Red Hat OpenShift Application Runtimes Release Notes

Red Hat OpenShift Application Runtimes 1

For use with Red Hat OpenShift Application Runtimes

Red Hat Customer Content Services

Abstract

This Release Note contains important information related to Red Hat OpenShift Application Runtimes

Chapter 1. Supported Runtime Component Configurations and Integrations

The following resources define the support scope for RHOAR runtime components:

Chapter 2. Technology Preview

Red Hat does not provide support for Technology Preview components provided with this release of Red Hat OpenShift Application Runtimes. Items designated as Technology Preview in the sections below have limited supportability, as defined by the Technology Preview Features Support Scope.

Technology preview features and components provided with this release include:

Chapter 3. RHOAR Deployment Platforms

Container Development Kit

RHOAR runtimes have been tested on Red Hat Container Development Kit (CDK). CDK configures a pre-built Single-node OpenShift Cluster cluster on a local machine. CDK includes Minishift and the oc CLI tool. CDK provides users with a means of deploying Booster applications locally. CDK is available for download from the Red Hat Developer Portal. A free Red Hat developer account is required to access the download.

OpenShift Online Pro

RHOAR runtimes have been tested on OpenShift Online Pro.

OpenShift Online Starter

It is possible to use RHOAR on the zero-cost OpenShift Online Starter cluster, although issues may arise due to resource quotas for some boosters and for executing advanced commands (scale up, rolling upgrade, etc).

OpenShift Container Platform

RHOAR runtimes are fully supported on the OpenShift Container Platform.

Chapter 4. Required Infrastructure Component Versions

The following versions of infrastructure components are required for all runtimes distributed as part of a RHOAR release. Red Hat does not provide support for components listed below, with the exception of components explicitly designated as supported.

Component nameVersion

Fabric8 Maven Plugin

3.5.40

Maven

3.3.1 or later

Node.js v8[a]

8.12.0 LTS

Node.js v10[b]

10.11.0 LTS

Nodeshift

1.12.0

npm 5[c]

6.4.1

npm 6[d]

6.4.1

OpenShift Container Platform (OCP)[e]

3.10 or later

Minishift

1.25.0 or later

CDK[f]

3.6.0

JDK[g][h]

Java 8 JDK[i]

git

2.0 or later

oc command line tool

3.10 or later[j]

[a] The RHOAR Node.js v8 release is supported by Red Hat
[b] The RHOAR Node.js v10 release is supported by Red Hat
[c] Distributed with RHOAR as a supported RPM for Node.js 8
[d] Distributed with RHOAR as a supported RPM for Node.js 10
[e] OCP is supported by Red Hat
[f] CDK is supported by Red Hat
[g] A full JDK installation is required, as JRE does not provide tools for compiling Java applications from source.
[h] Red Hat OpenJDK is supported by Red Hat
[i] All versions of Java 8 are supported. Runtimes provided with this release do not support Java 9.
[j] The version of the oc CLI tool should correspond to the version of OCP that you are using.

Chapter 5. Common RHOAR Components

5.1. Fabric8 Maven Plugin

5.1.1. Known Fabric8 Maven Plugin Issues

5.1.1.1. Error pulling image when redeploying an application on OpenShift 3.7

Description

When deploying an application on OpenShift, the initial deployment succeeds, but re-deploying application using the Fabric8 Maven plugin results in the pod becoming stuck in the ImgPullErr state for extended periods of time. After several retries, the re-deployment completes successfully. The issue occurs on OpenShift 3.7.

Workaround

Before applying this workaround, ensure that you are using Fabric8 Maven Plugin version 3.5.35 and above. After deploying your application using mvn fabric8:deploy, re-deploy it manually using:

mvn -Dfabric8.openshift.trimImageInContainerSpec=true fabric8:deploy

Chapter 6. Eclipse Vert.x

The Eclipse Vert.x runtime artifacts provided with this release of RHOAR are all based on community version 3.5.3.

