Release notes for Red Hat JBoss Enterprise Application Platform 8.0 Beta
These release notes contain important information related to Red Hat JBoss Enterprise Application Platform release 8.0 Beta
These release notes contain important information related to Red Hat JBoss Enterprise Application Platform 8.0 Beta.
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Due to the enormity of this endeavor, these changes will be gradually implemented over upcoming releases. For more details on making our language more inclusive, see our CTO Chris Wright’s message.
Chapter 1. How to read the Red Hat JBoss Enterprise Application Platform 8.0 Beta documentation
We are in the process of modernizing the Red Hat JBoss Enterprise Application Platform 8.0 documentation. We are working to create more solution-centric documentation.
The JBoss EAP 8.0 Beta documentation contains content specific to the JBoss EAP 8.0 Beta release including new and enhanced features found in JBoss EAP 8.0 Beta. Functionality from previous releases that are still supported in JBoss EAP 8.0 Beta can be accessed in the JBoss EAP 7.4 documentation set. You can access the documentation set at Product Documentation for Red Hat JBoss Enterprise Application Platform 7.4.
The following is a suggested approach for using the JBoss EAP 8.0 Beta documentation:
- Read the JBoss EAP 8.0 Beta Release Notes to learn about new, enhanced, unsupported, and removed features.
- Read the other JBoss EAP 8.0 Beta documentation set for detailed information about new and enhanced features.
- Read the JBoss EAP 8.0 Beta Migration Guide for details on how to migrate applications to JBoss EAP 8.0 Beta.
- If you need information on features supported from previous releases that have not been enhanced in JBoss EAP 8.0 Beta, see the JBoss EAP 7.4 documentation set at Product Documentation for Red Hat JBoss Enterprise Application Platform 7.4. For example, development and configuration guides are available in the JBoss EAP 7.4 documentation set.
Chapter 2. JBoss EAP 8.0 Beta Certification Status
2.1. JBoss EAP 8.0 Beta and Jakarta EE 10
JBoss EAP 8.0 Beta is a major milestone on the way to the planned full support for Jakarta EE 10 in JBoss EAP 8.0 GA. JBoss EAP 8.0 Beta provides implementations of the Jakarta EE 10 APIs. Compared to Jakarta EE 8, that is supported by JBoss EAP 7.4, Jakarta EE 10 comes with many changes to Jakarta EE. For more information, see how to migrate your JBoss EAP applications from Jakarta EE 8 to Jakarta EE 10.
2.2. Package Namespace Change
The packages used for all EE APIs have changed from
jakarta. This follows the move of Java EE to the Eclipse Foundation and the establishment of Jakarta EE.
This change does not affect
javax packages that are part of Java SE.
- For more information, see The javax to jakarta Package Namespace Change.
Chapter 3. Supported configurations
The Red Hat JBoss Enterprise Application Platform 8.0 Beta supported configurations knowledgebase article on the Red Hat Customer Portal lists the Java Virtual Machines (JVMs) that support JBoss EAP 8.0 Beta, as well as tested configurations that include but are not limited to commonly used operating systems, databases, and JMS brokers.
Red Hat Single Sign-On SAML adapters support
Using Red Hat Single Sign-On SAML adapters with JBoss EAP 8.0 will be supported when the adapters are released as a
.zip file by Red Hat Single Sign-On. For information about Red Hat Single Sign-On, see the Red Hat Single Sign-On product page.
Chapter 4. New features and enhancements
4.1. Management console
Inclusive language, label changes
Toward Red Hat’s commitment to replacing problematic language in our code, documentation, and web properties, beginning with 8.0 Beta, the JBoss EAP management console will display more inclusive wording and labels. Specifically, you will notice the following changes to the management console resource addresses and user interface elements:
|New term||Previous term|
Adding, editing, and removing constant HTTP headers to response messages
In the JBoss EAP 8.0 Beta management console, you can now add, edit, or remove constant HTTP response headers. To add a new path and header, from the Server page, select Constant Headers, then click Add. To edit or remove an existing path header, select the path whose header you want to modify, then click either Edit or Remove.
Displaying Java Message Service bridge statistics for processed messages
A message bridge consumes messages from a source queue or topic, then sends them on to a target queue or topic, usually on a different server. A bridge can also send messages from one cluster to another. The Java Message Service (JMS) bridge provides statistics about messages that the bridge processed. Specifically, it collects the following data:
- number of messages successfully committed (message count)
- number of messages aborted (messages aborted)
With this update, the JBoss EAP 8.0 Beta management console includes a new JMS Bridge column to display these statistics in the Runtime section. Note that this new feature affects the
Configuring enhanced audit logging
In the JBoss EAP 8.0 Beta management console, you can configure the following two additional audit logging attributes in your
Define the format for your audit log messages. Supported values are
RFC5424. ("RFC" stands for "request for comments.")
