7.3.0 Release Notes
For Use with Red Hat JBoss Enterprise Application Platform 7.3
Chapter 1. JBoss EAP 7.3 Certification Status
JBoss EAP 7.3 is a Jakarta EE 8 Compatible Implementation
The 7.3 release of JBoss EAP is a Jakarta EE 8 compatible implementation for both Web Profile and Full Platform specifications. The release is also a certified implementation of the Java EE 8 Web Profile and the Full Platform specifications, like the previous releases.
For information about Jakarta EE, see Jakarta EE FAQ.
Chapter 2. Supported Configurations
The following configurations are newly supported in JBoss EAP 7.3.
Databases and Database Connectors
- MySQL 8
- Oracle 19c
- PostgreSQL 11
- EnterpriseDB Postgres Plus Advanced Server 11
- SQL Server 2017
Java Development Kits
- Eclipse OpenJ9 (JDK 11)
Chapter 3. New Features and Enhancements
Elytron Audit Logging Performance and Reliability Tuning
In JBoss EAP 7.2, the
synchronized attribute for Elytron file audit logging defined whether to flush the output stream and synchronize the file descriptor after every audit event.
This release introduces a new
autoflush attribute to separate stream flushing and file synchronizing, which allows for finer tuning of performance and reliability for Elytron audit logging.
For more information on configuring Elytron audit logging, see Elytron Audit Logging in How to Configure Server Security for JBoss EAP.
The JwtValidator in this release now includes support for multiple keys and for remote public keys. The
key-store attribute can now be combined with the
certificate attribute to be used as an alternate to the
client-ssl-context attribute defines the SSL context to use for a remote JSON Web Key (JWK). This enables you to use the URL from the
jku (JSON Key URL) header parameter to fetch public keys for token verification.
For more information, see the token-realm jwt Attributes table in How to Configure Server Security for JBoss EAP.
This release now registers a default SSLContext on startup that is available for use by any libraries that support use of the default context.
For more information, see Default SSLContext in How to Configure Server Security for JBoss EAP.
Java Authentication SPI for Containers (JASPI) Security Using Elytron
elytron subsystem in this release now provides an implementation of the
Servlet profile from the Java Authentication SPI for Containers (JASPI). This allows tighter integration with the security features provided by Elytron.
For more information, see Configure Java Authentication SPI for Containers (JASPI) Security Using Elytron in the Development Guide for JBoss EAP.
Server SSL Server Name Indication (SNI) Contexts
server-ssl-sni-context in this release is used for providing server-side SNI matching. It provides matching rules to correlate host names to SSL contexts, along with a default in case none of the provided host names are matched.
For more information, see Using a
server-ssl-sni-context in the How to Configure Server Security for JBoss EAP.
Automatic Detection of Keystore Types
The following keystore types are now detected automatically:
The other keystore types must be specified manually.
For more information, see Elytron Subsystem Components Reference in the How to Configure Server Security for JBoss EAP.
Java EE Security API Support in Elytron
elytron subsystem now supports the Java EE Security API as defined in JSR 375.
The Java EE Security API defines portable plug-in interfaces for authentication and identity stores, and a new injectable-type
SecurityContext interface that provides an access point for programmatic security. You can use the built-in implementations of these APIs, or define custom implementations. For details about the specifications, see Java EE Security API Specification.
You can enable the Java EE Security API in the
elytron subsystem with minimal configuration steps using the management CLI.
For information on enabling Java EE Security API, see About Java EE Security API in the Development Guide.
Silent BASIC Authentication in Elytron
You can now configure the
elytron subsystem to perform a silent
When the silent authentication is enabled, a user is not prompted to log in for accessing a web application if the user’s request does not contain an authorization header.
For information about enabling the silent
BASIC authentication, see Configure Web Applications to Use Elytron or Legacy Security for Authentication in How to Configure Identity Management.
Utility to Migrate Properties-based Security Realm to Filesystem Realm in Elytron
You can now migrate the legacy properties-based security realm to Elytron’s filesystem-based realm using the
filesystem-realm command of the
A filesystem-based realm is a filesystem-based identity store used by Elytron for storing user identities. The
filesystem-realm command migrates the
properties-realm files to
filesystem-realm and also generates commands for adding this realm and a security domain to the
For information about the
filesystem-realm command, see Migrate to Filesystem-based Security Realm Using the filesystem-realm Command in the Migration Guide for JBoss EAP.
