportedOperationError no longer presents.
1057742 - PostgreSQL & H2 dialect incorrect for count distinct tuples for composite attributes

JBoss EAP 6 has been updated to allow the use of parentheses around composite attribute lists in count-distinct queries in MySQL and other databases. This was not allowed in previous versions of the product and would result in an exception being thrown for PostgreSQL. This release allows the Dialect to use the parentheses as appropriate without throwing an exception.

HornetQ

1056216 - Change initial connection behavior for cluster connection

If a clustered HornetQ instance lost its connection to other cluster nodes, reconnection attempts could result in an infinite loop. For a static cluster configuration, any initial connect attempt would be attempted infinitely, ignoring the reconnect-attempts parameter. For a dynamic cluster configuration, if the node was disconnected between the time it received a notification about the node being part of the cluster topology and the initial connection, reconnection attempts continued infinitely. This issue has been resolved and the clustering logic now uses the reconnect-attempts parameter for both the initial connection attempts and reconnection attempts.
1089838 - Full scheduledReferences traversal in every call to ScheduledDeliveryHandlerImpl$ScheduledDeliveryRunnable.run()

In previous versions of JBoss EAP 6, if a very large number of messages were scheduled with a small interval, excessive CPU load would result.

The root cause of this issue was that at every instance messages were to be consumed, the whole of the scheduledReferences linked list was traversed unecessarily.

This issue has been resolved in this release.
1063864 - Backport of HornetQ-1278 into JBoss EAP

In older versions of JBoss EAP 6, Scheduled Delivery Handling did a full cycle of serial search on a List for Scheduled Deliveries.

This could cause performance issues as the system could use high CPU resources to proceed with many scheduled deliveries under load.

This release of the product has implemented a sorted list and proper search up to the expired times. The list search now runs much faster without the high CPU burden.
1089843 - Spurious WARN messages after XmlDataImporter deletes temp file

In previous versions of JBoss EAP 6, when the XmlDataImporter was importing large messages, spurious WARN messages were logged.

The root cause of this issue was that when importing sufficiently large messages, the XmlDataImporter created a temporary file and deleted it when the import task was complete.

When importing another large message, the XmlDataImporter function tried to delete the temporary file again and, since the file was no longer present, logged the WARN message.

This issue has been resolved in this release.
1096942 - Client is not able to send messages - HornetQException[errorCode=100 message=HQ119016: queue has been removed cannot deliver message, queues should not be removed when grouping

In previous releases of JBoss EAP 6, users encountered issues with Clustered Grouping, whereing routing messages could be interrupted and give invalid answers.

In this release the communication between the nodes has been improved, as has the reaping process of groups to avoid this and other spurious messages that could happen across clustered grouping.
1089844 - Policy Fail may drop messages before it sends the exception to the client

In previous versions of JBoss EAP it was found that the "fail" address-full-policy in HornetQ mostly dropped messages without sending an exception to the client.

This resulted in messages being dropped without an exception whenever an address was full.

This issue was resolved so that blocking sends always result in an exception on the client when the address is full and non-blocking sends will result in an exception on the client when additional credits are requested from the server.
1089846 - All methods in ClientSessionImpl which implement XAResource can potentially throw a non-XAException to the TM

In previous versions of EAP 6, if an XA transaction involving HornetQ timed out, it was possible that HornetQ might throw a non-XAException to the Transaction Manager.

The issue was identified in the implementation of javax.transaction.xa.XAResource, and has been resolved in this release.
1089849 - Messages always acked individually after certain reconnection scenarios

In previous versions of JBoss EAP 6, the client consumer would ack messages individually in certain scenarios, for example after failures. This process was very inefficient.

This issue has been addressed in this release.
1089851 - Avoiding possible NPE during the depage process

In previous versions of the pruduct, a NullPointerException (NPE) was possible during message delivery and paging process.

This issue has been resolved in this release.
1089841 - Fix order of totalIterator()

Inprevious releases of JBoss EAP 6, any management operations that listed messages would incorrectly list paged messages before previously sent messages.

Other possible out of order issues were also identified in cases after redeliveries.

This issue was fixed by rectifying the order where the Iterator takes messages before sending them to management operations.
1089835 - ClientConsumer max rate not taking effect if ServerLocator's consumerMaxRate <=0

In previosus versions of JBoss EAP 6, the Core API method createConsumer(String queueName, String filter, int windowSize, int maxRate, boolean browseOnly) ignored the parameter maxRate if the ConnectionFactory (or ServerLocator) had set maxRate to its default value of less than or equal to zero.

The root cause of this issue was faulty logic in the createConsumer method. It has been corrected in this release.
1089842 - listMessagesAsJSON method fails to list messages if the filter property contians \n character.

In previous versions of JBoss EAP 6, filter parsing failed to parse messages correctly if the message contained a new line character ( \n) inside a string or any other property.

The root cause of this issue was faulty logic in the listMessagesAsJSON method, which failed to account for a newline character.

This issue has been resolved in this release.

IIOP

1064644 - StackOverflowError when org.jboss.as.jacorb.rmi.InterfaceAnalysis is analyzing javax.ejb.EJBObject

In previous versions of JBoss EAP 6, it was found that, depending on the timing of a thread context switch, IIOP-enabled EJBs could fail to deploy correctly, causing a StackOverflowError.

This issue was traced to improper thread synchronization in org.jboss.as.jacorb.rmi.WorkCacheManager.

The issue has been corrected in this release and the StackOverflowError no longer presents.
1052237 - Backport JacORB #904 CDRInputStream.read_string should handle 0 string size gracefully

The function CDRInputStream.read_string mishandles an empty string, incorrectly caculating this as a length of zero (0), resulting in a marshall exception. A QoS was added to allow CDRInputStream.read_string to interoperate with those ORBs that do not encode empty strings correctly.

Installer

1034062 - Values for port offset configuration are doubled in domain's host files.

A bug that caused automatic port offsets to be doubled when set using the Configure an offset for all default port bindings option has been corrected in this release.
1062602 - Installer accepts administrative user's password without alphabetic character

In previous versions of JBoss EAP 6 it was found that the graphical installer utility was not honoring the username and password restrictions that govern user creation.

This issue has been addressed and the GUI installer now adheres to password and naming restrictions as expected.

JCA

1088470 - ConnectionListener leaked if TSR throws IllegalStateException and NPE in SemaphoreArrayListManagedConnectionPool

A bug in previous releases of JBoss EAP 6 caused the ConnectionListener to be leaked if TSR threw an IllegalStateException and NPE in SemaphoreArrayListManagedConnectionPool.

This issue was resolved in this release of the product.

JDR

1069850 - Prevent NullPointerException in JDR CommandLineMain

In previous versions of JBoss EAP 6, an NullPointerException would be thrown whenever an exception was thrown from JDR CommandLineMain. This issue has been corrected in this release.

JMS

1033495 - The commitPreparedTransaction CLI operation isn't available in domain mode

In previous versions of JBoss EAP 6, the management operations on hornetq-server resources were not available in domain mode. This issue has been corrected in this release.

JPA

1040733 - Memory leak in JBoss AS / Hibernate JPA integration

A memory leak could occur in the application server when using the Management CLI to obtain JPA statistics for application deployments that used JPA named queries. The issue has been resolved in this release of the product.

JSF

1029387 - WFLY-2493 EL cannot access public methods/fields of non-public classes

In previous versions of JBoss EAP 6 the BeanELResolver did not try to override Method.invoke access control to access public methods or fields of non-public classes.

This caused issues when trying to access the public method or field of a non-public class via Expression Language (EL) the following error message resulted:
"java.lang.IllegalAccessException: Class javax.el.BeanELResolver can not access a member of class X with modifiers "private"

This issue has been resolved by calling setAccessible(true) as appropriate in the EL implementation. Public methods or fields of non-public class are now accessile via EL
1017242 - FacesMessages doesn't work properly in root context application

In previous versions of JBoss EAP 6 it was found that JSF Flash scope was not restored properly during redirects if the application was bound to the root context. This meant that FacesMessages did not work properly in root context applications.

This release of the product sees the Mojarra component upgraded to the latest upstream version, which fixes the issue and FacesMessages now work properly even in root context applications.
1052265 - JAVASERVERFACES-3080: Issue when more than one f:viewParam is included in f:metadata.

Due to an upstream bug, including more than one f:viewParam inside f:metadata did not work in previous versions of JBoss EAP 6. An upgrade to the JSF component has resolved this issue and now more than one f:viewParam can now be included in f:metadata.
1054051 - JSF slot configuration doesn't work for default configuration properly

When an additional JSF slot was installed in the root of the modules directory, the main JSF slot was not added as a valid JSF configuration. Deploying a JSF application that attempted to use the main JSF implementation would fail with the message:
org.jboss.as.server.deployment.DeploymentUnitProcessingException: JBAS012656: Default JSF implementation slot 'main' is invalid

The cause of this issue has been resolved and the "main" slot is now always considered to be one of the valid JSF implementations. As a result, when an additional JSF slot is added in the root of the modules directory, JSF applications that make use of the main JSF implementation instead can be successfully deployed.

Logging

1066597 - The formatter attribute is changed every time it's processed

A bug that caused the HandlerOperations.equalValue() method to always return false in previous versions of JBoss EAP 6 has been corrected with the inclusion of an upstream patch. This bug presented because the method used the incorrect property name when comparing values. It does not present in this release of the product.
1080991 - Messages#getBundle() in jboss-logging is missing privileged action

In previous versions of JBoss EAP 6, running with a security manager enabled without sufficient permissions resulted in errors attempting to retrieve a message bundle.

As a consequence, an exception presented when attempting to get a message bundle if class loader permissions were not enabled.

In this release, retrieving message bundles is now done in a privilege block. The exceptions no longer occur when retrieving the message bundle when a security manager is enabled.
1088618 - Cache string representation of throwable info

The stack trace information was not guaranteed to be stored correctly in previous releases of JBoss EAP 6. As a result, data could be lost upon serialization of Log4J logging events.

To fix this, Log4J has been amended to cache the stack trace (i.e. throwable information) upon deserialization. This ensures that stack trace information will not be lost upon serialization.
1017881 - /subsystem=logging/logger=org.jboss.as.quickstarts.logging:assign-handler can't run under batch mode

In previous versions of JBoss EAP 6, the name attribute in composite logging operations was being added to and read from the model.

As a result, the last name on a composite operation was the only handler name used, resulting in the same handler naming being added multiple times.

In this release, the name attribute is no longer copied to the model and is read from the operation itself. Adding handlers in a composite operation now works as expected.
1095516 - POJO objects are not removed from logging.properties when manually removing them from JBoss Config XML

In previous versions of JBoss EAP 6, when the definition of a POJO was removed from the server's configuration file, references to the POJO were not removed from the logging.properties file.

If a POJO of the same name was later created again, JBoss EAP would state that there was a duplicate entry in logging.properties.

This issue has now been resolved and references to POJO objects which no longer remain are removed from the logging.properties file.
1073053 - EAP 6.2 audit log should display the EAP version instead of the AS version

In previous versions of JBoss EAP 6, the audit log would display an incorrect version number.

This has been corrected in this release and the version number is displayed as expected.
1066606 - Using a log4j appender as a custom-handler should invoke the activateOptions if required

In previous versions of JBoss EAP, changing a property in a custom-handler that was a log4j appender did not invoke the OptionHandler.activateOptions() on the appender if the appender implemented OptionHandler. It required a restart of logging resources for the change to take effect. In this release, the activation method is now invoked if properties are changed on the log4j appender and a restart is no longer required for OptionHandler appenders.
1070452 - System.out.println() doesn't work when using per-deployment logging

Previous versions of JBoss EAP 6 carried a bug that prevented the System.out.println() method from printing to log files when per-deployment logging was in use. This bug was resolved with an upstream patch.

Naming

1014414 - Remote Naming throws the same exception for different causes

In previous versions of JBoss EAP 6 the same exception was thrown in response to a number of connection errors that could arise when a Remote Naming client failed to connect to any host. This behavior was sub-optimal as it gave users no indication of the actual error encountered for any given server.

The exception thrown in all cases was:
javax.naming.NamingException: Failed to connect to any server. Servers tried: [remote://localhost:4447]

In this release the exceptions thrown align more closely to the actual cause of the failure.