Define the maximum number of failed attempts JBoss EAP should make to connect to the syslog server before closing the endpoint.
Starting servers in suspended mode
You can now use the JBoss EAP 8.0 Beta management console to start servers in suspended mode. Select the new Start in suspended mode option, available in the following drop-down menus:
- Runtime > Topology
- Runtime > Server Groups
- Runtime > Server Groups > Server
- Runtime > Host > Server
Configuring the certificate-authority attribute for the certificate-authority-account resource
With JBoss EAP 8.0 Beta, you can use any certificate authority for your
certificate-authority-account Elytron resource. Previously, JBoss EAP supported only the Let’s Encrypt certificate authority, and the
certificate-authority attribute was not configurable.
With this update, you can add, configure, or remove any certificate authority by opening the JBoss EAP management console and clicking Configuration > Subsystems > Security > Other Settings > Other Settings > Certificate Authority. From there, click Add to add a new certificate authority. To modify one you already have, select it, then click Edit. To remove a certificate authority, select it, then click Remove.
Configuring the OCSP as an Elytron trust manager
With JBoss EAP 8.0 Beta, you can configure the Online Certificate Status Protocol (OCSP) as the trust manager for the Elytron
undertow subsystem. Previously, JBoss EAP supported only a certificate revocation list (CRL) as trust manager.
With this update, you can configure the OCSP as your trust manager by opening the JBoss EAP management console and clicking Configuration > Subsystems > Elytron > Other Settings > SSL > Trust Manager. Next, either select or create a trust manager and then, from the Trust Manager window, select the OCSP tab and click Add.
Pausing Java Message Service topics
From the JBoss EAP 8.0 Beta management console, you can now navigate to Runtime > Messaging > Server > Server Name > Destination to select and then pause a Java Message Service (JMS) topic. After you address the related messaging issue, you can also resume the paused topic. JMS previously sent messages to all active subscribers without any way to interrupt them.
Non-heap memory usage added to server status preview
With JBoss EAP 8.0 Beta, you can see more information in the server status preview about the memory consumption of your server. Previously, the preview displayed only heap memory usage: Used and Committed. With this update, it also displays the same information for non-heap memory usage.
Automatically add or update credential store passwords when you add or update a datasource
Beginning with JBoss EAP 8.0 Beta, when you create a datasource from the management console, you can automatically add a password for that datasource to your credential store. From the management console, select Configuration > Subsystems > Datasources, then click Add to add a new datasource. Next, enter the credential store name where you want to save the password for the new datasource, an alias for the credential, and the plain text password you want to use. To modify an existing datasource, select it, then click Edit.
Create, read, update, and delete Elytron resources
From the JBoss EAP 8.0 Beta management console, you can now create, read, update, or delete any of the following four evidence decoders:
- Aggregate Evidence Decoders
- Custom Evidence Decoders
- X500 Subject Evidence Decoders
- X509 Subject Alt Name Evidence Decoder
To take one of these actions, navigate to Configuration > Subsystems > Security > Mappers & Decoders > Evidence Decoder.
Viewing the deployment hash value
The JBoss EAP 8.0 Beta management console can now display your deployment hash value in the deployment preview. This means that you can determine at a glance whether your deployment was valid and successful.
Adding and configuring interceptors in the EJB 3 subsystem
From the JBoss EAP 8.0 Beta management console, you can now add and configure system-wide, server-side interceptors in the
ejb3 subsystem. From the console, select Configuration > EJB > Container to make your additions or changes.
Configuring Infinispan distributed web session affinity
With JBoss EAP 8.0 Beta, in the
distributable-web subsystem, you now have more control over the affinity, or load balancer "stickiness", of a distributed web session. To change your session affinity to something other than the Primary-owner default, in the management console, click Configuration > Distributable Web > View > Infinispan Session. Next, choose a session and select Affinity to make your changes. Affinity options now include the following:
Previously, the only available affinity was Primary-owner.
Configuring global directories in EE subsystem
With the JBoss EAP 8.0 Beta management console, you can now configure a new
ee subsystem resource,
/subsystem=ee/global-directory=*. You can use a global directory to add content to a deployment class path without listing the contents of the directory. To configure a global directory resource, navigate to Configuration > Subsystems > EE > Globals.