Support for Hexadecimal Encoding in JDBC Realm
Elytron now supports hexadecimal encoding for password hashing algorithms in the JDBC realm.
For more information, see Password Mappers in How to Configure Identity Management guide for JBoss EAP.
Support for Modular Crypt Passwords in JDBC Realm
Modular Crypt password encoding is now supported in the JDBC realm.
The Modular Crypt encoding allows for multiple pieces of information such as the password type, the hash or digest, the salt, and the iteration count to be encoded in a single string.
For more information, see Password Mappers in How to Configure Identity Management guide for JBoss EAP.
Ability to Combine Multiple Security Realms for Authorization in an Aggregate Realm
You can now use multiple security realms for authorization in an
aggregate-realm with the
For more information, see Configure Authentication and Authorization Using Multiple Identity Stores in the How to Configure Identity Management guide for JBoss EAP.
Ability to Use the Subject Alternative Name Extension From X.509 Certificate as the Principal
You can now configure an evidence decoder to use a subject alternative name from an X.509 certificate as the principal associated with that certificate.
For more information, see Configuring Evidence Decoder for X.509 Certificate with Subject Alternative Name Extension in the How to Configure Server Security guide.
Ability to Combine Multiple Evidence Decoders with Aggregate Evidence Decoder
Elytron now provides an aggregate evidence decoder to combine two or more evidence decoders into a single decoder.
For more information, see Configuring an Aggregate Evidence Decoder in the How to Configure Server Security guide.
Certificate Revocation Capability using OCSP
Elytron now provides certificate revocation capability using Online Certificate Status Protocol (OCSP), defined in RFC6960, when undertow is used as a load balancer.
For more information, see Using Online Certificate Status Protocol for Certificate Revocation in the How to Configure Server Security guide for JBoss EAP.
Syslog Audit Logging Enhancements
A new attribute,
reconnect-attempts, is now available to configure the maximum number of times Elytron attempts to send successive messages to a syslog server before closing the connection when using UDP.
For more information about the enhancements, see Syslog Audit Logging in How to Configure Server Security guide for JBoss EAP.
Elytron Support for Masked Passwords
The original implementation of Elytron did not support masked passwords.
In JBoss EAP 7.3, masked password types are supported for backward compatibility with PicketBox passwords.
Obtaining Server Certificates from Let’s Ecrypt
In JBoss EAP 7.2, basic CLI commands were added to manage SSL.
In JBoss EAP 7.3, these commands have been enhanced to derive server certificates from the Let’s Encrypt certificate authority.
Principal Transformer Added to Aggregate Realm
Elytron includes an aggregate security realm, which is a combination of two or more realms: an authentication realm and one or more authorization realms.
In JBoss EAP 7.2 and earlier, the capability of transforming the principal after loading the authentication identity and before loading the authorization identity did not exist.
Now an aggregate realm can be configured with a principal transformer, which is defined in the mappers configuration, to perform this transformation.
Elytron Resource filesystem-realm Support
In JBoss EAP 7.1 and 7.2, usage of the
filesystem-realm was technology preview.
In this release, the
filesystem-realm as an Elytron resource definition backed by a file system is now supported.
AJP Connector Enabled by Default in this Release
In JBoss EAP 7.3, the AJP connector in the
undertow subsystem is enabled by default. The AJP connector has been identified as a potential security risk for this subsystem.
See https://access.redhat.com/solutions/4851251 for recommended methods to resolve this risk.
Custom Headers for HTTP Management Endpoints
Previous releases of JBoss EAP did not include the ability to define custom HTTP headers for endpoints in the management interface.
In JBoss EAP 7.3 a new attribute,
constant-headers, is added to the HTTP management interface resource definition. Administrators can use this attribute to specify additional HTTP headers for JBoss EAP to return when responding to requests made against the HTTP management interface.
3.2. Server Management
Changes to Maven Artifact and Module Names
In JBoss EAP7.3 artifact
org.jboss.resteasy:resteasy-validator-provider-11 is renamed as
org.jboss.resteasy.resteasy-validator-provider-11 is now classified as an alias of module
org.jboss.resteasy.resteasy-validator. Newly created applications should reference module
org.jboss.resteasy.resteasy-validator. Existing applications can still reference the alias with no effect to their functionality.
Support for Eclipse MicroProfile Metrics
This release now includes the SmallRye Metrics component, which provides Eclipse MicroProfile Metrics functionality using the
microprofile-metrics-smallrye subsystem. This subsystem is used to provide monitoring data for the JBoss EAP instance, and is enabled by default.