If the host or port details are incorrect, the following CommunicationException will be thrown, indicating the connection timed-out:
javax.naming.CommunicationException: Failed to connect to
any server. Servers tried: [remote://localhost:4447 (Operation failed
with status WAITING after 5000 MILLISECONDS), remote://localhost2:4321
(Operation failed with status WAITING after 5000 MILLISECONDS)] [Root
exception is java.net.ConnectException: Operation failed with status
WAITING after 5000 MILLISECONDS]

If one of the available servers responds, but the subsequent authentication fails, the following AuthenticationException will be thrown:
javax.naming.AuthenticationException: Failed to connect to
any server. Servers tried: [remote://localhost:4447 (Authentication
failed: all available authentication mechanisms failed),
remote://localhost2:4321 (Operation failed with status WAITING after
5000 MILLISECONDS)] [Root exception is
javax.security.sasl.SaslException: Authentication failed: all available
authentication mechanisms failed]

An appropriate message will be given for failures connecting to each server in the list.
1061609 - InitialContext swallows original exception cause

In previous versions of EAP 6, instantiation of an InitialContext might fail with the following message:
javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.externalContextBindingTest.jar:main" from Service Module Loader

From this message, however, the underlying cause was not visible, making troubleshooting impossible. To resolve this issue, the underlying cause has now been exposed. If this issue now occurs, the error message now reveals the root cause:
javax.naming.NamingException: JBAS011843: Failed instantiate InitialContextFactory com.sun.jndi.ldap.LdapCtxFactory from classloader ModuleClassLoader for Module "deployment.externalContextBindingTest.jar:main" from Service Module Loader [Root exception is javax.naming.CommunicationException: 127.0.0.1:10389 [Root exception is java.net.ConnectException: Connection refused]]
1059836 - Remote Naming communication exception should be thrown on ConnectException

In previous versions of JBoss EAP, a generic javax.naming.NamingException was being thrown when a java.net.ConnectException occurred instead of the more specific javax.naming.CommunicationException.

This release includes a change that ensures a javax.naming.CommunicationException is thrown when a connection exception occurs.

CommunicationException is a subclass of NamingException, so any code that previously caught a NamingException will still work as expected.

Other

901210 - Cleanup deploy directories - AS7-6031

This release of JBoss EAP 6.3 includes a fix that ensures files and directories created in the JBOSS_HOME/tmp and JBOSS_HOME/tmp/vfs folders are removed before they can interfere with newly (re)started EAP instances.

In previous versions of JBoss EAP, older files may have been left behind after a server is shutdown unexpectedly (as JBoss EAP removes files in JBOSS_HOME/tmp and JBOSS_HOME/tmp/vfs as part of the shutdown process).

The fix in this release provides a failsafe to mitigate that scenario. If a JBoss EAP 6.3 server does not shut down gracefully the server will not have an opportunity to clean up these temporary files. Upon restart however, the server now queries the above locations and, if files from a previous instance are present, it initiates a rename/remove process that allows the creation of fresh files for the new instance (the old directories are renamed so as to avoid interfering with newly created files). These processes happen in parallel.

Upon restarting JBoss EAP (either gracefully or otherwise) old temporary files are now removed (either at shutdown or restart), to ensure they do not take up unnecessary disk space.

NOTE Users should avoid using the -Xrs JAVA_OPT as this limits signals processing and can result in the size of the tmp/vfs directories continuing to grow.

Patching

1110117 - Querying patching MBeans during shutdown results in IllegalStateException

In this releases of JBoss EAP 6, the patching subsystem PatchResource, while not having a dependency on the InstallationManagerService, may attempt to use it when it may be shut down

This could cause an IllegalStateException to be thrown if a shutdown hook attempted to query the patching subsystem MBeans.

This issue is expected to be resolved in a future release.
1108952 - OutOfMemoryError with large patches

In Previous versions of JBoss EAP 6, attachment data passed from master to slave host controllers was read fully into memory.

As a consequence, when installing large patches, an OutOfMemoryError may occur on child host controllers. This could occur when installing CP04 via the domain controller with the default memory settings.

In this release of the product, attachments are saved to temporary files, so as to not consume excessive memory and OutOfMemoryErrors do not occur on child host controllers.

PicketLink

1084596 - Backport PLINK-396

In previous verions of JBoss EAP 6, it was found that PicketLink's IDPWebBrowserSSOValve and IDPFilter were decoding the relaystate, which was contrary to the SAML specification. This has been addressed in this release of the product.

RESTEasy

1037753 - Chosen variant is not always the best match

In previous versions of JBoss EAP 6, it was found that RESTEasy, while adhering to specification RFC 2616, did not always return the most appropriate media handler in instances where quality factors were equal but specificity was different.

For instance, when given an Accept header of application/json, */* and variant values of ["application/xml","application/json"], RESTEasy's Request.selectVariant() would choose application/xml over application/json.

In this release, specific Accept header values take precedence over less specific variant matches with the same quality value (if both have q=1.0 or q=0.5 for example).
1014393 - Stream closed exception in resetStream on IBM jdk 16, 17 on RHEL 5, 6

In previous releases of JBoss EAP 6, the xercesImpl provided by IBM JDK 16, 17 conflicted with the jaxb unmarshaller used by resteasy-jaxb-provider.

This issue also occurred when the user was directly using the xercesImpl jar provided by EAP 6.

These conflicts resulted in a java.io.IOException: Stream closed error when using IBM JDK 16, 17 or xerces:xercesImpl:2.9.1-redhat-x (provided by EAP 6) as a dependency in a resteasy 2.3.6.Final-redhat-x based project.

This issue has been resolved.

RPMs

1086157 - RHEL6|RHEL5 Web Server from iso and httpd-manual error on yum update

Running yum update action in a new JBoss EAP 6 instance running on Red Hat Enterprise Linux based systems would, prior to this release, produce an error. This was because an RPM dependency ( httpd-manual) was missing from the jbappplatform-6-i386-server-6-rpm channel. The httpd-manual package has now been added to the channel and performing a yum update action no longer produces an error.

Remoting

1052204 - Protocol incompatibility between serializable classes with different non-serializable superclasses

In previous versions of JBoss EAP 6 an exception could be thrown when IBM and Oracle JVMs communicate by serializing a StringBuilder or StringBuffer class.

This was caused by the marshalling protocol erroneously serializing a class descriptor for the first non-serializable superclass of a serializable class.

This issue has been resolved in this version of the product with an upgrade to the JBoss Marshalling component.
1102271 - JBoss Marshalling should not require classes for null fields

In previous releases of Red Hat JBoss EAP 6, if an object contained a field whose value was null and the object type of the field did not exist on the unmarshalling side, attempts to unmarshall the object would fail with a ClassNotFoundException for the field.

This issue has been corrected in this release of the product.
1069075 - Thread leak and OutOfMemoryError on Tomcat using jboss-client.jar, calling an EJB on EAP

An upgrade to the JBoss Remoting component in JBoss EAP 6 has resolved an OutOfMemoryError issue found in earlier versions of the product. The issue was traced to thread leak occurring when a webapp on Tomcat called an EJB.
1011831 - JBREM000205: Failed to accept a connection: java.nio.channels.ClosedChannelException at server shutdown

A DEBUG message from the remoting sugbsystem was incorrectly logged as a WARN message during server shutdown. The message logged was similar to the following:
02:46:15,512 WARN [org.jboss.remoting.remote] (Remoting "node1:MANAGEMENT" read-1) JBREM000205: Failed to accept a connection: java.nio.channels.ClosedChannelException

As part of an upgrade to the remoting subsystem in this release of JBoss EAP 6, this message has been correctly reclassified as a DEBUG level message.
1080429 - Change JBREM000200 from ERROR to DEBUG since it is harmless

Users of previous versions of JBoss EAP 6 on Windows platforms may have encountered the following IOException when the JMX connection was closed:
JBREM000200: Remote connection failed: java.io.IOException: An existing connection was forcibly closed by the remote host

This error was caused by Windows forcibly closing connections. As it had no adverse affects, the logging level for the error was changed to DEBUG, to prevent it appearing in lower level logs.
1052258 - segfault and other xnio issues running on IBM JDK on IBM-I

An issue with applications running on IBM systems failing with a segmentation fault has been corrected in this release of JBoss EAP 6.

The crashes were caused by NIO implementations in IBM JDKs that are optimized for usage on IBM operating systems. The I/O layer in JBoss EAP attempts to detect and utilize these implementations. However on some operating systems (like IBM-I) these implementations cause a segfault.

In this release of the product, these operating systems are detected and safe fall-backs are utilized. This resolves the segmentation fault issue and the application server no longer crashes unexpectedly.

Remoting,Web

1032552 - OOM due lots of org.apache.tomcat.util.net.JIoEndpoint$Poller objects

A thread leak that could result in an OutOfMemoryError has been corrected in this release of JBoss EAP 6. The leak was traced to the JIoEndpoint class. The related code has been patched and the OOM error no longer presents.

Scripts and Commands

1062595 - RuntimeException by add-user utility once the user name matches the password (non-interactive mode)

Previous versions of JBoss EAP 6 would throw a RuntimeException if a non-interactive call to the add-user utility failed (as happens with problematic username/password combinations). This exception was intended to alert scripts that a failure had occurred. The exceptions could, however, be mistaken as a bug since these types of exceptions should not be propagated without being handled. A custom exception has been added to this release of the product to indicate that displaying this exception is intentional and not indicative of a bug in the add-user utility.
1027165 - add-user.sh requires console output

Previous releases of JBoss EAP 6 carried a known issue wherein the shell script for adding users to an EAP server (add-user.sh) could not be executed without the console (non-interactive mode).

This was because the shell script (add-user.sh) relies on console (java.io.Console) for operations.

Executing the shell script (add-user.sh) resulted in the following exception along with termination of the utility altogether:
java.lang.IllegalStateException: JBAS015232: No java.io.Console available to interact with user.

This issue has been resolved in this release of the product.
1063888 - The add-user script displays incorrect password information for the help argument

In previous versions of JBoss EAP 6, the help output for the add-user utility only displayed a single restriction pertaining to passwords (that they not be the same as the username). This could cause confusion when adding new users, as there is more than one restriction in place to ensure valid passwords are used. In this release of the product, the single restriction has been removed from the help text. It now appears, along with other applicable restrictions, in messages displayed when using interactive mode.
1062611 - add-user: '@' is not among non-alphanumeric characters during user name validatin

The add-user utility in previous versions of JBoss EAP 6 would display a misleading error message when an invalid username was entered. The messaged stated that a username must be alphanumeric, when in fact the utility had been modified to accept a subset of special symbols in usernames. The error message has been reconstructed to contain the list of acceptable symbols and users now see a more accurate error message when an invalid username is entered.
1020677 - Domain mode service script uses wrong string to verify if JBoss started

In previous versions of JBoss EAP 6, it was found that the domain and standalone service scripts used an incorrect variable when determining if the server had started correctly.

This could lead to inaccurate results when attempting to verify the server's state.

This issue has been corrected in this release.
956281 - Starting EAP 6.1 on windows with 32bit jvm can result in failure to start JVM

When running previous versions of JBoss EAP 6 on Windows 8 32-bit JVMs, the default max perm gen space setting caused the JVM to not be created, which then prevented the server from starting.

This issue has been resolved in this release.
1057127 - jconsole doesn't work when patch upgrades some of its dependencies

Previous versions of JBoss EAP 6 contained a bug that prevented the jconsole.sh script from running whenever a CP1 patch was applied. The patch updated some hard-coded modules in jconsole.sh which, in turn, tampered the original module jar files.

This meant that it was not possible to connect to an EAP console using jconsole.sh.

The issues was fixed by using the jboss-cli-client.jar from bin/client, which contains all required dependencies.
1062592 - Wrong error message from add-user utility

An error message given by the CLI add-user utility has been modified in this release of JBoss EAP 6 to prevent confusion.

In previous versions of the product, an error message stating that user passwords were required to contain at least one alphanumeric character was shown if the password entered contained only numeric characters. In this release the relevant error message now states that numeral-only passwords must contain at least one alphabetic character.
1057625 - add-user.sh syntax cygwin fix (for EAP 6.3.0)

In previous versions of JBoss EAP 6, it was found that the add-user.sh script would fail when run in Cygwin environments.

The cause was identified as a poorly formatted line of code in the script.