6.1. Supported Maven Artifacts Provided with Eclipse Vert.x

GroupIDArtifactIDVersion

io.vertx

vertx-auth

3.5.3.redhat-00001

io.vertx

vertx-auth-htdigest

3.5.3.redhat-00001

io.vertx

vertx-auth-htpasswd

3.5.3.redhat-00001

io.vertx

vertx-auth-jwt

3.5.3.redhat-00001

io.vertx

vertx-auth-oauth2

3.5.3.redhat-00001

io.vertx

vertx-circuit-breaker

3.5.3.redhat-00001

io.vertx

vertx-config-kubernetes-configmap

3.5.3.redhat-00001

io.vertx

vertx-config-yaml

3.5.3.redhat-00001

io.vertx

vertx-core

3.5.3.redhat-00001

io.vertx

vertx-dependencies

3.5.3.redhat-00001

io.vertx

vertx-grpc

3.5.3.redhat-00001

io.vertx

vertx-health-check

3.5.3.redhat-00001

io.vertx

vertx-infinispan

3.5.3.redhat-00001

io.vertx

vertx-jdbc-client

3.5.3.redhat-00001

io.vertx

vertx-mongo-client

3.5.3.redhat-00001

io.vertx

vertx-mqtt

3.5.3.redhat-00001

io.vertx

vertx-proton

3.5.3.redhat-00001

io.vertx

vertx-redis-client

3.5.3.redhat-00001

io.vertx

vertx-rx

3.5.3.redhat-00001

io.vertx

vertx-service-proxy

3.5.3.redhat-00001

io.vertx

vertx-service-discovery

3.5.3.redhat-00001

io.vertx

vertx-service-discovery-bridge-kubernetes

3.5.3.redhat-00001

io.vertx

vertx-sockjs-service-proxy

3.5.3.redhat-00001

io.vertx

vertx-web

3.5.3.redhat-00001

io.vertx

vertx-web-client

3.5.3.redhat-00001

io.vertx

vertx-web-templ-freemarker

3.5.3.redhat-00001

io.vertx

vertx-web-templ-handlebars

3.5.3.redhat-00001

6.2. Technology Preview Maven Artifacts Provided with Eclipse Vert.x

Red Hat provides limited support for Eclipse Vert.x artifacts designated as Technology Preview:

Group IDArtifact IDVersion

io.vertx

vertx-kafka-client

3.5.3.redhat-00001

io.vertx

vertx-rx-java2

3.5.3.redhat-00001

io.vertx

vertx-config-vault

3.5.3.redhat-00001

io.vertx

vertx-micrometer-metrics

3.5.3.redhat-00001

6.3. Eclipse Vert.x Maven Artifacts Provided with Developer Support

The following artifacts are available with RHOAR Eclipse Vert.x within the Development Support scope for Red Hat products. Red Hat provides no support for use of the listed artifacts in production-level environments. Red Hat may provide a limited level of support for the use of these artifacts in application development. Such support is typically limited to providing knowledge about the component to the developer for the purposes of development only, and without any commitment to guarantee the functionality of the component in question outside of a development environment.

Group IDArtifact IDVersion

io.vertx

vertx-junit5

3.5.3.redhat-00001

io.vertx

vertx-unit

3.5.3.redhat-00001

6.4. Deprecated Eclipse Vert.x Maven Artifacts

Group IDArtifact IDVersion

io.vertx

vertx-rx-java

3.5.3.redhat-00001

6.5. New Eclipse Vert.x features

This release of RHOAR Eclipse Vert.x introduces the following new features and feature updates:

JBoss Data Grid Infinispan 8.5.1
The vertx-infinispan component provided with this release of RHOAR Eclipse Vert.x uses artifacts provided by the JBoss Data Grid 7.2. These components replace the community Infinispan that vertx-infinispan depended on in the previous releases of RHOAR Eclipse Vert.x.

6.6. Resolved Eclipse Vert.x Issues

The RHOAR Eclipse Vert.x 3.5.3 release serves as a replacement for RHOAR Eclipse Vert.x 3.5.1, and includes bug fixes and enhancements. For a detailed list of issues resolved in the community Eclipse Vert.x 3.5.3 release, see the community release notes.