For more information, see Eclipse MicroProfile Metrics in the Configuration Guide for JBoss EAP.
Suspend Servers Managed by a Host Controller
This release provides the ability to suspend and resume servers at the host level in a managed domain.
For more information, see Suspend Servers in the Configuration Guide for JBoss EAP.
Support for JBoss EAP Subsystem Metrics in Prometheus Format
The Eclipse MicroProfile Metrics functionality is used to provide monitoring data for the JBoss EAP instance. This release enhances the SmallRye Metrics component to provide the JBoss EAP metrics in the Prometheus format.
For information about Eclipse MicroProfile Metrics, see the Eclipse MicroProfile Metrics section in the Configuration Guide for JBoss EAP.
3.3. Management CLI
Disable Output Paging
By default, the JBoss EAP management CLI pauses after a page of output has been displayed, which allows you to browse and search the command output. You can now disable this behavior and print the entire output immediately by starting the management CLI with the
--no-output-paging argument or by setting the
output-paging element to
true in the
Upgraded MicroProfile Health Check 2.0.1 Attributes for Liveness and Readiness Probes
In previous releases, it was not possible to obtain the MicroProfile health status of
readiness probes individually using the management CLI.
It is now possible to obtain the status of
readiness probes separately using the
:check-ready operations respectively, or by using the
/health/ready HTTP endpoints.
/health HTTP endpoint and
:check management operation are now used to obtain all check probes (both
The current MicroProfile Health Check 2.0.1 capabilities are not fully backwards compatible with the previous version at this time.
For more information, see MicroProfile Health Check in the Configuration Guide.
3.4. Management Console
Configure Socket Log Handlers from Management Console
You can now configure socket log handlers using the management console by navigating to Configuration → Subsystems → Logging → Configuration, clicking View, and selecting Handler → Socket Handler.
For more information, see Configure a Socket Log Handler in the Configuration Guide for JBoss EAP.
View Logging Profile Logs from Management Console
You can now view the logging profile log files from the management console by navigating to Runtime→ Monitor → Log Files → Log File and clicking View next to the logging profile for which you want to view the logs.
View Active Management Operations from Management Console
You can now view the active operations of all hosts and servers in a central location within the management console.
When running a standalone server, navigate to Runtime → Server → Monitor → Management Operations and click View.
In a managed domain, navigate to the Runtime → Browse By → Management Operations and click View.
Two New Resources Available for the ModCluster Subsystem
modcluster subsystem has two new resources:
dynamic-load-provider=configuration resource is an alias to
You can now view the mutually-exclusive resources from the management console by navigating to Configuration→ Configuration→ Profile → full-ha or ha → Modcluster → Proxy→ default (ajp) and clicking View.
For more information, see ModCluster Subsystem Attributes in the Configuration Guide for JBoss EAP.
Configure SSL SNI Contexts from Management Console
You can now configure SSL SNI contexts from the management console by navigating to Configurations → Subsystems → Security (Elytron) → Other Settings and clicking View. Click SSL → Server SSL SNI Context to add, edit, or remove contexts.
For more information, see Configuring SSL SNI Context in the How to Configure Server Security guide for JBoss EAP.
View Non Progressing Operations
The management console now displays a notification when a non progressing operation occurs. The notification is accessible from the Runtime tab.
When running a standalone server, navigate to the Runtime → Monitor → Management Operations and click View. The Cancel Non Progressing Operations button is located in the upper right corner of the window, next to the Reload button. The notification will list any non progressing operations.
In a managed domain, this notification is accessible by navigating to the Runtime tab. In the Browse By column, click Management Operations.
Configure ModCluster Proxies
This release introduces multi-server support for the
modcluster substystem, available from the Configuration tab of the console. The Modcluster column is now titled Proxy and lists the proxies under /subsystem=modcluster/proxy=*.
The Add and Remove actions make proxy management easier, and the View action opens the configuration options for the proxy selected.
For more information, see ModCluster System Attributes in the Configuration Guide for JBoss EAP.