This issue has been resolved in this release, however the script still carries an unresolved issue when run in Cygwin environments. Refer to ticket 1069252 in the Known Issues section of this document for more information.
928486 - Requirements for password should be shown at once

In previous versions of JBoss EAP 6, a user who had entered an invalid password while using the add-user utility would only receive an error for the first contravention of the password rules found.

If the user had contravened multiple rules, multiple attempts to create the password could be required before a valid password was chosen.

In this release, the password utility now displays a full list of the password restrictions in advance, reducing the chances of failed password attempts.

Security

1023084 - Bug in JBossJSSESecurityDomain.java - attempting to use wrong provider

Previous versions of JBoss EAP 6 included a bug which caused JBossJSSESecurityDomain.java to attempt to use the keystore/truststore provider to get instances of the trust manager. This behavior was incorrect as the "trust-manager-factory-provider" setting cannot be used in the JSSE section of a security domain. Using this setting (even if properly configured) would result in an exception during start up. This bug has been resolved in this release and the "trust-manager-factory-provider" setting can now be used to set the trustManagerFactoryProvider.
1065476 - AdvancedLdap login module does not handle a user that has a slash character in the uid

In previous versions of JBoss EAP 6, authentications requests would fail if the requesting UID contained a slash (/) character. This was caused by the AdvancedLdap login module not handling quotes correctly. In this version of the product the login module has been modified to remove quotes on the returned user DN before attempting to bind.
1069127 - RBAC + LDAP needs to be able to work combined with <local/>

In previous versions of JBoss EAP, LDAP group loading could fail if an authenticated user could not be mapped to an LDAP account. This issue could arise because the authentication process using security realms first negotiates a mechanism between the client and the server, then loads the group information for the user. Because the local authentication system represents the user with an artificial username, the second part of this process could fail if the LDAP server could not map the username to a user.

In this release of the product, a new attribute; skip-group-loading, has been added to the <local /> element that is used for local authentication. When this attribute is set to true group loading is skipped after local authentication has occurred, thus avoiding the error. If a different mechanism is used, however, group loading proceeds as normal.
1066488 - management security realm: LDAP referrals not working

Previous releases of JBoss EAP 6 carried a bug stating that all users and groups must be defined and searchable on the same LDAP server.

Any user or group entries that result in a referral will not be usable with JBoss EAP 6.

This was because the LDAP searching within the security realms contained no logic for handling referrals if they were encountered while authenticating a user against LDAP or using LDAP to load their groups.

This issue has been corrected in this release and LDAP referrals work as expected.
1030053 - The NegotiationAuthenticator loses post data

In previous versions of JBoss EAP 6, it was found that the NegotiationAuthenticator would lose any SAMLRequest parameter if it was being used in conjunction with PicketLInk and HTTP_POST binding. This resulted in users remaining at the IDP landing page, even after successful authentication. The NegotiationAuthenticator has been patched in this release of the product and the issue no longer presents.
1065486 - LdapExtended login module does not handle a user that has a slash character in the uid

In previous versions of JBoss EAP 6, user authentications would fail if the User ID (UID) contained a slash character ( /). This was because the LdapExtended login module did not handle the character correctly. In this release of the product the module has been updated and now removes quotes from the user DN before binding. This resolves the issue and users can authenticate as expected.
974324 - EAP 6 Domain Mode Logging for Management is nonexistent

In previous versions of JBoss EAP 6 TRACE and DEBUG logging had not been added to the LDAP interactions within the security realms. This made diagnosing authentication issues where LDAP is in use extremely difficult as no debug logging was available. DEBUG logging has now been added to the security realms where LDAP is used. Customers can now use these logs to diagnose LDAP related issues with security realms.
1069885 - SecureIdentityLoginModule (and ConfiguredIdentityLoginModule) results are not cached by the JAAS cache

In previous versions of JBoss EAP 6 performance issues were encountered when using the SecureIdentityLoginModule not caching encrypted datasource passwords. This was caused by JAAS cache not allowing the cache key to be null when the application using the datasource was not secured.

In this release of the product the vault is used for encrypting database passwords, bypassing the JAAS login module and resolving the performance issues.
1067610 - Authentication attempts will fail if the DatabaseRolesMappingProvider's rolesQuery returns an empty set

In previous versions of JBoss EAP 6 it was found that authentication attempts would fail if the DatabaseRolesMappingProvider returned a null value. This was caused by the authentication not being able to provide roles to authenticated users if the value was null. In this release of the product, the security system will honor successful authentications and not attempt to apply roles in instances where the returned value is null.
1000185 - The JASPI auth-module configuration does not support a "module" attribute

In previous versions of JBoss EAP 6, the JASPIC auth-module configuration in the security subsystem was ignoring the "module" attribute. This attribute tells PicketBox where to load custom auth-module classes from.

As a result, custom JASPIC auth-modules could not be configured as PicketBox was unable to determine the jboss module that should be used.

As the module attribute already exists in the security subsystem schema, the fix involved adding code in the security subsystem to handle this attribute, allowing PicketBox to correctly load custom modules.

As a result, users can now configure custom JASPIC auth-modules by using the "module" attribute to indicate the jboss-module that contains the custom module class.

Server

955818 - Class-Path manifest entries for WARs-in-EAR not handled properly

In previous versions of JBoss EAP 6, when multiple sub-deployments in an EAR referred to a single non-module jar via Class-Path manifest entries, it was added to the first sub-deployment's classloader.

This caused Class loading problems as the classes in the utility jar would be located in the wrong classloader.

This version of the product creates a new deployment module for the utility jar, and has all dependant deployments use it. As a result, the Classloading problems no longer occur.
1060269 - reverse DNS lookup on master domain server reload

Users of previous versions of JBoss EAP 6 may have found that servers were not able to reconnect to the Domain Controller after it was reloaded, if the managed servers were not restarted as well.

This issue occurred if the reverse IP lookup was incorrectly configured, meaning the servers were presented with the hostname of the Controller (and not its IP address) to reconnect to. In these situations the connection would fail.

This issue has been resolved in this release of the product by reusing the data stored in the InetSocket object. This avoids the need to do a reverse IP lookup and allows the servers to reconnect as expected.
1036872 - Cannot configure a security policy file setting that disables policy files specifies in JRE's java.security file

An issue was identified in using the special prefix of = to disable the default policy files. The underlying cause was that when the Host Controller started a server, it provided null as the value of the java.security.policy setting, leading to the use of the policy files specified in the java.security file and possibly permission failures preventing server booting.

This issue was fixed by modifying parsing of system properties so that the value of a system property whose value begins with "=" is no longer reset to null by the Host Controller when starting a server.
1049999 - Class-Path: . can cause JBAS011046: A component named 'TestBean' is already defined in this module

In previous versions of JBoss EAP 6, some jar libraries in WEB-INF/lib contained a manifest with a Class-Path attribute that contained "." as an entry.

This issue caused some resources or components get processed twice, causing warnings in the log.

This release of the product ignores "." entries in Class-Path manifest attributes so resources are no longer processed twice.
924562 - Deployment restart caused by dependency replacement does not work

An issue that could result in a NullPointerException has been resolved in this release of JBoss EAP 6. The exception could present when a deployment partially restarted some data structures that were required have already been cleaned up to save memory (for example, when a dependency was replaced). This issue would prevent the redeployment from completing. To address this issue, partial redeployments are no longer allowed in this release of the product. If a dependency is replaced the deployment is now completely restarted and the exception no longer presents.

Transaction Manager

1038993 - Not possible change the object store type from hornetq to jdbc via cli commands

In previous versions of JBoss EAP 6, changes to the object store type (from HornetQ to JDBC, or vice versa) through the CLI interface were not propagated correctly.

As a result, the object store would remain as initially set (which may have been the less desired option).

In this release the write handlers use-hornetq-store and use-jdbc-store have been enhanced to disable the other option when used and the object store used is always the chosen option.
1034650 - Increase the default value of the com.arjuna.ats.jta.orphanSafetyInterval

An issue in previous versions of JBoss EAP that could cause numerous rollback XAExceptions to be logged if a transaction's processing time overlaped with the timing of the periodic recovery process's activity has been corrected in this release of the product. The timeout interval of orphanSafetyInterval has been increased to 20 seconds which significantly decreases the potential of encountering the exceptions.
1027126 - Server failed to start with standalone-xts.xml and jdbc object store running on mysql 5.5

In previous versions of JBoss EAP 6, when the transaction manager was configured to run XTS transactions, use a JDBC object store hosted on MySQL 5.5, and the driver was put in the deployments directory, the server failed to start.

This issue has been resolved in this release.
1107569 - One-phase optimization: XAException by XAResource swallowed and bean invocation falsely a success

A bug was present in previous versions of JBoss EAP 6 prevented users from seeing an exception that signified the failure of a single phase commit.

The bug arose as the resource manager could fail XAR::end but succeed in XAR::rollback which meant no exception was reported to the user.

This release of the product throws the correct exception to the user confirming the result of a single phase commit.
1092198 - LogStoreProbeHandler overwrites the LogStoreResource root model

In previous versions of JBoss EAP 6 it was found that LogStoreProbeHandler replaced the delegate held by LogStoreResource. This removed any data from the existing delegate's model field (the "type" attribute, for example).

As a result, invoking the probe operation on the subsystem=transactions/log-store=log-store would result in the value of the resource's type attribute being changed to default even if the transaction manager is actually using hornetq. The actual runtime behavior would not be affected, but the reported value would be wrong.

In this release of the product the contents of the current delegate's model is copied to the new delegate before it is removed and the type attribute will no longer be default after running the probe operation when the log store type is actually something else.

Web

1027272 - ContextNotActiveException thrown on session invalidation when using clustered SSO

In previous versions of JBoss EAP 6, the SSO valves did not set the context when expiring sessions associated with SSO.

As a result, ClusteredSingleSignOn would call WeldListener.sessionDestroyed(event) after the session has been destroyed, resulting in a ContextNotActiveException upon session invalidation.

In this release the SSO valves now set the context when expiring sessions associated with SSO and the ContextNotActiveException is avoided upon session invalidation.
1050204 - WAIT_FOR_BEFORE_START does not work for / context applications

In previous versions of JBoss EAP the WAIT_FOR_BEFORE_START property did not work for root context applications. If a user set WAIT_FOR_BEFORE_START to / and deployed a root application, the connectors did not start as expected.

This has been corrected in this release and now when setting WAIT_FOR_BEFORE_START to / and deploying a root application, the connectors will start as expected.
1105160 - High CPU in concurrent access to the JSSESupport keySizeCache map

The keySizeCache in JSSESupport was not properly synchronized in previous releases of JBoss EAP 6.

This meant concurrent access to the JSSESupport keySizeCache could result in high CPU hash map loops.

In this release of the product, access to the keySizeCache in JSSESupport is now synchronized and concurrent access to the keySizeCache does not occur.
1036197 - Native HTTP connector fails if org.apache.tomcat.util.Constants.ENABLE_MODELER is set to true

In previous releases of JBoss EAP 6, JBossWeb Coyote's *Protocol classes start() methods constructed an MBean name using the getName() value, which is likely to contain a colon and the MBean object name cannot contain arbitrary colons.

The following error would be reported when JBoss tries to start if -Dorg.apache.tomcat.util.Constants.ENABLE_MODELER=true was set:
JBWEB003044: Threadpool JMX registration failed: javax.management.MalformedObjectNameException: Invalid character ':' in value part of property

This release uses getJmxName() rather than getName() to correctly construct the name of the MBean.

As a result the exception no longer occurs when -Dorg.apache.tomcat.util.Constants.ENABLE_MODELER=true is used, and the modeller is enabled.

Web Console

1079948 - Can not see all hosts in the JBoss EAP 6.2 management console

In previous versions of JBoss EAP 6, the host selector was missing a scrollbar. This made it difficult to select hosts that may not have been visible in the selector.

A scrollbar has been added to the host selector in this release of the product and all hosts can be easily selected.
1014219 - RBAC: Control element visibility for users with multiple scoped roles

Users assigned to multiple roles would see operations in the console that they did not have access to perform. For example, a user with roles host-master-administrator and host-slave-monitor should only have been able to see control elements (such as the Add button on the server configurations page) in context of host slave. This button should not have been visible when operating in context of host master (however it was).

Operations that were incorrectly visible would fail if attempted, as the correct access control was enforced in the execution of the operation. There was no security violation.