6.6.1. CVE-2018-12537

Affected component
vertx-core
Issue Summary
Improper neutralization of CRLF sequences allows remote attackers to inject arbitrary HTTP response headers.
Red Hat CVE database entry
CVE-2018-12537
Bugzilla Bug ID
1591072

6.6.2. CVE-2018-12540

Affected componet
vertx-web
Issue Summary
the CSRFHandler do not assert that the XSRF Cookie matches the returned XSRF header/form parameter. This allows replay attacks with previously issued tokens which are not expired yet.
Red Hat CVE database entry
CVE-2018-12540
Bugzilla Bug ID
1600666

6.7. Known Eclipse Vert.x Issues

6.7.1. False Connection reset by peer error messages when calling application endpoint

Description:

Making an HTTP request on an endpoint of a Vert.x application using either curl or a Java HTTP client, produces the following error in the logs after each request:

io.vertx.core.net.impl.ConnectionBase
SEVERE: java.io.IOException: Connection reset by peer

This behavior is caused by the interaction of the Netty application framework and the HAProxy load-balancer used by OpenShift. The error occurs due to existing HTTP connections being re-used by HAProxy without closing. Even though the error message is logged, no error condition occurs. HTTP requests are handled correctly and the application responds as expected.

Chapter 7. Thorntail

The Thorntail runtime artifacts provided with this release of RHOAR are all based on upstream version 2.2.0.Final.

7.1. Migrating your application from WildFly Swarm to Thorntail

7.1.1. Naming and versioning changes in Thorntail 2.2.0

With this release, the name of the WildFly Swarm runtime changes to Thorntail. The product release versioning scheme also changes, as RHOAR Wildfly Swarm 7.1.0 is followed by Thorntail 2.2.0. From a technical perspective, the new versioning scheme is intended to be a continuation of the 7.x.x scheme and does not constitute a new major product version. Subsequent Thorntail product releases will follow the new versioning scheme.

The name change has the following impact:

  • The groupId of productized artifacts changes to io.thorntail from org.wildfly.swarm.
  • The artifactId for the Maven plugin changes to thorntail-maven-plugin.
  • The suffix of generated uberjars and hollow JAR files changes to -thorntail.jar.

You need to:

The name change does NOT impact:

  • class names
  • package names
  • the set of productized artifacts shipped with Thorntail.
  • configuration properties

7.1.2. Updating the build configuration of your application

Manually migrate your application project from WildFly Swarm 7.1.0 to Thorntail 2.2.0.

Prerequisites

  • A Maven-based application project using the WildFly Swarm runtime.

Procedure

  1. Update the groupId and version of the BOM referenced in the pom.xml file of your application project.

    ...
    <dependency>
       <groupId>io.thorntail</groupId>
       <artifactId>bom</artifactId>
       <version>2.2.0.Final-redhat-00021</version>
    </dependency>
    ...
  2. Change the groupId of each fraction defined as a dependency in the pom file of your application project from org.wildfly.swarm to io.thorntail. For example:

    ...
    <dependency>
      <groupId>io.thorntail</groupId>
      <artifactId>jaxrs</artifactId>
    </dependency>
    ...
  3. Change groupId and artifactId of the Maven plugin in the pom.xml to the values appropriate for Thorntail:

    ...
    <plugin>
      <groupId>io.thorntail</groupId>
      <artifactId>thorntail-maven-plugin</artifactId>
    </plugin>
    ...
  4. Update the suffix of JAR file names in commands that you use to run your apps to -thorntail.jar so that it refers to Thorntail.

    java -jar target/MY_APP_NAME-1.0.0-thorntail.jar
  5. Update the name of the Maven plugin in commands that invoke it. For example:

    mvn thorntail:start
  6. If you use Fabric8 Maven Plugin to deploy your apps to OpenShift, ensure that you upgrade it to version 3.5.40 or later. Earlier FMP versions do not support the current release of Thorntail.

    <project>
     <build>
      ...
       <plugins>
        ...
         <plugin>
           <groupId>io.fabric8</groupId>
           <artifactId>fabric8-maven-plugin</artifactId>
           <version>3.5.40</version>
         </plugin>
         ...
       </plugins>
       ...
     </build>
    </project>

    Note that the set of features that FMP supports for deploying Thorntail applications is not impacted by the rename. You must, however, update the names of these features if you refer to them directly in your project.