Reinitialize a Trust Manager from Management Console
You can now reinitialize a trust-manager configured in JBoss EAP from the management console by navigating to Runtime → Monitor → Security (Elytron) → SSL, clicking View, and selecting Trust Manager. For more information, see Reinitializing a Trust Manager from the management console in the How to Configure Server Security for JBoss EAP
Configure JASPI Authentication from Management Console
You can now configure the JASPI authentication module from the management console by navigating to Configuration → Subsystem → Security (Elytron) → Other Settings and clicking View. Click Other Settings → JASPI Configuration to configure the module.
For more information, see Security Management in the Security Architecture guide for JBoss EAP.
Configure Remote ActiveMQ Server Resources from the Management Console
You can now configure the following Remote ActiveMQ server resources from the management console:
- Generic Connector
- In VM Connector
- HTTP Connector
- Remote Connector
- Discovery Group
- Connection Factory
- Pooled Connection Factory
- External JMS Queue
- External JMS Topic
For more information, see Configure Remote ActiveMQ Server Resources Using the Management Console in the Configuring Messaging guide for JBoss EAP.
View Socket Binding Name and Open Ports for a Server from Management Console
You can now view the socket binding name and the open ports for a server from the management console. The information is visible when the server is in the following states:
For more information, see the Viewing Socket Bindings and Open Ports for a Server section in the Configuration Guide for JBoss EAP.
Runtime Operations Supported on Management Console
Some runtime operations that could be performed using only the management CLI are now available on the management console also.
For more information, see Runtime Operations Using the Management Console in the Configuring Messaging guide for JBoss EAP.
Configure a Let’s Encrypt Account
You can now configure a Let’s Encrypt account using the management console. The following configurations are available:
- Create an account with a certificate authority.
- Deactivate a certificate authority account.
- Update an account.
- View the certificate authority account information.
- Change certificate authority account key.
For information about configuring a Let’s Encrypt account, see Configure a Let’s Encrypt Account Using Management Console in the How to Configure Server Security guide for JBoss EAP.
Keystore Certificate Authority Configuration Using the Management Console
You can now perform the following keystore certificate authority configurations using the management console:
- Change the alias for the entry.
- Export a certificate from a keystore entry to a file.
- Generate a certificate signing request.
- Remove an alias from the keystore.
- View the details of the certificate associated with an alias.
- Revoke the certificate associated with an alias.
- Determine if a certificate is due for renewal.
For information about keystore certificate management, see Keystore Certificate Authority Operations Using the Management Console in the How to Configure Server Security guide for JBoss EAP.
Configure MicroProfile Metrics Using the Management Console
You can now configure MicroProfile metrics using the management console.
The configurations available in the management console are:
- Enable or disable exposing metrics.
- Edit prefix.
- Enable or disable security.
- Reset non required fields to initial or default values.
For information on configuring MicroProfile metrics, see Configure MicroProfile Metrics using the Management Console section in the Configuration Guide for JBoss EAP.
Obtain Certificate from Let’s Encrypt CA in SSL Wizard
You can now obtain a certificate from Let’s Encrypt Certificate Authority in the SSL Wizard.
See the following links for information:
- Enable SSL Using the Management Console for applications in the How to Configure Server Security for JBoss EAP.
- Enable SSL Using the Management Console for management interface in the How to Configure Server Security for JBoss EAP.
Ability to Customize Management Console Title
You can now customize the management console title so that each of your JBoss EAP instances can be identified at a quick glance.
For more information, see Customizing the Management Console Title in the Configuration Guide for JBoss EAP.
3.5. Web Server
Console access logging
A new feature has been added that outputs access log data to the console. Console access logging data is written to
stdout as a single line of JSON-structured data.
For more information, see Configuring a Server in the Configuration Guide for JBoss EAP.
Changes to the Behavior of the HttpServletRequest.getServletPath Method
The HttpServletRequest.getServletPath method behaves differently in Undertow than it did in the JBoss Web subsystem. Specifically, in Undertow, this method returns the JSP name rather than the action name.
An attribute has been added to configure the HttpServletRequest.getServletPath method to behave as it did in the JBoss Web subsystem.
Ability to Format Syslog Messages
You can now configure the
named-formatter attribute using the management console.
Custom Log Filters
In JBoss EAP 7.2 and earlier, users were limited to the provided log filters.
In JBoss EAP 7.3, users can implement custom log filters.
Display Modules According to Deployment
You can now view a list of modules according to deployment using the
list-modules management operation.
For more information about using the
list-modules management operation, see the Display Modules by Deployment section in the Development Guide.
Multiple Delivery Groups Support for Message-Driven Beans
A message-driven bean (MDB) can now belong to more than one delivery groups. Message delivery is enabled only when all the delivery groups that an MDB belongs to are active.