This issue in the management console has been fixed in this release. Control elements which are not relevant for a user role, while visible, are grayed-out and are not active.
900849 - EAP6 CLI error when data is over 64k

Any CLI command which returned a String that was over 65535 characters in length would fail with the following error:
Communication error: java.util.concurrent.ExecutionException: Operation failed

This was caused by the use of the java.io.DataOutput.writeUTF() method in the JBoss DMR library. This method throws a UTFDataFormatException if the string being processed is over 65535 characters in length. The JBoss DMR library was been updated to use an alternative technique to correctly process strings over this length. Any CLI command which returns a string over 65535 characters in length now performs as expected.
901227 - node-timeout, worker-timeout, flush-wait and ttl mod_cluster attributes in web console

An issue that was present in a previous version of the JBoss EAP 6 web-based Management Console that prevented users from viewing or setting a -1 value for the listed mod_cluster attributes as been corrected in this release:
  • node-timeout
  • worker-timeout
  • flush-wait
  • ttl
1103747 - Unable to list all Queues/Topics (from "Profiles" tab) in Management Console for EAP 6.x

In previous versions of JBoss EAP 6, users found they could not list all topics and/or queues under the profiles tab in the Management Console. The maximum number of queues that was visible was eight. This has been addressed in this release and now all queues are visible.
1029687 - Logout of secured (ssl) admin console setup redirects to http address

In previous versions of JBoss EAP 6, users logging out of a secured administration console (over HTTPS) would be incorrectly redirected to standard HTTP addresses and the logout would fail.

This was because the redirects were hardcoded to use HTTP addresses.

In this release of the product, the redirects have been updated to take into account if the user is accessing the interface over HTTP or HTTPS and redirect appropriately.
1048211 - Security domain showing wrong security policy in management console

A bug in previous releases of JBoss EAP 6 caused the security domain to show an incorrect security policy.

The selection update has been fixed in this release and now the details are updated according to the selected security policy
999813 - [Usability] Cancel operation is ignored when flushing JMS destination metrics in the management console

In JBoss EAP 6.1.0 and 6.1.1, before flushing a JMS destination via the web management console, a confirmation dialog was shown, requesting confirmation of the action. Regardless of the user's reply, the JMS destination was flushed. The root cause of this issue was that the result of the confirmation prompt was ignored. This issue has now been resolved and the JMS destination is only flushed if the confirmation dialog was closed with "OK".
1012490 - List all JNDI names for messaging destinations in runtime metrics page

In previous versions of JBoss EAP 6 it was found that the Runtime metrics page for messaging destinations (Runtime > JMS Destinations) listed only a single assigned JNDI name for a Java Messaging Service (JMS) destination. The other JNDI names for a Java Messaging Service (JMS) destination were denoted with an ellipsis ("...").

This meant that complete list of JNDI names for a Java Messaging Service (JMS) destination could only be accessed by visiting the complete destination list in EAP Profile(s).

In this release, the complete list of JNDI names for all Java Messaging Service (JMS) destinations are visible in Runtime metrics page for messaging destinations (Runtime > JMS Destinations) aided by a tooltip.

If a JNDI name list is too long it is truncated and the ellipsis is displayed but the tooltip displays the complete list when the mouse is hovered over a JNDI name entry.
1073537 - DS connection tests is required to pass across all servers

In previous versions of JBoss EAP 6, the DS connection test used all servers in the domain. This could negatively impact performance.

In this release of the product, only the servers of the currently selected profiles are used for the connection test, resulting in better, more reliable performance.

Web Services

1060001 - Spring dependency injection doesn't work on endpoint instances

A bug present in previous versions of JBoss EAP 6 that prevented beans created in JBoss WS-CXF from being injected into endpoints has been resolved with a component upgrade in this release.
1032593 - Data are kept in jboss-eap-6.2/standalone/data/wsdl after application undeploy

Previous versions of JBoss EAP 6 stored data in Web Services Description Language (WSDL) directory (EAP_HOME/standalone/data/WSDL) even after an application was un-deployed from JBoss EAP server.

The WSDL data was stored as this was the default behavior as soon as an application was deployed on the server with no automated mechanism for removing the stored files.

This issue was resolved by updating files in repositories (jbossws-cxf-4.2.x and trunk) to change the behavior of maintaining and publishing WSDL logs.

The fix prevents storage of data in WSDL directory after an application is un-deployed from JBoss EAP 6.3 server.
1032439 - jbossws testcase intermittent failures caused by javax.management.InstanceNotFoundException: jboss.ws:service=ServerConfig

In previous releases of JBoss EAP 6, the WS server configuration was not always available through JMX.

This was caused by the deprecated OPTIONAL service dependency to MBean server in WS ServerConfigService

In this version, MBean server dependency is set as REQUIRED instead of OPTIONAL whenever the JMX subsystem is available

As a result, WS server configuration is always available through JMX when JMX subsystem is available
1069349 - Schema imports in CXF can have naming conflicts in the URL used to retrieve them

A bug in previous releases of JBoss EAP 6 created naming conflicts in URLs when importing schema in CXF. This issue has been addressed in this release of the product.
900634 - JBossWS-CXF doesn't send fault message to a FaultTo endpoint when request-response message.

If the FaultTo element of WS-Addressing was set to a WS client, the WS server did not send fault messages to the FaultTo destination. However, if the ReplyTo element was set, the WS server did send the responses to the ResponseTo destination. This bug was fixed in this version of JBoss EAP 6 with an update of Apache CXF.
1040732 - JAXBDataBinding can not handle the exception with generic objects like ObjectWithGenerics<Boolean, Integer>

Previous releases of JBoss EAP 6 carried an issue that presented when an Exception class contained some members with type parameters defined as shown the following example.

The WSDL generated from the exception class was incorrect and the SOAP fault message was not expected.
@javax.xml.ws.WebFault
public class GenericsException extends Exception {
  private static final long serialVersionUID = 1L;
  private ObjectWithGenerics<Boolean, Integer> obj;

  public ObjectWithGenerics<Boolean, Integer> getObj() {
  return obj;
  }
  public void setObj(ObjectWithGenerics<Boolean, Integer> obj) {
  this.obj = obj;
  }
}

This issue was resolved upstream and the fix incorporated into this release of the product.
1079084 - Webservices DUP is not scanning all visible classes for @WebService annotation

It was discovered that the Webservices DUP in previous versions of JBoss EAP 6 carried a bug that prevented it from scanning all visible classes with the @WebService annotation. An error presented when a war archive that contained a web.xml with a <servlet-class> that refers to a JAX-WS endpoint (so the class is annotated with @WebService) was located within an ear archive and the jar containing the class was located in the ear archive's lib/ directory. The relevant code has been amended in this release to scan more thoroughly for @WebService classes and the error no longer presents.
1077259 - HttpServletRequestSnapshot is not created for requests with WSA ReplyTo prop set

A bug previous releases of JBoss EAP 6 prevented HttpServletRequestSnapshot from being created for requests with WS-Addressing enabled and the ReplyTo header property specified to a non generic address.

This bug resulted in an immediate HTTP 202 response and the servlet request being early recycled by the container. This prevented endpoints from accessing the servlet request context information.

The issue has been resolved in this release of the product by an upgrade to the CXF component.
1079043 - MessageContext is lost when JAX-WS client is invoked from within a JAX-WS endpoint impl

In previous versions of JBoss EAP 6, when a JAX-WS client was invoked inside an endpoint, the endpoint's MessageContext was removed from the ThreadLocal and not replaced at the end of the client call.

This caused the MessageContext to be unavailable to endpoints after they make any JAX-WS invocation.

This bug has been addressed in this release of the product.
1031642 - WebServices subsystem attribute modify-wsdl-address false value ignored

Previous versions of JBoss EAP 6 carried a bug that prevented the WS stack from processing @WebService(wsdlLocation=...) when performing wsdl soap:address rewrite.

The annotation attribute above was not processed when the annotation was put on service endpoint interfaces only.

This issue has been corrected in this release.
1060355 - Schema validation + multiple schema imports in same namespace + catalog lookup doesn't work

An issue that caused the algorithm in org.apache.cxf.wsdl.EndpointReferenceUtils.SchemaLSResourceResolver#resolveResource to not resolve the correct schema and return only the first schema it found has been corrected with an upgrade to the CXF component.

jbossas

1067620 - Cannot change application permissions on EAP 6 when the Java Security Manager is enabled

An issue with the application of Java Security Manager (JSM) policies was discovered, where deployed applications were granted AllPermission permission, which contradicted the policy file. The root cause of this issue was that Virtual File System (VFS) was not enabled, so handling of vfs:/... URL-based policies were not loaded and the default permissions were applied instead. This issue has now been resolved, by ensuring the VFS module is loaded, and JSM policies are now correctly applied.

mod_cluster

1008901 - Some serious log messages don't have id to identify them

In previous versions of JBoss EAP 6, it was found that two log messages were not localized correctly.

As a result users did not see a MODCLUSTER{id} message nor a translation.

In this release, two messages have been added: MODCLUSTER000044 and MODCLUSTER000045.

The messages now appear as expected.
1030965 - Number of registered contexts negatively affects mod_cluster performance

A performance issue has been identified on the Apache HTTP Server with mod_cluster configured as a load balancer. httpd shared memory operations on the workers->nodes table negatively affects the performance of the load balancer. As a result, performance of the httpd load balancer decreases as the number of registered contexts increases.

To workaround this issue, attempt to lower the number of registered contexts.

To fix this bug, the httpd has been modified to utilize local memory rather than shared memory.
1020142 - modcluster subsystem XSDs do not describe worker-timeout attribute

In previous versions of JBoss EAP 6, the mod_cluster XSD used for validations did not specify worker-timeout attribute.

This meant that using XSD to validate configuration might have failed validation even though the configuration was correct and correctly parsed by the server.

The XSD schema has been fixed and now using XSD schema for validation when using worker-timeout attribute will now pass validation.
1058334 - ${project.version} is not resolved for mod_cluster in server log

In previous releases of JBoss EAP 6, the version string logic was using a ${project.version} in the ModClusterLogger.java

As a result, ${project.version} was written to the server log.

In this version, the logic has been fixed adding a version string in Version.properties and reading in before logging the start message. The version is now correctly displayed in the server log.
985101 - STOP-APP not included on mod_cluster-manager page along with ENABLE/DISABLE-APP

In previous versions of JBoss EAP 6, the STOP-APP command on the mod_cluster-manager page was not exposed.

This issue has been corrected in this release and the STOP-APP command is now available through the mod_cluster-manager page as expected.
980246 - mod_cluster-manager may break up aliases from a single VirtualHost, causing a messy page

In preavious releases of JBoss EAP, it was reported that when deploying multiple applications, each with a unique virtual-server and each virtual-server with multiple aliases, the mod_cluster_manager could incorrectly display the same Virtual Host multiple time (once for each alias).

This issue has been resolved and now all Virtual Hosts are displayed only once on the manager page together with all aliases as expected.
1098576 - ModClusterService stop commands are always draining sessions

In previous versions of JBoss EAP 6, using the ModClusterService stop or stopContext commands from the CLI interface failed to move a context to the STOPPED state after failing to drain the active sessions. This meant these commands were not viable for quickly stopping the context when desired (without draining). This issue has been resolved with an updated to the mod_cluster component.
1044594 - [WFLY-2663] mod_cluster metric properties are never applied

In previous versions of the mod_cluster subsystem configured load metrics and properties specified for them were parsed from the XML, but not applied to classes.

This meant that configuring properties for load metrics did not have any effect.

In this release, the properties are applied to the objects as expected.
1052185 - MODCLUSTER-365: Reset MCMPs are sent to all available proxies

A previous release of JBoss EAP carried a known issue that resulted in mod_cluster sending reset MCMPs (Mod_Cluster Manangement Protocols) to all httpd servers in its proxy-list after one of them was restarted. This behavior could have had a negative impact on systems with auto-enable context set to false.

The correct behavior is to send the reset request only to the restarted server. The issue occurred because DefaultMCMPHander.status called sendRequests which sends to all proxies by default.

This issue has been resolved due to an upgrade to the mod_cluster component.

7.2. Enhancements

Clustering

1025023 - Add configuration option to enable/disable Infinispan statistics

This release of EAP 6 includes an enhancement to the clustering system. The Infinispan subsystem can automatically gather usage statistics. It is possible to enable or disable statistics explicitly per cache container and per cache.