    Table 7.1. Fabric8 Maven Plugin name changes

    FMP conceptName in WildFly SwarmName in Thorntail

    Docker image generator

    wildfly-swarm

    thorntail-v2

    Health Check enricher name

    f8-wildfly-swarm-health-check

    f8-thorntail-v2-health-check

    Reference to health check enricher in pom.xml

    <wildfly-swarm-health-check>

    <thorntail-v2-health-check>

  7. If you use a parser to parse the log output of your application, ensure that you update the prefixes of log messages to match the prefixes used by Thorntail:

    Table 7.2. Log message prefix changes

    WildFly SwarmThorntail

    WFSWARMnnnnn

    THORNnnnnn

    WFSxxxnnnnn

    TTxxxnnnnn

7.1.3. Migrating your application project to Thorntail automatically using the Thorntail Maven Plugin.

Migrate your application project from WildFly Swarm 7.1.0 to Thorntail 2.2.0 automatically using the Thorntail Maven Plugin.

Prerequisites

  • A Maven-based application project using the WildFly Swarm runtime.

Procedure

  1. Modify your local settings.xml file to point to the Red Hat General Availability Maven Repository to enable Maven to download the latest Thorntail Maven Plugin version. By default, the local repository settings file is located at ~/.m2/settings.xml.

    <settings>
      <profiles>
        ...
        <profile>
          <id>redhat-maven-repository</id>
          <repositories>
            <repository>
              <id>redhat-ga</id>
              <name>Red Hat General Availability Maven Repository</name>
              <url>https://maven.repository.redhat.com/ga/</url>
            </repository>
          </repositories>
          <pluginRepositories>
            <pluginRepository>
              <id>redhat-ga</id>
              <name>Red Hat General Availability Maven Repository</name>
              <url>https://maven.repository.redhat.com/ga/</url>
            </pluginRepository>
          </pluginRepositories>
        </profile>
        ...
      </profiles>
      <activeProfiles>
        ...
        <activeProfile>redhat-maven-repository</activeProfile>
        ...
      </activeProfiles>
    </settings>
  2. Execute the Maven command for the upgrade goal.

    mvn io.thorntail:thorntail-maven-plugin:2.2.0.Final-redhat-00021:migrate-from-wildfly-swarm

    To preview the migration actions without making changes, append the -DdryRun=true parameter to the automated upgrade command.

    It is recommended that you review the changes to your application project configuration once the automated migration is complete.

  3. If you use Fabric8 Maven Plugin to deploy your apps to OpenShift, ensure that you upgrade it to version 3.5.40 or later. Earlier FMP versions do not support the current release of Thorntail.

    <project>
     <build>
      ...
       <plugins>
        ...
         <plugin>
           <groupId>io.fabric8</groupId>
           <artifactId>fabric8-maven-plugin</artifactId>
           <version>3.5.40</version>
         </plugin>
         ...
       </plugins>
       ...
     </build>
    </project>

    Note that the set of features that FMP supports for deploying Thorntail applications is not impacted by the rename. The automated migration goal does not update any direct references to FMP features that you may have in your project. You must update the names of these features manually.

    Table 7.3. Fabric8 Maven Plugin name changes

    FMP conceptName in WildFly SwarmName in Thorntail

    Docker image generator

    wildfly-swarm

    thorntail-v2

    Health Check enricher name

    f8-wildfly-swarm-health-check

    f8-thorntail-v2-health-check

    Reference to health check enricher in pom.xml

    <wildfly-swarm-health-check>

    <thorntail-v2-health-check>

7.2. Breaking changes to OpenTracing components in Thorntail 2.2.0

In previous releases, the jaeger fraction automatically introduced the opentracing fraction as a dependency to your project. In the Thorntail 2.2.0 release, the jaeger and opentracing fractions are decoupled to allow the jaeger fraction to be reused by any other tracing fraction. The change is required to improve the way Thorntail supports both the old opentracing and the new microprofile-opentracing fractions. In this release, the jaeger fraction only provides tracer configuration.

You must manually specify one of the 2 OpenTracing fractions provided by Thorntail 2.2.0 as a dependency in the pom.xml file of your project:

  • opentracing
  • microprofile-opentracing

To retain the behavior of the tracing functionality in your application, in instances where you previously only specified the jaeger fraction, you must also explicitly specify a dependency on the opentracing fraction.

7.3. Breaking changes to JAX-RS components.

In RHOAR Thorntail 2.2.0, subclasses of the JAX-RS Application class are no longer generated by default. To enable Thorntail to generate the subclass of the JAX-RS Application class, you must:

  • not have a custom Application subclass in your project,
  • have the swarm.deployment.WAR_FILE_NAME.jaxrs.application-path key set in project-defaults.yml.