For more information, see Delivery Groups in the Developing EJB Applications guide for JBoss EAP.
Client and Server Interceptors
JBoss EAP 7.2 and earlier only supported EJB interceptors configured in the container.
In JBoss EAP 7.3, client interceptors and server interceptors are now supported. Client and server interceptors can be configured globally.
For more information, see Custom Interceptors in the Developing EJB Applications guide for JBoss EAP.
New Attribute initial-load in the mod_cluster Subsystem
mod_cluster subsystem now defines a new attribute,
initial-load attribute helps to gradually increase the load value of a newly joined node to avoid overloading it while joining a cluster.
For information on this attribute, see the section ModCluster Subsystem Attributes in the Configuration Guide for JBoss EAP.
Ability to Determine the Primary Singleton Provider
You can now determine the primary singleton provider with the runtime resources that the
singleton subsystem exposes for each singleton deployment or service created from a particular singleton policy.
For more information, see Determine the Primary Singleton Service Provider Using the CLI in the Development Guide for JBoss EAP.
Ability to Specify Distributable Session Manager Invocation
You can now specify that a distributable session manager be used when sharing sessions among subdeployments by adding
<distributable/> tag under
META-INF/jboss-all.xml configuration file.
For more information, see Configuring Session Sharing between Subdeployments in Enterprise Archives in the Development Guide for JBoss EAP.
Ability to Notify Singleton Service Providers of the New Primary Provider
Every member of a cluster with a registered
SingletonElectionListener receives a notification when a new primary singleton service provider is elected.
For more information, see HA Singleton Service Election Listener in the Development Guide for JBoss EAP.
The distributable-web subsystem for Distributable Web Session Configurations
distributable-web subsystem of JBoss EAP facilitates flexible and distributable web session configurations. The subsystem deprecates the
<replication-config> element of
For more information, see The distributable-web subsystem for Distributable Web Session Configurations in the Development Guide and Overiding Default Distributable Session Management Behavior in the Migration Guide for JBoss EAP.
Ability to Store Session Data in a Remote Red Hat Data Grid Cluster
distributable-web subsystem can be configured to store web session data in a remote Red Hat Data Grid Cluster using the HotRod protocol. Storing web session data in a remote cluster allows the cache layer to scale independently of the application servers.
For information about configuring the
distributable-web subsystem, see the Storing Web Session Data In a Remote Red Hat Data Grid in the Development Guide for JBoss EAP.
Ability to Specify Ranked Multiple Routes Session Affinity
You can now specify session affinity as an ordered list of nodes. If your load balancer supports multiple, ordered routes, in the event of a primary node failure, it can choose the optimal nodes in the order defined. It also ensures a definite failover target, if the primary owner of a specific session is inactive.
For information about the ranked affinity options, see The distributable-web subsystem for Distributable Web Session Configurations in the Development Guide for JBoss EAP. For information on how to enable ranked session affinity in your load balancer, see Enabling Ranked Session Affinity in Your Load Balancer in the Configuration Guide for JBoss EAP.
Enabling Statistics for Remote Cache Containers
You can now use the HotRod client to expose remote cache container statistics. The
statistics-enabled attribute can be configured for remote cache containers using the management CLI. For more information, see Configuring Remote Cache Containers in the Configuration Guide for JBoss EAP.
3.11. Web Services
Optional <T> Parameter Types Available for RESTEasy
RESTEasy now supports the following
java.util.Optional parameters as wrapper object types:
For more information, see
java.util.Optional Parameter Types in the Developing Web Services Applications book for JBoss EAP.
Support for HTTP Proxy in RESTEasy
The original implementation of RESTEasy did not include support for HTTP proxy.
In JBoss EAP 7.3, an HTTP proxy can be set up on the client builder using the JAX-RS API (Java API for RESTful Services).
Disable Processing of Client Providers
Client providers annotated using
@Provider must be registered for every instance of the JAX-RS container runtime. The system property
resteasy.client.providers.annotations.disabled disables the default processing of client providers that are annotated with
@Provider to prevent issues with undesired or duplicated client provider registrations.
For more information, see Content Marshalling with @Provider Classes in the Developing Web Services Applications book for JBoss EAP.