These statistics can help profile and debug applications and caches, however their use incurs a small overhead. They are disabled by default and can be enabled if needed.

Domain Management

1052187 - Make FACILITY for audit log over syslog configurable in the management model

In previous versions of JBoss EAP 6 the audity log syslog-handler's facility was not configurable in the management console and a default facility was used. The facility has been exposed in this release of the product as part of the core-service=management/access=audit/syslog-handler=* resource and can now be configured as required.
1053355 - Make appName for audit log over syslog configurable in the management model

Previous versions of JBoss EAP 6 did not allow application names to be configurable in the management model.

As a consequence, a default appName was used.

In this release of the product, the application name has been exposed as part of the core-service=management/access=audit/syslog-handler=* resource and the name is now configurable.
976228 - Operation which require server reload should check if something was changed

In earlier versions of JBoss EAP 6, some operations which did not effectively change the status of the server would put it in reload-required mode.

The was because the system did not check if the operation would effectively change the configuration.

In this release, if checks confirm that the configuration of the server was not changed by the operation, a reload is not required. This change does not cover every possible case.
1044772 - ldap group loading doesn't log anything

In previous versions of JBoss EAP 6 TRACE and DEBUG logging had not been added to the LDAP interactions within the security realms. This made diagnosing authentication issues where LDAP is in use extremely difficult as no logging was available.

Verbose TRACE logging for the loading of groups has been added in this release and is now logged to the org.jboss.as.domain.management.security category. This new logging has been limited to the TRACE level due to the verbosity at the DEBUG level.

Customers can now use these logs to diagnose LDAP related issues with security realms.

EJB

985793 - Allow property substitution in MDB via ctivationConfigProperty Annotation

This release of JBoss EAP 6 allows property substitution in Message Driven Beans via ActivationConfigProperty Annotation.

Refer to the chapter on Message-Driven Beans in the EAP 6.3 Developer Guide for more information.

Hibernate

996767 - [HHH-8440] Add SQLServer2012Dialect in Hibernate

The Hibernate component in JBoss EAP 6 has been updated to provided support for features introduced in MySQL 2012. Users can now utilize features such as SEQUENCE object creation.

HornetQ

1089853 - Implement sync of counters for non transactional sends

This release of JBoss EAP 6 contains an enhancement with an increase in the number of checks performed to guarantee the page counter is synced properly. This enhancement was added as it was found that, in earlier versions of the product, the page counter could get out of sync between paged messages and what was stored on the journal which could lead to negative delivering numbers. The extra checks prevent this from happening.

Installer

1035325 - Don't print IzPack variables to console.

In this release of JBoss EAP 6, the installer will no longer log all of IzPack's internal variables to the console. They are now only logged within the log file.
1027655 - Allow user to configure more than one module-option for Security-Domain

In older releases of JBoss EAP 6, only a single login-module could be added to the new security-domain.

This release contains an enhancement to allow an arbitrary number of login-modules to be created. Users can now create multiple login-modules in their new security domain.
1048942 - Add option to automatically configure the Maven settings to use the public repository

In this release of JBoss EAP 6 the Maven settings.xml configuration panel UI has been reconfigured.

The defaults have been made more intuitive and the panel now displays information in a clearer way.

JMS

1019069 - Messaging XSD is missing description of attributes

In this release of JBoss EAP 6, the XML schema for the messaging subsystem is annotated with descriptions of the attributes and types. This enhancement is intended to help developers write the corresponding XML configuration.
1014099 - WARN HQ222180: There are no queues bound into Dead Letter Address jms.queue.DLQ. Messages will ... during start

This release of JBoss EAP 6 includes an enhancement to the messaging subsystem configuration which now includes two JMS queues for the dead letter queue and the expiry queue.

In older releases the default address settings were configured to send expired messages to an expiry address and undelivered messages to a dead letter address. However there were no queues bound to theses address and it resulted in message loss preventing administrators to examine these messages and diagnostic potential application issues.

Expired messages will now be stored in the DLQ queue and undelivered messages will now be stored in the ExpiryQueue.

Logging

994661 - Custom logging formatters

This release of JBoss EAP 6 introduces the ability for users to create custom logging formatters for use in any handler via the command line interface or configuration XML. Handlers now override setFormatter(...) and use the custom formatter.

PicketLink

1084594 - Backport PLINK-313

A new feature has been introduced into the PicketLink component in this version of JBoss EAP 6. In this release IDP is now configurable to sign assertions.
1084601 - Backport PLINK-405

A new feature has been incorporated into the PicketLink component of this version of JBoss EAP 6. In this release the the principal that gets sent to the AttributeManager has been made configurable.

When using PicketLink with JBoss Negotiation, the principal that is sent to the AttributeManager is a hashed string and not the username. This can result failed lookups if the mapping provider uses the principal to look up any attributes.

The ability to configure the principle ameliorates this issue.
1084589 - Backport PLINK-146

A new feature has been introduced into the PicketLink component in this version of JBoss EAP 6. The XMLSignatureUtil can now allow KeyInfo to use X509 if desired.
1085534 - Backport PLINK-407

An update to this release of JBoss EAP 6 introduces an upstream PicketLink feature that allows the FormAuthenticator characterEncoding parameter to be used for requests in IDPWebBrowserSSOValve.

Security

Features have been added in this version of JBoss EAP 6 that allow users to improve the security of passwords and other sensitive strings used in configuration files.
These include the ability to use your own implementation of SecurityVault to mask passwords and other sensitive attributes in configuration files, and password vault support for SSL connections used by the CLI Console configuration file (jboss-cli.xml).
Please refer to the Security Guide for documentation on using these new features.

Web

900786 - Add a redirect-port from socket-binding to the web connector config

In releases of JBoss EAP prior to 6.3 socket-binding could not be used to define the redirect-port.

That ability has been added in this release of the product and users can now use the new attribute redirect-binding of the connector element to define the redirect port instead of using the redirect-port attribute. This new attribute takes a socket binding name as value.

Web Services

1088916 - WS-I Basic Security Profile 1.1 support

This release of JBoss EAP 6 now supports WS-I Basic Security Profile 1.1.
1006638 - WS-I Basic Profile 1.2 and 2.0 support

In addition to WS-I Basic Profile 1.1, this release of JBoss EAP 6 now supports WS-I Basic Profile 1.2 and 2.0.

mod_cluster

987259 - hot-standby for mod_cluster

This release of JBoss EAP 6 introduces a hot-standby feature to mod_cluster.

7.3. Known Issues

CDI/Weld

1054876 - Proxy creation fails when a superclass does not have a no-arg constructor

CDI defines that a class must have a public constructor either annotated @Inject or with no arguments. Weld checks this requirement during deployment. However, the Weld implementation in this EAP version erroneously performs a stricter check and requires that also constructors of all superclasses have public no-arg constructors. If they do not, an `UnproxyableResolutionException` is thrown and the deployment fails.

A workaround is to include a public no-args constructor in all superclasses of a bean class.
1086555 - Weld - Specialization of generic beans throws inappropriate exception

In this release of JBoss EAP 6, setting a specialization on a generic bean results in a DefinitionException being thrown.

This behavoir may not be appropriate and is under investigation.

CLI

1054874 - jboss-cli.sh cygwin support

This release of JBoss EAP 6 contains a bug that may create problems using the product in a Cygwin environment.

Differences in the POSIX and Microsoft Windows pathing implementations may cause the path variables in the jboss-cli.sh shell script to not function as expected.

This issue is expected to be resolved in a future release of the product.

Clustering

900483 - Stale session data received when using DIST SYNC on node shutdown

During testing, some cases showed that stale session data was received when a node shut down and DIST SYNC or DIST ASYNC cache mode was used. This issue is still under investigation.
900378 - CDI beans with SET replication trigger are not replicating

Due to a bug in the Weld component, the setAttribute method is not called correctly. This causes CDI beans with the SET replication trigger to fail to be replicated. The workaround is to use the SET_AND_NON_PRIMITIVE_GET trigger for these beans. This will be fixed in a future release.
900946 - IllegalStateException: Cache is in 'TERMINATED'/'STOPPING' state.

This release of JBoss EAP 6 carries a bug that may cause an IllegalStateException to appear after an application is undeployed on one node within 5 seconds of having been deployed on another node within the cluster.

This issue in under investigation and is expected to be resolved in a future release.
901162 - TimeoutException: Unable to acquire lock

A Known Issue exists in this release of JBoss EAP 6 that produces a TimeoutException: Unable to acquire lock under some circumstances.

This issue is expected to be resolved in a later release.
917635 - Failed to load session: NullPointerException

A Known Issue in this release can cause a NullPointerException with a Failed to load session message to be encountered after application deployment in some circumstances.

This issue is expected to be resolved in a later release of the product.
993041 - RuntimeException in org.jboss.as.web.session.ClusteredSession.access

In rare circumstances, when a distributed web session is being accessed while another node is abruptly leaving the cluster, a lock aquisition might fail. When this occurs it results in an exception message:
RuntimeException: JBAS018060: Exception acquiring ownership of <session-id>

The root cause of this issue is that the lock acquisition does not take into account that a cluster node might leave the cluster at exactly the same time, resulting in the lock acquisition failure. This issue is under investigation and is expected to be resolved in a future version. No known workaround is available.
959951 - CacheException: java.lang.RuntimeException: Failure to marshal argument(s) at server shutdown

On shutdown of a server the following message may be logged:
CacheException: java.lang.RuntimeException: Failure to marshal argument(s) at server shutdown

This message occurs because Infinispan does not yet support clean shutdown and can be safely ignored. This issue is being investigated but no known workaround is available.
922699 - IllegalStateException: AtomicMap stored under key X has been concurrently removed!

An IllegalStateException can be thrown in rare cases when routine processing expiration and passivation accesses a session that is concurrently removed. This causes an exception to be thrown and logged.

The exception can be ignored. However, disabling session passivation will ensure the problem is avoided.

Domain Management

1111575 - subnet-match is completely broken

This release of JBoss EAP 6 carries a bug that prevents subnet-match from respecting the value attribute.

This issue is under investigation and is expected to be resolved in a later release of the product.
1105677 - Nonexistent ldap group causes authentication to fail in security-realm

This release of JBoss EAP6 carries a bug that causes LdapGroupSearcher to fail when attempting to look up a group that does not exist on the local LDAP server. In these instances the search returns an HTTP 500 error code, preventing some users from logging in.

This issue is expected to be resolved in a future release of the product.
1015524 - RBAC: unable to deploy the same deployment which was already deployed by user from different server-group scope

When role-based access controls are enabled, management users with server-group scoped roles might have new deployments fail with the following message:
"JBAS014807: Management resource '[(\"deployment\" => \"example.war\")]' not found"

This occurs because a deployment with the same name already exists in the domain. This is correct behaviour. However because the management user is scoped to a server group, they will be unable to see if such a deployment already exists in another server group. This makes it difficult to avoid this confusing error.

To workaround this limitation, Red Hat recommends that either non-scoped roles are assigned to the users responsible for adding deployments to a domain, or that a list of deployment names is maintained so that management users are aware of them.
995439 - JTS transactions settings depend on Jacorb settings

When JTS is enabled in the Transactions section of the web management console ("Profile -> Container -> Transactions"), it it is necessary to also set the attribute transactions to the value on in the JacORB subystem. The intended behaviour is that transactions are enabled when JTS is enabled. The cause of this issue is under investigation. Until it is resolved, the workaround is to ensure that the transactions attribute is also set to on. Note that the transactions subsystem is available only in the full and full-ha profiles.

EJB

990102 - Concurrent access timeout -- could not obtain lock within 5000 MILLISECONDS

This release of JBoss EAP 6 carries a bug that could produce a concurrent access timeout when an EJB client invoking a method on a stateful bean in a "forwarding" cluster; this bean forwards the call to stateful beans in a "target" cluster, and then back again. Invocations are serial; the client will not invoke a method on a bean until it got a response to previous invocation. When one of the servers in the cluster is shut down, the error occurs.
1118432 - java.util.concurrent.RejectedExecutionException if a remote-naming InitialContext should be closed

In this release of JBoss EAP 6, if remote naming is used to lookup an EJB it creates an ejb-client context.