Configuring cipher suites in Elytron
With the JBoss EAP 8.0 Beta management console, you can now enable TLS 1.3 cipher suites using the
cipher-suite-names attribute to secure your network connection. Specifically, you can now configure the following
elytron subsystem resources:
To configure the
cipher-suite-names attribute for the
/subsystem=elytron/client-ssl-context=* resource from the management console, navigate to Configuration > Subsystems > Security > Other Settings > SSL > Client SSL Context.
To configure the
cipher-suite-names attribute for the
/subsystem=elytron/server-ssl-context=* resource from the management console, navigate to Configuration > Subsystems > Security > Other Settings > SSL > Server SSL Context.
JAAS realm in the
In JBoss EAP 8.0 Beta, the legacy security subsystem has been removed. To continue using your custom login modules with the
elytron subsystem, use the new Java Authentication and Authorization Service (JAAS) security realm,
jaas-realm only supports JAAS-compatible login modules. For information about JAAS, see Java Authentication and Authorization Service (JAAS) Reference Guide.
jaas-realm does not support custom login modules that extend or are dependent upon PicketBox APIs.
elytron subsystem provides
jaas-realm, it is preferable to use other existing security realms that the subsystem provides. These include
token-realm, and others. You can also combine different security realms by configuring
failover-realm. If none of these suits your purpose, implement a custom security realm and use it instead of custom login module.
The following are cases where you should use
jaas-realm instead of implementing a custom security realm:
You are migrating to the
elytronsubsystem from legacy security and already have custom login modules implemented.
- You are migrating from other application servers to JBoss EAP and already have the login modules implemented.
You require combining multiple login modules with various flags and options provided to those login modules. These flags and options might not be configurable for the provided security realms in the
For more information, see Creating a JAAS realm in the Securing applications and management interfaces using multiple identity stores guide.
Configure multiple certificate revocation lists in Elytron and Elytron client
You can now configure multiple certificate revocation lists (CRL) in the
elytron subsystem and WildFly Elytron client when you use several Certificate Authorities (CA). You can specify the list of CRLs to use in the
certificate-revocation-lists attribute in the
For more information, see Configuring certificate revocation checks in Elytron in the Configuring SSL/TLS in JBoss EAP guide.
Native OpenID Connect client
You can now secure applications deployed to JBoss EAP with OpenID Connect (OIDC) using the new native support for OIDC instead of installing the previously required Red Hat Single Sign-On Client Adapter. The new
elytron-oidc-client subsystem provides the native support. The Red Hat Single Sign-On Client Adapter is not provided in this release.
For more information, see OpenID Connect configuration in JBoss EAP in the Using single sign-on with JBoss EAP guide.
hash-charset attributes for hashed passwords
You can now specify the character set and the string format for the hashed passwords that are stored in
elytron subsystem security realms by using the
hash-encoding attributes. The default
hash-charset value is
UTF-8. You can set the
hash-encoding value to either
base64 is the default for all realms except the
hex is the default.
The new attributes are included in the following security realms:
For more information, see the Securing applications and management interfaces using an identity store guide.
Beginning with JBoss EAP 8.0 Beta, you can specify the
SSLv2Hello protocol for
client-ssl-context in the
You must configure another encryption protocol if you want to configure
SSLv2Hellobecause the purpose of the latter is to determine which encryption protocols the connected server supports.
IBM JDKdoes not support
SSLv2Helloin its client, although a server-side connection always accepts this protocol.
You can now encrypt the clear passwords, hashed passwords, and attributes associated with identities in a
filesystem-realm for better security. You can do this in two ways:
Create an encrypted
filesystem-realmby referencing a secret key in the
Encrypt an existing
filesystem-realmusing the new
filesystem-realm-encryptcommand in the WildFly Elytron Tool.
You can now also enable integrity checks for a
filesystem-realm to ensure that the identities in the
filesystem-realm were not tampered with since the last authorized write. You can do this by referencing a key pair when you create the
filesystem-realm using the
add operation. WildFly Elytron generates a signature for the identity file using the key pair. An integrity check runs whenever an identity file is read.
For more information, see Filesystem realm in Elytron in the Securing applications and management interfaces using an identity store guide.
Configuring web session replication using a ProtoStream
You can now configure web session replication using a ProtoStream instead of JBoss Marshalling in JBoss EAP 8.0 Beta.
4.4. Datasource subsystem
valid-connection-checker for a datasource
You can now configure a custom
valid-connection-checker for a datasource using a JBoss Module.
JBoss EAP 8.0 Beta server interoperability with JBoss EAP 7 and JBoss EAP 6
In JBoss EAP 8.0 Beta you can enable interoperability between JBoss EAP 8.0 Beta and older versions of your JBoss EAP server. JBoss EAP supports Jakarta EE 10 whose API class uses the
jakarta package namespace. However, older versions of JBoss EAP use the
javax package namespace.