7.4. New Thorntail features and feature upgrades

This release of RHOAR Thorntail introduces the following new features and feature upgrades:

MicroProfile 1.3
This release of RHOAR Thorntail implements the MicroProfile version 1.3 specification.
Enterprise Application Platform 7.1.4.GA
EAP dependencies used by RHOAR Thorntail have been updated and aligned with the 7.1.4.GA release of Red Hat JBoss Enterprise Application Platform.
Red Hat SSO 7.2.4.GA
This RHOAR Thorntail release uses components provided by Red Hat Single Sign-On release version 7.2.4.GA.

7.5. Resolved Thorntail Issues

7.5.1. Notable non-security issue fixes

7.5.1.1. MicroProfile JWT: cannot use different roles for different methods with the same @Path but different @Produces and/or @Consumes annnotations.

Description

The implementation of MicroProfile JWT used in RHOAR WildFly Swarm 7.1.0 was previously unable to honor the @RolesAllowed annotations properly. This lead to a situation where separation of access roles to different methods did not work for methods that shared a common @Path, but had different @Produces and/or @Consumes annotations. This issue has been fixed in the RHOAR Thorntail 2.2.0 release.

7.5.1.2. MicroProfile JWT: cannot use different roles for different methods with parameterized @Paths that share a common prefix

Description

Our implementation of MicroProfile JWT used in WildFly Swarm 7.1.0 was unable to honor the @RolesAllowed annotations properly. This lead to a situation where separation of access roles to different endpoints did not work for methods with parameterized @Paths that shared a common prefix. This issue has been fixed in the RHOAR Thorntail 2.2.0 release.

7.5.1.3. Maven build fails on downloading the org.wildfly.swarm:config-api-runtime artifact

Description

When building your application, Maven failed to download the org.wildfly.swarm:config-api-runtime artifact, causing the build to fail. This issue occured when you managed the dependency versions in the pom.xml file of your application manually, that is, without importing the BOM. This issue has been fixed in the RHOAR Thorntail 2.2.0 release.

7.5.2. Security issues fixes

7.5.2.1. CVE-2018-7489

Affected component
jackson-databind
Issue Summary
Incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries
Red Hat CVE database entry
CVE-2018-7489
Bugzilla Bug ID
1462702

7.5.2.2. CVE-2018-1047

Affected component
undertow
Issue Summary
Path traversal in ServletResourceManager class
Red Hat CVE database entry
CVE-2018-1047
Bugzilla Bug ID
1528361

7.6. Known Thorntail Issues

7.6.1. Thorntail Arquillian adapter ignores mvn -s settings.xml

Issue Key:

THORN-1546

NOTE: You do not have to log into JIRA to view this issue.

7.6.2. MicroProfile Fault Tolerance: CDI contexts not available in @Timeout methods

Description

If your application contains a @Timeout method that uses a contextual service , such as the @RequestScoped MyService shown in the example below, the contexts are not activated for that service.

@Inject
private MyService service;

@Timeout
public String doSomething() throws InterruptedException {
    return "Hello " + service.call();
}

The method is not @Asynchronous and should, therefore, be executed on the caller thread, which would make the CDI (Context and Dependency Injection) contexts available. However, the following debug message indicates that the contexts are not available:

2018-04-03 21:16:35,976 ERROR [io.undertow.request] (default task-1) UT005023: Exception handling request to /: org.jboss.weld.context.ContextNotActiveException: WELD-001303: No active contexts for scope type javax.enterprise.context.RequestScoped

Cause

This issue is caused by @Timeout methods always being invoked on a separate thread, even if they are not @Asynchronous.

Workaround

At the time of this release, there is no workaround available for this issue.

7.6.3. MicroProfile Metrics: Application metric behavior does not conform to metrics specification

Description

When you build and package your application and then run the resulting -thorntail.jar uberjar, the application metric is not registered immediately upon deployment. The application metric is registered only after the monitored method is called.