If the remote naming context object is closed when done, the client will log the error shown below, because the ejb-client context was already shut down and it tried to again.
ERROR [org.jboss.remoting.handler-errors] Close handler threw an exception: java.util.concurrent.RejectedExecutionException

This issue will be corrected in an upcoming release.
1067194 - EJB3 client code swallows exceptions making it difficult to track down issues in production.

This release of JBoss EAP 6 carries a bug that causes EJB3 clients to swallow exceptions unless logging is set to DEBUG.

This issue is expected to be resolved in a future release of the product.
1123505 - EJB/remoting configuration does not propagate the certificate as credentials for authentication if mutual auth SSL was used for the connection

In this release of JBoss EAP 6, EJB/remoting configurations do not propagate the certificate as credentials for authentication if mutual authentication SSL is used for the connection.

This issue makes it impossible to use the BaseCertLoginModule for authentication with SSL protected EJBs.

This issue is under investigation and is expected to be resolved in a future release of the product.

Hibernate

1102974 - HHH-9231 Uncommitted data can remain in transactional collection cache after rollback if collection is initialized after flush

This release of JBoss EAP 6 contains a bug that causes some changes to remain in the level 2 cache, following rollback of changes.

This issue may result in a javax.persistence.EntityNotFoundException or non-existent entities being encountered.

This issue is expected to be resolved in a future release of the product.
1111706 - NonUniqueDiscoveredSqlAliasException: Encountered a duplicated sql alias

In this release of JBoss EAP 6 a native SQL query which specifies a column multiple times without unique aliases (e.g. "select e.id, e.title, e.id from Event e") for any simple entity (e.g. Event) fails in with the following message:
org.hibernate.loader.custom.NonUniqueDiscoveredSqlAliasException: Encountered a duplicated sql alias [id] during auto-discovery of a native-sql query

This happens because Hibernate obtains the column labels from java.sql.ResultSetMetaData.getColumnLabel(). Hibernate cannot determine if the columns with the same name refer to the same value from the same entity.

Rather than possibly making an incorrect assumption, Hibernate throws the exception.

The workaround is to provide unique aliases for columns with the same name (e.g. "select e.id AS id1, e.title, e.id AS id2 from Event e").
1094951 - HHH-9261 Multiple detached representations of the same entity cannot be merged using cascade=merge

An issue in this release of JBoss EAP 6 could result in an java.lang.IllegalStateException: An entity copy was already assigned to a different entity error being encountered.

The issue presents during a cascade merge if multiple entity instances with the same identity are detected. As they cannot be automatically merged, the exception is raised.

This issue is expected to be resolved in a future release of the product.
1105078 - HHH-9062 Envers validity audit strategy: end revision timestamp is not stored in tables for joined subclasses

In this release of JBoss EAP 6, when Envers is used with a validity audit strategy to audit an entity hierarchy using JOINED inheritance, the resulting audit tables created for the joined subclasses do not contain the end revision column.

This can complicate partitioning the audit tables for joined subclasses.

This issue is under investigation.
1085982 - Envers: Column of Embedded missing in Audit Table (HHH-8908)

This release of JBoss EAP 6 contains a bug that prevents attributes inherited from superclasses in Hibernate from being audited unless the class is marked as @Audited.

The workaround is to ensure that the @Audited attribute is used in classes to be tracked.

This issue is expected to be resolved in a future release of the product.
1117447 - HHH-9280 Join table name for @ElementCollection of entity class name instead of specified entity name

This release of JBoss EAP 6 carries a bug in the Hibernate component that causes the table name computed for an @ElementCollection to use the entity class name instead of the specified entity name.

This issue is expected to be resolved in a future release of the product.
900321 - HHH-7287 Problem in caching proper natural-id-values when obtaining result by naturalIdQuery using NaturalIdLoadAccess

The Hibernate interface NaturalIdLoadAccess behaves inconsistently when trying to load entities from the Level Two (L2) Cache following an update of their natural-id values from a non-transactional scenario.

Hibernate currently does not support proper L2 caching of entities with natural identifiers in scenarios where there is a mix of transactional and non-transactional access to the database.

Installer

1032892 - Unable to use tab filling for path starting with a drive letter on windows.

In the console installer of JBoss EAP 6 on Microsoft Windows Server, tab completion for directory paths which start with a drive letter is not working.

When entering a path which starts with a drive letter, for example C:\, and pressing the Tab key, nothing is shown. In this situation, it is expected that it will show the contents of that directory.

This issue will be fixed in a future release.
977805 - Starting JBoss Administration Console from start menu is not working on Solaris

The start menu shortcuts for the Administration Console on Solaris do not work for a JBoss EAP 6 instance that has been installed using the installer.

Instead of opening the Administration Console in a web browser, the following error message is displayed:
Error showing url: HTTP Error: Method Not Allowed

This issue is caused by the xdg-open command not functioning as expected on Solaris.

As a workaround to using the start menu shortcuts, the Administration Console can be accessed directly in a web browser. If configured with the default ports, the URLs for the Administration Console are below: For standalone mode: http://localhost:8080/console For domain mode: http://localhost:9990/console

JCA

1109691 - Recovery does not work when no credentials are specified for recovery element in RA configuration

In this release of JBoss EAP 6, when security credentials are not specified in the XML for the recovery element, then recovery does not start for particular JMS resource.

This behavior is not intended as a connection should be created with "no credentials" (or something similar).

This issue is expected to be resolved in a future release of the product.
991389 - Connection factory isn't activated in generic-jms-ra.rar resource adapter after server reload with jts transactions mode set.

When a JBoss EAP server is configured with a resource adapter deployed using generic-jms-ra.rar, the connection factory is deregistered when the server is reloaded. The cause of the issue is that the generic resource adapter does not correctly handle the reload if the transaction subsystem is configured to run on the JBoss Transactions System (JTS). The root cause of this issue is being investigated.

A workaround is to add a JCA descriptor XML file to the RAR archive with the connection properties specified.
1023193 - JMS generic RA shows 'lock owned during cleanup' warning during periodic crash recovery

A minor issue with periodic recovery has been identified, where warning messages beginning with the following text are logged.
WARN [org.jboss.resource.adapter.jms.JmsManagedConnection] (Periodic Recovery) Lock owned during cleanup: java.lang.Throwable: Lock owned during cleanup

The underlying cause of the issue is that the generic JMS adapter mishandles the second periodic recovery call. In accordance with the Object Transaction Service specification, when the transaction manager is set to be run on the Java Transaction Service (JTS) the periodic recovery calls rollback for the same XID twice. The issue is that the generic JMS adapter incorrectly handles the second call of the rollback for the same XID and the above warnings are logged. Note that despite the warning messages, recovery occurs correctly.
1107120 - Failures when deploying MySQL JDBC driver to EAP 6.x

This release of JBoss EAP 6 carries a bug that prevents the MySQL JDBC driver being depoyed under certain circumstances.

The deployment fails, informing the user that the deployment already exists. Any attempt to remove an existing deployment also fails.

A workaround to avoid these errors is to restart the server. The driver will then deploy successfully.

This issue is under investigation.
901300 - @Resource injection of Datasource on clustered SFSB fails with serialization error

This release of JBoss EAP 6 carries a bug that causes @Resource injection of a Datasource field on clustered SFSB to fail with a serialization error.

A workaround for this issue is to mark the field transient and then repopulate it manually in @PostActivate.

This issue will be addressed in a future release of the product.
1033008 - Generic JMS RA is not consistent with the EE spec - it does *not* ignore the parameters when session is created in the transaction context

When a session is created in a transaction's context and parameters are passed to the generic JMS resource adapter, a Null Pointer Exception (NPE) occurs. The issue occurs because the processing of parameters is atempted, when the Java EE specification states that they are not to be processed. The root cause of the issue is under investigation, but until then a workaround is to set the session to be transacted, as per the following example. With this workaround, the NPE will not occur.
connection.createSession(true, Session.SESSION_TRANSACTED);
1104227 - Incorrent jndi of datasource provided to jdbc driver for recovery when more datasources exist

In this release of JBoss EAP 6, there is an issue during passing JNDI of a datasource during a recovery process when more than one datasource is defined.

Those datasources belong to one physical machine but each of them points to different database (different user is used for connecting).

This causes the recovery to fail with an exception and finishes with the following error:
WARN [com.arjuna.ats.jta] (Periodic Recovery) ARJUNA016027: Local XARecoveryModule.xaRecovery got XA exception XAException.XAER_RMERR: oracle.jdbc.xa.OracleXAException

This issue is expected to be resolved in a future release.

JDR

917683 - Jdr utility generates wrong archive entry name running on Windows

A bug has been found in the JDR utility when used in Windows environments. It has been reported that the utility will append the last character of the originating $JBOSS_HOME directory to the JBOSS_HOME directory created inside the archive.

For example, for an originating JBOSS_HOME directory named jboss-eap-6.2 the JDR utility would produce an archive directory called JBOSS_HOME2.

The cause of this bug is still being investigated and no workaround to prevent it exists.

JPA

1114726 - JPA entity class enhancement may not work for sub-deployments when other sub-deployments reference the entity classes

This release of JBoss EAP 6 carries a bug that allows entity classes in user applications to be rewritten by the persistence provider at application deployment.

Issues have arisen when sub-deployments are deployed in parallel and there are references to entity classes in other sub-deployments beyond the deployment that contains the persistence unit. In these instances each sub-deployment will proceed through the various internal deployment phases in parallel.

This issue is expected to be resolved in a future release of the product.

JSF

1096905 - InstantiationException on WeldApplicationFactory when switching to JSF 1.2 in EAP 6.2.

JBoss EAP 6 allows users to choose a JSF version for a deployment using descriptors bundled with the deployment.

This, however, currently does not work correctly when the deployment also uses CDI. It is currently not possible to have two different deployments use different versions of JSF if both deployments also use CDI.

When this is attempted, an exception is thrown and the deployment fails with the following error:
java.lang.InstantiationException: org.jboss.as.weld.webtier.jsf.WeldApplicationFactory

Though using JSF 1.2 with CDI is not officially supported, since JSF 1.2 is an EE5 technology and CDI is an EE6 technology, it is still possible to make JSF 1.2 work with CDI for all deployments using the following workaround:
  1. Set 1.2 as the default JSF version in EAP by executing the following command in jboss-cli: /subsystem=jsf/:write-attribute(name=default-jsf-impl-slot,value=1.2)
  2. Configure JSF 1.2 dependency for the Weld module in both /modules/system/layers/base/org/jboss/weld/core/main/module.xml and `/modules/system/layers/base/org/jboss/as/weld/main/module.xml by changing the line <module name="javax.faces.api"/> to <module name="javax.faces.api" slot="1.2" />
  3. Restart the server.

Logging

1096053 - SyslogHandler doesn't handle multi-byte characters correctly

Using org.jboss.logmanager.handlers.SyslogHandler to log multi-byte characters may result in corrupted output recorded in the log. For example:
Mar 8 17:29:09 UNKNOWN_HOSTNAME java[9896]: SyslogHandler: ????????????

As a workaround for this issue, the same multi-byte characters can be successfully logged using org.apache.log4j.net.SyslogAppender.

The issue is caused in part by the UTF conversion algorithm, and is expected to be fixed in a future release.
1031448 - logging-profile works for a servlet, but doesn't for a JSP

In this release of JBoss EAP 6, logging profiles will work as expected for a servlet, but will not work for a JSP; all log messages from a JSP will go to the system log context.

This is becasue the class loader being checked is a org.apache.jasper.servlet.JasperLoader with a parent class loader of the class loader that was registered for the log context.

This issue is expected to be resolved in a future release of the product.

Other

901231 - Usage of finalize() needs extra guards on IBM JDK

JBoss EAP 6 can experience intermittent failures when running on the IBM JDK 6 and 7. This is because the IBM garbage collector is much more aggressive than that of other JVMs. This can sometimes result in memory being reclaimed in situations that were unanticipated and did not manifest when testing on other JVMs.

Until this issue is resolved Red Hat recommends not using the IBM JDK 6 or 7 to run JBoss EAP 6.

Patching

1120535 - Querying patching MBeans during shutdown results in IllegalStateException

This release of JBoss EAP 6 carries a bug caused by the patching subsystem PatchResource not having a depenency on the InstallationManagerService but using it when it may be shut down.