Configure JMS Resources for a Remote Artemis-based Broker Using the resourceAdapter Element
You can configure JMS resources for a remote Artemis-based broker, such as Red Hat AMQ 7, using the
@JMSConnectionFactoryDefinition annotation or the
@JMSDestinationDefinition annotation. The
resourceAdapter element defines which resource adapter is used for creating a JMS resource.
For more information, see JMS Resources Configuration for a Remote Artemis-based Broker in the Configuring Messaging book for JBoss EAP.
Configure Global Resources Usage for Messaging Servers
Three new attributes in the
address-setting element help you control the global resources usage for messaging servers. For more information, see Configure Global Resource Usage for Messaging Servers in the Configuring Messaging book for JBoss EAP.
Configure the Timeout Value for Opening a Message Journal File
You can now configure the timeout value for opening message journal files using the
For more information about configuring the
journal-file-open-timeout attribute, see Configuring Message Journal Attributes in the Configuring Messaging book for JBoss EAP.
Change in Artemis Logging Codes
Artemis logging codes for Artemis core protocol have changed, whereas the Advanced Message Queuing Protocol (AMQP) codes remain the same. This creates a problem if you are monitoring issues based on these codes.
The logging codes changed because the codes were duplicated between AMQP and the Artemis core protocol.
Omit Prefix on Destination Names
You can configure a connection factory or pooled connection factory to omit the destination name prefix when communicating with a remote Artemis server. Use this option when configuring communication with a remote Artemis 2.x that is not in compatibility mode.
For more information, see Using the Integrated Artemis Resource Adapter for Remote Connections, step 3, or Configuring the Artemis Resource Adapter to Connect to Red Hat AMQ, step 4, in in the Configuring Messaging book for JBoss EAP.
Messaging Enhancements for Load Balancers
In addition to existing support for static HTTP load balancers, load balancers using mod_cluster are now supported. For more information, see Messaging Behind a Load Balancer in the Configuring Messaging book for JBoss EAP.
Messaging to clusters behind load balancers is now fully supported. Clients communicating with clusters behind an HTTP load balancer must re-use the initial connection rather than using the cluster topology. For more information, see Client configuration for messaging behind a load balancer in the Configuring Messaging book for JBoss EAP.
Processed Message Statistics Added to Apache Artermis
The Apache Artemis project added the following statistics:
- messages processed
- messages aborted/rolled back
These statistics are now available in JBoss EAP using the following CLI commands:
Use of Discovery Groups with JGroups in Standalone JMS Client
The use of discovery groups with JGroups in a standalone JMS client is deprecated.
Discovery groups should only be used with Netty UDP.
Reduce Memory Footprint with Galleon Feature-packs
You can now customize the main JBoss EAP for OpenShift image configuration to include only the capabilities that you require, thereby reducing the memory footprint. The provisioning tool, Galleon, offers several layers that you can select to control the capabilities present in the JBoss EAP server.
Additionally, you can package customized capabilities as Galleon feature-packs that are installed during the JBoss EAP server Galleon provisioning. For JBoss EAP for OpenShift Source-to-Image (S2I), you can build your feature-packs offline, deploy them to Maven and reference them in your
EAP Operator for Automating Application Deployment on OpenShift
JBoss EAP now offers EAP operator, a JBoss EAP-specific controller, to automate common deployment-related tasks. You can install the EAP operator using OperatorHub, the graphical interface that OpenShift cluster administrators use to discover, install, and upgrade operators.
For information about how to install, uninstall and use the EAP operator to deploy Java applications on OpenShift, see EAP Operator for Automating Application Deployment on OpenShift in the Getting Started with JBoss EAP for OpenShift Container Platform book.
EAP Operator for Safe Transaction Recovery and EJB Remoting
The EAP operator ensures safe transaction recovery in your application cluster by verifying that all transactions are completed before scaling down the replicas and marking the pod as
clean for termination.
The EAP operator uses
StatefulSet for the appropriate handling of EJB remoting and transaction recovery processing. The
StatefulSet ensures persistent storage and network hostname preservation even after the pods are restarted.
For information about safely recovering transactions using the EAP operator, see EAP Operator for Safe Transaction Recovery. For information about configuring EJB remoting using the EAP operator, see Configuring EJB on OpenShift in the Getting Started with JBoss EAP for OpenShift Container Platform book.
Calculate JVM Memory Settings
JBoss EAP 7.2 and earlier did not address conditions where JVM memory settings are higher than the container limit.
The OpenShift JBoss EAP image can now calculate default JVM memory settings when a container limit has been defined and the JVM memory settings are higher than the container limit.