For example, your Thorntail application contains a simple application metric, such as:

@ApplicationScoped
public class HelloService {
    @Counted(monotonic = true, name = "hello", absolute = true, displayName = "HELLO", description = "Number of hello invocations")
    public String hello() {
        return "Hello from counted method";
    }
}
Note

You can test whether application metrics are registered by issuing an OPTIONS HTTP request to the /metrics REST endpoint. For example, localhost:8080/metrics, when running your application locally.

Cause

The implementation does not conform to the current version of the MicroProfile Metrics specification. The specification will likely change in the future to allow this behavior.

Workaround

At the time of this release, there is no workaround available for this issue.

7.6.4. Harmless error message in application log: Missing org.glassfish:javax.el-api:3.0.1.b08-redhat-1

Description

If your application, or any of its dependencies, depends on the Java Expression Language, it will display the following warning message during startup.

Failed downloading org/glassfish/javax.el-api/3.0.1.b08-redhat-1/javax.el-api-3.0.1.b08-redhat-1.pom from https://repository.jboss.org/nexus/content/groups/public/. Reason:
org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact org.glassfish:javax.el-api:pom:3.0.1.b08-redhat-1 in jboss-public-repository-group (https://repository.jboss.org/nexus/content/groups/public/)
Failed downloading org/glassfish/javax.el-api/3.0.1.b08-redhat-1/javax.el-api-3.0.1.b08-redhat-1.pom from http://repo.gradle.org/gradle/libs-releases-local/. Reason:
org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact org.glassfish:javax.el-api:pom:3.0.1.b08-redhat-1 in gradle (http://repo.gradle.org/gradle/libs-releases-local)
Failed downloading org/glassfish/javax.el-api/3.0.1.b08-redhat-1/javax.el-api-3.0.1.b08-redhat-1.pom from https://repo.maven.apache.org/maven2/. Reason:
org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact org.glassfish:javax.el-api:pom:3.0.1.b08-redhat-1 in central (https://repo.maven.apache.org/maven2)
Failed downloading org/glassfish/javax.el-api/3.0.1.b08-redhat-1/javax.el-api-3.0.1.b08-redhat-1.pom from http://repo1.maven.org/maven2/. Reason:
org.eclipse.aether.transfer.ArtifactNotFoundException: Could not find artifact org.glassfish:javax.el-api:pom:3.0.1.b08-redhat-1 in central (http://repo1.maven.org/maven2)

The message is harmless and does not impact the functionality of the application.

Cause

The likely cause of this issue is related to the way dependency resolution works in Thorntail. During the dependency resolution phase, Thorntail ignores dependency exclusions, and thus pulls in javax.el-api, despite javax.el-api being excluded in the EAP BOM. Since it is interpreted as a valid dependency, it is indicated as missing due to being absent from the repository, which causes the error messages displayed in the build log.

Workaround

At the time of this release, there is no workaround available for this issue.