This may cause an IllegalStateException if a shutdown hook attempts to query the patching subsystem MBeans.

The workaround is to confirm whether the InstallationManagerService is up prior to using it.

PicketLink

1086733 - Changes in PicketLink API between versions 2.1 and 2.5

PicketLink 2.5 has brought some API changes from PicketLink 2.1, which was included in previous JBoss EAP 6.x releases.

These changes include several classes being which affects backwards compatibility. PicketLink 2.1 applications will need to be updated with the changes.

The full list of changes is provided at the end of this document.

RBAC

1021607 - RBAC non-addressability

Some resources are non-addressable to server-group and host scoped roles in order to provide a simplified view of the management model to improve usability. This is distinct from resources that are non-addressable to protect sensitive data.

For server-group scoped roles this means that resources in the profile, socket binding group, deployment, deployment override, server group, server config and server portions of the management model will not be visible if they are not related to the server-groups specified for the role.

For host-scoped roles this means that resources in the /host=* portion of the management model will not be visible if they are not related to the server groups specified for the role.

However in some cases this simplified view can hide information that while it is outside the scope of what the user is managing, it can provide guidance to the user as to a course of action. An example of this is BZ# 1015524.

In a future release, some of these non-addressable resources might be changed to be addressable but non-readable. This will not affect the security of the server because they were not non-addressable for security reasons. Red Hat recommends that you do not rely on the non-addressability of resources to hide information unless the non-addressability is defined in a sensitivity constraint.

RESTEasy

899666 - RESTEasy: Empty cfg. param javax.ws.rs.Application produces exception

The RESTEasy component shipped with this version of JBoss EAP 6 throws an java.lang.StringIndexOutOfBoundsException: String index out of range: 0 error when the _javax.ws.rs.Application_ configuration option in the WEB-INF/web.xml file is left empty.

This behavior is sub-optimal and is expected to be addressed in a future release of the product.
1088956 - MalformedByteSequenceException in Namespace test on Windows

In this release of JBoss EAP 6, when encoding is specified in the body of the client request, RESTeasy returns response in encoding of the server, not in encoding of original request. To receive response in specified encoding request.accept(mediaType) header must be specified or @Produces annotation for the resource can be used.

This issue is expected to be resolved in a future release of the product..
1078186 - Connection re-used in a inconsistent state despite 'Connection: close' after successful authentication

In this release of JBoss EAP 6, when sending a client request multiple times, the connection is not handled properly by the underlying httpClient. RESTeasy is using module org.apache.httpcomponents provided by JBoss EAP which is currently in version 4.2.1-redhat-1. The version 4.2.6 of org.apache.httpcomponents fixes the problem.
1122779 - DataSourceProvider does not delete the temporary files it creates

The DataSourceProvider (org.jboss.resteasy.plugins.providers.DataSourceProvider.readDataSource(InputStream, MediaType)) creates a temporary file named resteasy-provider-datasource ... .tmp when reading more then 4096 bytes. However, it does not delete the created temporary file itself nor does it provide a facility to do so, resulting in a resource leak. This issue is under investigation and is expected to be resolved in the next release.
1080420 - DataSourceProvider uses an insecure method to read the input stream

RESTEasy used InputStream.available() to determine if it had completed reading an input stream from a client.

RESTEasy would sometimes fail to completely read input data from clients.

This is expected to be resolved in a future release of the product.
899664 - (EAP 6.4.x) RESTEasy: Boolean configuration parameters don't reject non-sense content

This release of JBoss EAP 6 carries a bug that allows invalid Boolean configuration parameters to be set. This behavior is unintended as invalid parameters should be rejected and the application should not be deployed.

This issue is expected to be resolved in future release of the product.

RPMs

1124516 - File snmpd.conf.sample is missing in rpm

The httpd/conf.d/snmpd/snmpd.conf.sample file is missing from the following versions of the mod_snmp RPMs:
  • mod_snmp-2.4.1-7.GA.ep6.el5.i386.rpm
  • mod_snmp-2.4.1-7.GA.ep6.el5.x86_64.rpm
  • mod_snmp-2.4.1-8.GA.ep6.el6.i386.rpm
  • mod_snmp-2.4.1-8.GA.ep6.el6.x86_64.rpm
  • mod_snmp-2.4.1-9.GA.ep6.el7.x86_64.rpm

An snmpd.conf.sample example file is attached to the Bugzilla for this issue and can be modified as needed.

This issue is expected to be resolved in a future release of the product.

Remoting

1104328 - 'Compatible Change' Marshalling does not allow classes to be removed from the class hierarchy of a serialized class

A ClassNotFoundException may be encountered during unmarshalling if a class is missing from the hierarchy of a serialized class.

For example, if one system marshals class A, which extends class B, which, in turn extends class C, which is sent to a system that does not contain all three classes in the same hierarchy, an exception may be encountered on the missing class.

This issue will be addressed in the next release of the product.
1089236 - JBoss Remoting version (unknown) in AS log

In this release of JBoss EAP 6, the JBoss Remoting version appears as (unknown) in the server logs.

This is a bug in the Remoting system's logging, it does not have any impact on performance.

This is expected to be corrected with a component upgrade in a later release.

Scripts and Commands

1069252 - add-user.sh is not working with cygwin

In this release of JBoss EAP 6, the add-user.sh script will fail with an IllegalStateException.

This bug presents when Java processes are executed in Cygwin becuase there is no java.io.Console available, meaning there is no API available to read a masked password.

It is expected to be resolved in a future release of the product.

Security

949737 - Session replication broken by NegotiationAuthenticator valve

Session replication does not work for applications that have the NegotiationAuthenticator valve enabled in their WEB-INF/web.xml file. The NegotiationAuthenticator valve provides its own setNext() and getNext() methods that do not correctly add the Clustered session valve to the JBossWeb request pipeline.

This issue is under investigation.
1103684 - Unable to share Identity Security Domain across datasources

This release of JBoss EAP 6 carries a bug that presents the error javax.resource.ResourceException: No matching credentials in Subject! when multiple datasources are defined backed by the same security domain.

This issue is being investigated and is expected to be resolved in a future release of the product.
1052644 - LdapExtLoginModule cannot find custom ldap socket factory

In this release of JBoss EAP 6 the LdapExtLoginModule does not set the TCCL to the classloader of a (configurable) JBoss module. The JBoss module would contain a custom socket factory.

As a consequence the LdapExtLoginModule cannot use custom socket factories for creating connections to the ldap server. A ClassNotFoundException will be thrown when attempting to use a custom socket factory with the LdapExtLoginModule.

This issue will be resolved in a future release of the product.
1097276 - MsSql datasource throws IllegalStateException while obtaining connection

This release of JBoss EAP 6 carries a bug that produces the exception; java.lang.IllegalStateException: This ticket is no longer valid in MySQ datasources while obtaining connection.

This issue is expected to be resolved in a future release.
979369 - Different behaviours of HttpSession creation with programmatic login()

It has been discovered that the behavior of HttpSession creation differs when used together with a programmatic login:
  • without SSO: Session is not created while calling login() method - i.e. subsequent requests are unauthenticated;
  • with non-clustered SSO: Session IS created while calling login() method, but the first call does not set the authentication status there - i.e. subsequent requests are unauthenticated; the user is authenticated after the second call of login() method, because the session is already present;
  • with clustered SSO: Session is created while calling login() method and subsequent requests are authenticated.

The cause of the difference in behavior is being investigated. No known workaround is available.
1069326 - Need login/logout audit events

Domain management requests are handled using a stateless protocol. For HTTP, authentication occurs with each request. For Native authentication, it happens on the establishment of the connection. Other than this, there is no authenticated session.

Because there is no authenticated session, login and logout events can not be audited. Instead. audit messages are logged when an operation is received from the user.

Transaction Manager

1124861 - Issue with issue recovering AA with CMR, recovers OK but via orphan detection

In this release of JBoss EAP 6, if the server crashes at the end of the prepare phase of a two-phase commit when Commit Markable Resource is part of the XA transaction, the XA resource does not roll back immediately, as expected. The resources remain in that state until such time when orphan detection is started.

This issue is expected to be resolved in a future release.
1017256 - Incorrectly calculated transaction statistics when recovery proceeds

This release of JBoss EAP 6 carries a bug that shows incorrect transaction statistics when recovery is used when processing in-doubt prepared transactions.

The total count of processed transaction is incorrectly increased prior to a crash of the server and also when the recovery fixes the in-doubt state after the server is restarted. In these cases, a transaction could be counted twice.

This issue is under investingation and is expected to be resolved in a future release of the product.
1077156 - Not possible to start XST transaction on IPv6 with server bound to ::1

In this release of JBoss EAP 6, it is not possible to start an XST transaction on IPv6 with a server bound to address ::1. This is because this part of the address must be wrapped in square brackets; [::1].

This issue is expected to be resolved in the next release of the product.
1113225 - CMR: TX log does not show participants after crash.

This release of JBoss EAP 6 carries a bug the prevents participants from appearing in the TX log after a crash.

If the server crashes on the exit of the CommitMarkableResourceRecord.commit method (and if Periodic Recovery is paused during the reboot), the TX log will not show the participants expected to appear there.

This issue is under investigation.

Web

1076439 - NIO2 Connector is not properly reloaded during reload operation on IBM 1.7 JDK

If this release of JBoss EAP 6 is started on IBM JDK 1.7 and an attempt is made to reload the server, following error message appears in logs.
ERROR [org.apache.coyote.http11.Http11NioProtocol] (MSC service thread 1-6) JBWEB003043: Error initializing endpoint: java.net.BindException: Address already in use

This error is caused by an issue with the IBM JDK which results in the NIO2 connector not reloading properly and the original remaining running. To work around this issue, either use different connector (note that each connector has its own capabilities) or use a different JDK.

This issue is expected to be resolved in a future release of the product.
918130 - JBossWeb connectors start before application deployments are completed in EAP 6

A timing issue with JBossWeb connectors on startup has been discovered, in which the connectors start and accept requests before applications are fully deployed. In these circumstances, client connections via either a load balancer or direct to JBoss EAP are returned a 404 message. This issue affects JBoss EAP versions 6.0.1 and greater. No workaround is available but the issue is under investigation.

Web Console

1017655 - Web services configuration validation errors

In this release of JBoss EAP 6, invalid values for WSDL Host, WSDL Port and WSDL Secure Port under Profiles > Web > Web Services are not rejected by the web console.

Some invalid values cause an error message, while others are ignored without showing an error message. None of the invalid values are stored in the configuration.

This issue will be resolved in a future release of the product.
1051991 - JMS destination statistics weren't shown on the admin console

This release of JBoss EAP 6 carries a bug that prevent the Admin Console from displaying the correct number of JMS destinations. The figure is always displayed as 0.

This issue is expected to be resolved in a future release of the product.
1027586 - RBAC: Web console is too coarse-grained with application resources

In this release of JBoss EAP 6, when a resource is defined as an application resource, the console may not reflect that definition. This is because the console often groups several resources under one view. The controls in the views are available if all related resources are writable. If any of these resources is configured as an application resource, however, the related controls will still be disabled.

The current workaround is to, if possible, configure all resource types associated with a subsystem as application resources.
1029851 - management console - even after cancel the process to upload a deployment file, the content is added to data directory

A Known Issue exists in this release of JBoss EAP 6 that causes the upload of files through the Manage Deployments screen to complete, even if the upload is cancelled by the user.

Cancelling the operation results in the uploaded file being added to the data directory, but prevents it being added as a deployment to the domain.xml file. This means that the file cannot be removed through either the CLI or Web management interfaces.

This issue will be addressed in a future release of the product.
1026823 - Provide a reliable way to clear "ROLE" headers set by "Run as" dialog

In this release of JBoss EAP 6, it has been reported that when a SuperUser acts of behalf of another user (with the Run As... link), their role is not reset after the action is taken.

The workaround for this issue is to close the browser window (not just the active tab) and re-accessing the Web Console. This issue will be addressed in a future release of teh product.
1014048 - RBAC: Log in right after log out wont clear UI properly in domain mode

In some cases, when logging out of the Web Console, the console is partially rendered before logging in as another user. This leads to "mixed" content where parts of the screen are rendered as if the old user was logged in and parts of the screen as the new user was logged in.

This issue is not a security risk and no sensitive data will be revealed.

As a workaround, close the browser window (not just the active tab) and log in as the new user.