- The older versions supported are JBoss EAP 6 and JBoss EAP 7
interoperability between JBoss EAP 6 and JBoss EAP 7 is not affected by this issue as both servers support the
For more information about how to enable interoperability between JBoss EAP 8.0 Beta and older versions of JBoss EAP see, how to enable interoperability.
Infinispan-based distributed timers
In JBoss EAP 8.0 Beta, you can now use Infinispan-based distributed timers to schedule persistent Jakarta Enterprise Bean timers within a cluster, which you can scale to large clusters. For more information, see EAP 8 - how to configure Infinispan based distributed timers.
Distributable EJB subsystem
distributable-ejb subsystem to configure clustering abstractions providers required for
ejb3 subsystem functionalities, such as:
- Stateful session beans (SFSB) cache factories
- Client mappings registries for EJB client applications
- Distributed EJB timers
You can currently define these providers at a system-wide level. It is planned to develop functionality to enable deployment-specific providers by customizing the
ejb3 subsystem. For more information, see What is the distributable-ejb subsystem in EAP 8.
RH-SSO SAML support for JBoss EAP 8.0 Beta
Using Red Hat Single Sign-On SAML adapters with JBoss EAP 8.0 Beta Source-to-Image (S2I) image will be supported when the adapters are released. For more information, see OpenShift, SSO SAML support for EAP 8.
Provisioning a JBoss EAP server using the Maven plug-in
You can now use the JBoss EAP Maven plug-in on OpenShift to:
- Provision a trimmed server using Galleon.
- Install your application on the provisioned server.
- Tune the server configuration using the JBoss EAP management CLI.
Package extra files into the server installation, such as a
- Integrate the plug-in into your JBoss EAP 8.0 Beta source-to-image application build.
For more information, see Provisioning a JBoss EAP server using the Maven plug-in.
OpenID Connect support for JBoss EAP source-to-image
You can now secure applications deployed to JBoss EAP with OpenID Connect (OIDC) using the new
elytron-oidc-client subsystem instead of installing the previously required Red Hat Single Sign-On Client Adapter. You can configure an
elytron-oidc-client subsystem by using the environment variables to secure the application with OIDC. The Red Hat Single Sign-On Client Adapter is not provided in this release. For more information, see Using OpenID Connect to secure JBoss EAP applications on OpenShift.
Building application images using Source-to-Image
In JBoss EAP 8.0 Beta, an installed server has been removed from Source-to-Image (S2I) builder images. Galleon feature-packs and layers are now used to provision the server during the S2I build phase. To provision the server, include and configure the JBoss EAP Maven plug-in in the
pom.xml file of your application. For more information, see Building application images using source-to-image in OpenShift.
Override management attributes with environment variables
To more easily adapt your JBoss EAP server configuration to your server environment, you can use an environment variable to override the value of any management attribute, without editing your configuration file. You cannot override management attributes of type
PROPERTY. In JBoss EAP 8.0 Beta OpenShift runtime image, this feature is enabled by default. For more information, see Overriding management attributes with environment variables.
Environment variable checks for resolving management model expressions
JBoss EAP now supports environment variable checks when resolving management model expressions. In previous versions of JBoss EAP, the JBoss EAP server only checked for Java system properties in the management expression. Now, the server will check for a relevant environment variable in addition to the system property. If you use both, JBoss EAP observes and uses the Java system property rather than the environment variable to resolve the management model expression. For more information about using environment variables to resolve management model expressions, see Environment variables and model expression resolution.
4.7. Quickstarts and BOMs
Supported EAP 8 quickstarts
All supported JBoss EAP 8 quickstarts are located at jboss-eap-quickstarts.
New JBoss EAP BOMs for Maven
JBoss EAP BOMs provide the Maven BOM files that specify the versions of JBoss EAP dependencies that are needed for building or testing your Maven projects. In addition, Jakarta EE 10 BOMs provide dependency management for related frameworks such as Hibernate, RESTasy, and proprietary components like Infinispan and Client BOMs.
4.8. Server Migration Tool
JBoss EAP Server Migration Tool
The Server Migration Tool is now a standalone migration tool and is no longer included with JBoss EAP 8.0 Beta. You can download the migration tool separately.
Chapter 5. Unsupported, deprecated, and removed functionality
5.1. Unsupported features
The following features are not supported by Red Hat.
Red Hat JBoss Enterprise Application Platform 8.0 Beta does not support the EAP operator. You cannot deploy your JBoss EAP applications using the EAP operator. For more information, see JBoss EAP Operator Support Policy.