For more information, see JVM Memory Configuration in the Getting Started with JBoss EAP for OpenShift Container Platform book.
Secure Artifact Repository Mirror URLs
To prevent "man-in-the-middle" attacks through the Maven repository, JBoss EAP requires the use of secure URLs for artifact repository mirror URLs.
For more information, see the subsection "Secure Artifact Repository Mirror URLs" in Artifact Repository Mirrors in Getting Started with JBoss EAP for OpenShift Container Platform.
New Version of ASYM-ENCRYPT
JBoss EAP 7.3 includes a new version of the
ASYM_ENCRYPT protocol. The previous version of the protocol is deprecated. If you specify the
JGROUPS_CLUSTER_PASSWORD environment variable, the deprecated version of the protocol is used and a warning is printed in the pod log.
For more information, see the section Configuring ASYM_ENCRYPT in the guide Getting Started with JBoss EAP for OpenShift Container Platform for JBoss EAP.
3.14. Quickstarts and BOMs
New Client BOM for JAX-WS
JBoss EAP now provides a new client BOM,
wildfly-jaxws-client-bom, to manage JAX-WS dependencies. For information on how to add the
wildfly-jaxws-client-bom dependencies to your project, see JBoss EAP Client BOMs in the Development Guide for JBoss EAP.
Changes to BOMs for Jakarta EE 8
Some JBoss EAP BOMs in the Group ID
org.jboss.bom were replaced as a result of the move to Jakarta EE 8 platform in JBoss EAP 7.3. If your applications use the BOMs that were replaced, update the project POMs to contain the Artifact IDs of the new BOMs, when migrating the applications to the JBoss EAP 7.3 release.
For information about changes to EAP BOMs, see Changes to BOMs for Jakarta EE 8 in the Migration Guide for JBoss EAP.
Chapter 4. Technology Preview
The following configurations and features are provided as Technology Preview only. Technology Preview features are not supported with Red Hat production service level agreements (SLAs), might not be functionally complete, and Red Hat does not recommend to use them for production. These features provide early access to upcoming product features, enabling customers to test functionality and provide feedback during the development process.
See Technology Preview Features Support Scope on the Red Hat Customer Portal for information about the support scope for Technology Preview features.
Examine the Health Check Using the Management Console
You can now examine the health check of a server using the management console. This functionality is available only when running JBoss EAP as a standalone server.
See Examine the Health Check Using the Management Console in the Configuration Guide for details on using this feature.
Support for MicroProfile Rest Client 1.3.2 and Later
JBoss EAP now supports MicroProfile Rest Client 1.3.2 and later versions. See MicroProfile REST Client in the Developing Web Services Applications guide for JBoss EAP for information about MicroProfile Rest Client.
If you were using the previous version of the MicroProfile REST client, you need to make some updates in your code. For more information about the code changes, see Changes Required in MicroProfile Rest Client Code.
4.1. Support for MicroProfile OpenTracing 1.3.0
JBoss EAP now supports MicroProfile OpenTracing 1.3.0. See Tracing Requests with the MicroProfile OpenTracing SmallRye Subsystem in the Configuration Guide for information about the
4.2. Support for MicroProfile Metrics 2.0.1
JBoss EAP now supports MicroProfile Metrics 2.0.1. See Eclipse MicroProfile Metrics in the Configuration Guide for information about the
Chapter 5. Unsupported and Deprecated Functionality
5.1. Unsupported Features
Support for some technologies are removed due to the high maintenance cost, low community interest, and better alternative solutions.
The content set forth herein does not constitute a binding agreement or impose any legal obligation on Red Hat. This information is provided for discussion purposes only and is subject to change.
Databases and Database Connectors
- MySQL 5
- Oracle 12c
- PostgreSQL 10
- EnterpriseDB Postgres Plus Advanced Server 10
- SQL Server 2016
Internal Datasources and Drivers for OpenShift JDK 11 image
The following internal datasources and drivers are no longer provided with the JBoss EAP for OpenShift JDK 11 image:
It is recommended that you use JDBC drivers obtained from your database vendor for your JBoss EAP applications.
For more information about installing drivers, see the Modules, Drivers, and Generic Deployments section in Getting Started with JBoss EAP for OpenShift Container Platform.
For more information on configuring JDBC drivers with JBoss EAP, see the JDBC drivers section in the JBoss EAP Configuration Guide.