Web Services

1111046 - Empty response returned when SOAP Fault is thrown from an endpoint having WS-Security Policy Signature profile

This release of JBoss EAP 6 contains a bug that causes a web service that has a WS-Security Signature policy in its WSDL to return an empty HTTP response that has zero-length of content to client when throws a SOAP Fault instead of the actual SOAP Fault.

This issue presents only when Signature policy is in use.

This is expected to be resolved in a future release of the product.
1079049 - Problem using @SchemaValidation in combination with wsrm 1.1

If a client sends a WS-RM 1.1 message that references CreateSequence to an endpoint that utilizes WS-RM along with schema validation, the application throws the following error:
Unmarshalling Error: cvc-elt.1: Cannot find the declaration of element 'CreateSequence'.

CreateSequence is not found in the fGrammerPool in org.apache.xerces.impl.xs.XMLSchemaLoader because CXF and JBossWS do not yet fully support WS-RM 1.1.
1074368 - Schema element generated from exception class doesn't honor @XmlElement annotation

A bug has been found in this release of JBoss EAP 6 wherein Schema generated from exception classes do not honor the @XmlElement annotation. This issue will be resolved in a future release of the product.
1103847 - Java First WS-Policy duplicate PolicyReferences when using annotations and no separate Java Interface

A bug in the CXF component shipped with JBoss EAP 6 causes PolicyReferences to be duplicated when using Java First WS-Policy Annotations (such as @Policies). The resulting WSDL generates multiple PolicyReference elements when there is no separate Java interface.

This issue is expected to be resolved in a future release of the product.
1121223 - [CXF-5892] Ensure EncryptedKey references BinarySecurityToken before it

In this release of JBoss EAP 6, CXF places the BinarySecurityToken referenced by the EncryptedKey element after the EncryptedKey element when the WSS timestamp is not included in the SOAP message.

This can cause receivers that expect the BinarySecurityToken referenced by the EncryptedKey to be above the EncryptedKey element to fail as they have not processed the BinarySecurityToken when attempting to look it up while processing the EncryptedKey element.

This issue is expected to be resolved in a future release of the product.
1115215 - CXF-5679, CXF-5724 - WS-S after upgrade fails with org.apache.ws.security.WSSecurityException: The signature or decryption was invalid

A regression was introduced in CXF 2.7.10 which failed with the following error: org.apache.ws.security.WSSecurityException: The signature or decryption was invalid

This will be resolved in a future release of the product.

mod_cluster

1085427 - StickySessions don't work for ProxyPass from unenabled context

This release of JBoss EAP 6 carries a bug that prevents StickySessions from working for ProxyPass from unenabled context. This issue is expected to be resolved in a future release.
1044879 - If "Balancer name includes" uppercase latter in name then modcluster will not maintain sticky sessions

An issue in JBoss EAP 6 prevents the modcluster module from maintaining sticky sessions if upper-case letters are used for naming load balancers.

The issue causes requests for a particular session to be routed to a different node and not the node which serviced the first request for that session.

This is because EAP 6 does not support upper-case letters for naming load balancers as load balancer names are similar to host-names in a URL.

The modcluster module can maintain sticky sessions if lower-case letters are used for naming all the load balancers in the module.
900047 - SystemMemoryUsageLoadMetric is not correct on Linux/Unix

The SystemMemoryUsageLoadMetric does not show useful information on Linux or UNIX operating systems. For these systems, HeapMemoryUsageLoadMetric provides more useful information. The solution to this problem will be to change the algorithm of SystemMemoryUsageLoadMetric to subtract the buffers/cache value from the used number. The best method for doing this is under investigation.

Apache Server (httpd) and Connectors

1125829 - Missing httpd module mod_snmp for RHEL6, RHEL7 with PPC64 architecture

In this release of JBoss EAP 6, mod_snmp libraries will not be provided for PPC64 platform (RHEL6, RHEL7).
900620 - APR natives are not being loaded if UAC is in place (Windows Server 2008 R2)

On Microsoft Windows servers, Apache portable runtime (APR) libraries will fail to load with User Account Control (UAC) enabled. After installing the libraries, an administrator user will need to right-click the JBoss directory and set "Full control" to "Allow" for the desired user in the Properties -> Security tab. This will correct the access rights for UAC.
1125833 - File snmpd.conf.sample is missing in zip for RHEL7-x86_64 platform

The file snmpd.conf.sample is missing in the Apache HTTP Server for RHEL 7 x86_64 zip archive.

As a workaround, you can download the missing snmpd.conf.sample from the attachments in https://bugzilla.redhat.com/show_bug.cgi?id=1125833.
1122799 - Path in mod_snmp.conf.sample is not updated by postinstall script

This release of JBoss EAP 6 carries a but wherein the path in mod_snmp.conf.sample is not updated by the postinstall script.

After installation the path still contains the installroot variable:
SNMPConf "@installroot@/etc/httpd/conf.d/snmpd"

A workaround to this issue is to modify the mod_snmp.conf.sample file manually.

This issue will be resolved in a future release.

Apache Server (httpd) and Connectors,Documentation

900580 - httpd: libaprutil-1.so.0: file too short

Apache portable runtime (APR) binaries are not natively packaged as part of JBoss Enterprise Application Platform, or JBoss Enterprise Web Server, for Red Hat Enterprise Linux. Symlinks are used to reference the base Red Hat Enterprise Linux libraries. This can result in an issue with unresolvable symlinks when trying to use APR binaries if the following packages are not installed: apr, apr-util, apr-devel, apr-util-devel.

The fix for this issue will be shipped in a future Red Hat Enterprise Linux APR update.

CDI/Weld,EJB

971679 - Problem when undeploying application with already initialized interval EJB Timer

When shutting down an EAP instance with a deployed application that uses an EJB interval timer, an IllegalStateException or an EJBComponentUnavailableException might occasionaly appear in the server log containing the text "Formatting error" or "Error invoking timeout for timer".

This issue occurs because JBoss EAP 6 does not wait for all requests to be done when shutting down.

There is no workaround to eliminate these errors, however they do not present any negative impact on the product.

EE,EJB

1114061 - ejb-jar.xml interceptor-binding does not accept "*"

In this release of JBoss EAP 6, due to too strict checks, default EJB interceptors require an interceptors definition along with a declaration as part of assembly-descriptor.

EJB,Naming

923836 - remote:// protocol does not work over SSL with IBM JDK

There is a Known Issue in this release of JBoss EAP 6 wherein the remote naming lookup fails intermittently on an IBM JDK with the following exception:
org.jboss.remoting3.NotOpenException: Endpoint is not open.

This issue appears to present when the client uses the IBM JDK. In instances where the server is on the IBM JDK and the and the client uses another JDK, the issue does not present.

The issue is being investigated for a resolution.
1069591 - ERROR: remote lookup Channel end notification received, closing channel Channel ID is seen when looking up a remote queue

When performing a lookup on a remote queue from within an EJB, although the operation executes successfully, after the context is closed the following error is displayed:
Channel end notification received, closing channel Channel ID b8e969d6 (outbound) of Remoting connection 4970f4db to DEVPC016970/10.23.132.245:5301

This issue will fixed in a future update.

EJB,Transaction Manager

952746 - Fix transaction recovery failures involving remote EJB resource

In this release of JBoss EAP 6, transaction recovery operations can fail if they involve remote EJB resources that may have crashed.

The issue presents because when a connection breaks down between the server and the client (specifically when the client crashes and is restarted); the server and the client will not automatically communicate with each other.

In these scenarios, the server will have no knowledge that the client has started again, effectively meaning that the EJB tx recovery process will not know which EJB nodes to communicate with.

This issue is under investigation and a solution is being developed.

IPv6 support

900564 - Wrong format of IPv6 addresses in log entries

IPv6 addresses should be formatted with square brackets ([ and ]) around them, such as in http://[2620:52:0:105f::ffff:2]:9990. The brackets are missing in the log files for JBoss EAP 6. This issue is expected to be fixed in a future release.
900609 - Opened IPv4 sockets on Windows when server is bound to IPv6

If JBoss EAP 6 is started in Microsoft Windows Server with the IPv4 stack disabled and the IPv6 stack enabled, IPv4 sockets are still opened. This issue is still under investigation.

Security,Web

952518 - run-as does not work for Servlet init() and destroy() methods

In JBoss EAP 6 there exists an issue where the run-as identity is not being used for Servlet.init(), which is contrary to the Java Servlet 2.4 specification.

This is caused by the RunAsListener not existing in JBoss EAP 6 as it did previously in JBoss EAP 5.

To workaround this issue, establish a security context within the servlet's init() method that invokes the secured EJB. This can be accomplished using the approaches described in A10 and A23 of the JBoss Security FAQ, available at https://community.jboss.org/wiki/SecurityFAQ

This issue is expected to be fixed in a future release.

Web Console - UX

1016546 - RBAC: [Usability] Unclear error message when trying to configure Auditor role as Administrator

In this release of JBoss EAP 6, if a user attempts to perform an operation which they do not have permission to execute, they will recieve the error following error message:

You don't have the permissions to access this resource!

This can be confusing to users as they are attempting to perform an operation, not attempting to access a resource. This error text will be clarified in a future release of the product.

XML Frameworks

1065128 - Performance issue with Xalan transformer and very large text nodes

A bug has been found in this release of JBoss EAP 6 that causes performance issues when attempting to convert large text nodes using the Xalan Transformer. When using the Transfomer to convert a StreamSource to DOMResult, the performance of the Transformer decreases as the size of the character data increases. This is a Known Issue and will be corrected in a later release of the product.

doc-Release_Notes,JCA,JMS

1002518 - Generic resource adapter doesn't allow to use XAConnectionFactory instances of TIBCO EMS for non-transaction operations

In this release of JBoss EAP 6, when a session is created in a transaction context like: connection.createSession(false,0); an IllegalArgumentException occurs.

This is because generic RA does not ignore parameters passed to createSession where first sets session not transacted and second to mode transacted session (0).

To avoid this issue, create a transacted session: connection.createSession(true,0);.

9. Changes in jbossws-spi and jbossws-cxf

The changes in the release are meant to improve stability, prevent concurrency issues and ensure thread safety whenever required.
To achieve this, some classes in the SPI have been refactored in non-backward compatible way.
Most users will not be affected by the changes, as the affected classes are intended for composing the integration interface between the webservice stack and the application server container, not for final user usage.
Final users should only expect migration changes required in their code if they are programmatically using the org.jboss.wsf.spi.metadata.config.CommonConfig and org.jboss.wsf.spi.management.ServerConfig interfaces or their implementors.
Below is a quick summary of the changes that might possibly impact users programmatically relying on the SPI modified classes:
The CommonConfig is now immutable. As a consequence the following methods have been removed:
  • public void setPostHandlerChains(List<UnifiedHandlerChainMetaData> postHandlerChain);
  • public void setPreHandlerChains(List<UnifiedHandlerChainMetaData> preHandlerChains);
  • public void setConfigName(String configName);
  • public void setFeature(Feature feature, boolean enabled);
  • public void setProperty(String name, String value);
The ServerConfig has a new mechanism for registering and unregistering CommonConfig instances (during the container boot), while preventing unsafe modifications at runtime. The user should be aware that the following methods have been deprecated.

Deprecated ServerConfig methods

  • public List<ClientConfig> getClientConfigs();
  • public List<EndpointConfig> getEndpointConfigs();

New ServerConfig methods

  • public ClientConfig getClientConfig(String name);
  • public EndpointConfig getEndpointConfig(String name);

Other changes not affecting common users

  • The constructors for org.jboss.wsf.spi.metadata.webservices.WebservicesMetaData, org.jboss.wsf.spi.metadata.webservices.WebserviceDescriptionMetaData and org.jboss.wsf.spi.metadata.webservices.PortComponentMetaData have changed as instances of those classes are now immutable; this is relevant when using the org.jboss.wsf.spi.publish.EndpointPublisher which is (optionally) passed WebservicesMetaData instances.

A. Revision History

Revision History
Revision 6.3.0-41November 13 2014Ella Deon Ballard
New index page.
Revision 6.3.0-24Thursday August 7 2014Sande Gilda
Bugzilla Sync 08/01/2014 (2:21 pm) Brisbane Time (with manual edits).

Legal Notice

Copyright © 2014 Red Hat, Inc..
This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.