JBoss EAP 8.0 Beta does not support Apache Log4j version 1 APIs. If your applications do not package
log4j.jar and Log4j configuration as part of the application, then you must update them. For more information about migrating or updating your applications, see the Red Hat Knowledgebase solution Migration: Apache Log4j version 1 is no longer provided in EAP 8.
5.2. Deprecated features
Some features are deprecated with this release. This means that no enhancements will be made to these features, and they might be removed in a future release.
Red Hat will continue providing full support and bug fixes under our standard support terms and conditions. For more information about the Red Hat support policy, see the Red Hat JBoss Middleware Product Update and Support Policy located on the Red Hat Customer Portal.
For details of which features have been deprecated, see the JBoss Enterprise Application Platform Component Details located on the Red Hat Customer Portal.
Support for the following platforms and features is deprecated:
Support for JDK 11 was deprecated in JBoss EAP 7.4, and JDK 11 continues to be deprecated in JBoss EAP 8.0 Beta. JBoss EAP 8.0 Beta continues to support JDK 17.
The Java Security Manager is deprecated.
5.3. Removed features
Version 8.0 Beta removes the following features from JBoss EAP.
Prometheus have been removed in this release. These features have been dropped and will no longer be supported by Red Hat. JBoss EAP server exposes metrics through the server metrics endpoint:
<server address>:<management port>/metrics.
Red Hat has removed the following environment variables in JBoss EAP 8.0 Beta:
JDK 8 has been removed from Red Hat JBoss Enterprise Application Platform 8.0 Beta. JDK 11 or JDK 17 is now required.
Legacy security realms
The legacy security realms have been removed from JBoss EAP 8.0 Beta. Use the security realms provided in the
elytron subsystem instead.
For more information, see the Securing applications and management interfaces using an identity store, and Securing applications and management interfaces using multiple identity stores guides.
PicketBox has been removed from Red Hat JBoss Enterprise Application Platform 8.0 Beta. Any legacy security configurations must be migrated to the
elytron subsystem. For more information about migrating your security configurations to the
elytron subsystem, see Migrating to Elytron.
PicketBox vault has been removed from JBoss EAP 8.0 Beta. Use the credential store provided by the
elytron subsystem to store sensitive strings instead.
For more information, see Credentials and credential stores in Elytron in the Secure storage of credentials in JBoss EAP guide.
Using Red Hat Single Sign-On SAML adapters with JBoss EAP 8.0 will be supported when the adapters are released as a
.zip file by Red Hat Single Sign-On.
The PicketLink subsystem has been removed from JBoss EAP 8.0 Beta. Use Red Hat Single Sign-On instead of the PicketLink identity provider, and the Red Hat Single Sign-On SAML adapter instead of the PicketLink service provider.
For more information, see the following resources:
Red Hat JBoss Enterprise Application Platform 7.4 removed the
broadcast-group resources. These resources are still removed in JBoss EAP8.0 Beta.
Additionally, Red Hat JBoss Enterprise Application Platform 7.4 reduced the impact to its web console by replacing all instances of
broadcast-group resources with
JBoss EAP 7.3 deprecated the following resources in the
JBoss EAP 7.3 replaced these deprecated resources with
socket-discovery-group resources. Each deprecated resource included an attribute from each replacement resource, with one attribute set to
null and the other attribute set to a value greater than
0. These settings caused both
broadcast-group to remain active, but still assign all their functionality to the
The following outdated or redundant quickstarts have been removed from JBoss EAP 8.0 Beta:
Red Hat Single Sign-On Client Adapter
Red Hat JBoss Enterprise Application Platform 8.0 Beta does not provide the Red Hat Single Sign-On Client Adapter. Use the new
elytron-oidc-client subsystem to secure applications deployed to JBoss EAP with OpenID Connect (OIDC).
Java service on Red Hat Enterprise Linux
Java service (JSVC) running on Red Hat Enterprise Linux (RHEL) has been removed from JBoss EAP 8.0 Beta.
The following BOMs have been removed:
JBoss Jakarta EE 8 Specification APIsBOM is removed. Use the
JBoss EAP EEBOM in your Maven project.
EAP Runtime ArtifactsBOM is removed. Use the
JBoss EAP EEBOM in your Maven project.
For more information, see changes relating to JBoss EAP 8 BOM updates.
Chapter 6. Known issues
See Known Issues for Red Hat JBoss Enterprise Application Platform 8.0 Beta to view the list of known issues for this release.
Revised on 2022-12-16 12:18:18 UTC