Eclipse MicroProfile Capabilities
The following Eclipse MicroProfile capabilities that were included as technology preview in JBoss EAP 7.3 CD releases and in the JBoss EAP 7.3 beta release are no longer available:
We plan to deliver JBoss EAP support of Eclipse MicroProfile APIs in a future release via an expansion mechanism.
5.2. Deprecated Features
Some features have been deprecated with this release. This means that no enhancements will be made to these features, and they may be removed in the future, usually the next major release.
Red Hat will continue providing full support and bug fixes under our standard support terms and conditions. For more information about the Red Hat support policy, see the Red Hat JBoss Middleware Product Update and Support Policy located on the Red Hat Customer Portal.
For details of which features have been deprecated, see the JBoss Enterprise Application Platform Component Details located on the Red Hat Customer Portal.
5.2.1. Platforms and Features
Support for the following platforms and features is deprecated:
Operating Systems and Related Web Servers
- Windows Server 2012 R2 and associated IIS web server
The use of Red Hat JBoss Operations Network (JON) for managing JBoss EAP is deprecated.
The use of Red Hat JBoss Operations Network (JON) for managing JBoss EAP was deprecated in the JBoss EAP 7.2 release. With the JBoss EAP 7.3 release, it is still deprecated.
The latest JON plugin update has received limited testing and bug fixing for JBoss EAP 7.3, in accordance with the limited support provided during the migration support phase of the JON lifecycle. Critical JON fixes for production JBoss EAP and other Red Hat Middleware workloads are provided in this phase of the lifecycle, however the plugins are not updated for new JBoss EAP capabilities. New capabilities may be unavailable through the plugin, or may introduce incompatibilities.
JON 3.3 requires that users install the JON EAP Management plug-in pack update 11 or newer to be compatible with JBoss EAP 7.3.
Databases and Database Connectors
- Oracle 12c
SAAJ 1.3 was deprecated and SAAJ 1.4 is the default in JBoss EAP 7.3.
The change in the default SAAJ version may cause issues with user defined SOAP handlers on migrating to JBoss EAP 7.3 from a previous release. To resolve issues arising due to SAAJ version, set the system property
-Djboss.saaj.api.version=1.3to use the deprecated API.
RHEL 6 AMI images
Red Hat Enterprise Linux version 6 AMI images are deprecated. This means that while RHEL 6 AMI images are still included and supported, no enhancements will be made to these features and they may be removed in the future. Red Hat will continue providing full support and bug fixes under our standard support terms and conditions.
Chapter 6. Resolved Issues
See Resolved Issues for JBoss EAP 7.3 to view the list of issues that have been resolved for this release.
Chapter 7. Fixed CVEs
jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
dom4j: XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents
undertow: HTTP/2: large amount of data requests leads to denial of service
undertow: HTTP/2: flood using PING frames results in unbounded memory growth
undertow: HTTP/2: flood using HEADERS frames results in unbounded memory growth
undertow: HTTP/2: flood using SETTINGS frames results in unbounded memory growth
hibernate-validator: safeHTML validator allows XSS
undertow: Memory Leak in Undertow HttpOpenListener due to holding remoting connections indefinitely
wildfly-core: Incorrect privileges for 'Monitor', 'Auditor' and 'Deployer' user by default
JBoss EAP: Vault system property security attribute value is revealed on CLI 'reload' command
netty: HTTP request smuggling by mishandled whitespace before the colon in HTTP headers
jackson-databind: Serialization gadgets in classes of the commons-dbcp package
jackson-databind: Serialization gadgets in classes of the commons-dbcp package
Chapter 8. Known Issues
See Known Issues for JBoss EAP 7.3 to view the list of known issues for this release.
Additionally, be aware of the following:
In messages defined in
wildfly-core-eapthat have more than one parameter, the order of parameters may be incorrect in Japanese and Chinese.
A fix for this problem is planned for JBoss EAP 7.3.1.
Original English text:
Could not start app client <Parameter 1> as no main method was found on main class <Parameter 2>
Current (incorrect) Japanese translation:
メインクラス <Parameter 1> main メソッドが見つからなかったため、アプリケーションクライアント <Parameter 2> を起動できませんでした。
Correct Japanese translation:
メインクラス <Parameter 2> main メソッドが見つからなかったため、アプリケーションクライアント <Parameter 1> を起動できませんでした。
Revised on 2020-03-20 18:38:12 UTC