7.7. Supported Maven Artifacts Provided with Thorntail

Group IDArtifact IDVersion

io.thorntail

bean-validation

2.2.0.Final-redhat-00021

io.thorntail

bom-certified

2.2.0.Final-redhat-00021

io.thorntail

bom

2.2.0.Final-redhat-00021

io.thorntail

cdi-config

2.2.0.Final-redhat-00021

io.thorntail

cdi

2.2.0.Final-redhat-00021

io.thorntail

connector

2.2.0.Final-redhat-00021

io.thorntail

container

2.2.0.Final-redhat-00021

io.thorntail

datasources

2.2.0.Final-redhat-00021

io.thorntail

ee

2.2.0.Final-redhat-00021

io.thorntail

ejb

2.2.0.Final-redhat-00021

io.thorntail

elytron

2.2.0.Final-redhat-00021

io.thorntail

hibernate-validator

2.2.0.Final-redhat-00021

io.thorntail

io

2.2.0.Final-redhat-00021

io.thorntail

jaeger

2.2.0.Final-redhat-00021

io.thorntail

jaxrs-cdi

2.2.0.Final-redhat-00021

io.thorntail

jaxrs-jaxb

2.2.0.Final-redhat-00021

io.thorntail

jaxrs-jsonp

2.2.0.Final-redhat-00021

io.thorntail

jaxrs-multipart

2.2.0.Final-redhat-00021

io.thorntail

jaxrs-validator

2.2.0.Final-redhat-00021

io.thorntail

jaxrs

2.2.0.Final-redhat-00021

io.thorntail

jca

2.2.0.Final-redhat-00021

io.thorntail

jmx

2.2.0.Final-redhat-00021

io.thorntail

jpa

2.2.0.Final-redhat-00021

io.thorntail

jsf

2.2.0.Final-redhat-00021

io.thorntail

jsonp

2.2.0.Final-redhat-00021

io.thorntail

keycloak

2.2.0.Final-redhat-00021

io.thorntail

logging

2.2.0.Final-redhat-00021

io.thorntail

management

2.2.0.Final-redhat-00021

io.thorntail

microprofile-config

2.2.0.Final-redhat-00021

io.thorntail

microprofile-fault-tolerance

2.2.0.Final-redhat-00021

io.thorntail

microprofile-health

2.2.0.Final-redhat-00021

io.thorntail

microprofile-jwt

2.2.0.Final-redhat-00021

io.thorntail

microprofile-metrics

2.2.0.Final-redhat-00021

io.thorntail

microprofile-openapi

2.2.0.Final-redhat-00021

io.thorntail

microprofile-opentracing

2.2.0.Final-redhat-00021

io.thorntail

microprofile-restclient

2.2.0.Final-redhat-00021

io.thorntail

microprofile

2.2.0.Final-redhat-00021

io.thorntail

msc

2.2.0.Final-redhat-00021

io.thorntail

naming

2.2.0.Final-redhat-00021

io.thorntail

opentracing

2.2.0.Final-redhat-00021

io.thorntail

remoting

2.2.0.Final-redhat-00021

io.thorntail

request-controller

2.2.0.Final-redhat-00021

io.thorntail

resource-adapters

2.2.0.Final-redhat-00021

io.thorntail

security

2.2.0.Final-redhat-00021

io.thorntail

spi

2.2.0.Final-redhat-00021

io.thorntail

topology-openshift

2.2.0.Final-redhat-00021

io.thorntail

topology-webapp

2.2.0.Final-redhat-00021

io.thorntail

topology

2.2.0.Final-redhat-00021

io.thorntail

transactions

2.2.0.Final-redhat-00021

io.thorntail

undertow

2.2.0.Final-redhat-00021

io.thorntail

web

2.2.0.Final-redhat-00021

7.8. Tested Maven Artifacts Provided with Thorntail

Maven artifacts designated as Tested that are provided with a RHOAR Thorntail release are not supported.

Group IDArtifact IDVersion

io.thorntail

ribbon

2.2.0.Final

io.thorntail

ribbon-secured

2.2.0.Final

io.thorntail

ribbon-secured-client

2.2.0.Final

io.thorntail

arquillian

2.2.0.Final

7.9. Technology Preview Maven Artifacts Provided with Thorntail

Red Hat provides limited support for Thorntail artifacts designated as Technology Preview:

Group IDArtifact IDVersion

io.jaegertracing

jaeger-core

0.30.6.redhat-00001

io.jaegertracing

jaeger-thrift

0.30.6.redhat-00001

io.opentracing

opentracing-api

0.31.0.redhat-00008

io.opentracing

opentracing-noop

0.31.0.redhat-00008

io.opentracing

opentracing-util

0.31.0.redhat-00008

io.opentracing

parent

0.31.0.redhat-00008

io.opentracing.contrib

opentracing-concurrent

0.1.0.redhat-00002

io.opentracing.contrib

opentracing-tracerresolver

0.1.4.redhat-7

io.opentracing.contrib

opentracing-tracerresolver-parent

0.1.4.redhat-7

io.opentracing.contrib

opentracing-web-servlet-filter

0.1.0.redhat-00027

io.opentracing.contrib

opentracing-web-servlet-filter-parent

0.1.0.redhat-00027

io.opentracing.contrib

opentracing-jaxrs2

0.1.6.redhat-00001

io.opentracing.contrib

opentracing-jaxrs-parent

0.1.6.redhat-00001

io.opentracing.contrib

opentracing-jaxrs2

0.1.6.redhat-00001

org.keycloak

keycloak-authz-client

3.4.12.Final-redhat-2

7.10. Deprecated Thorntail Maven Artifacts

Group IDArtifact IDVersion

io.thorntail

monitor[a]

2.2.0.Final-redhat-00021

io.thorntail

hystrix

2.2.0.Final-redhat-00021

io.thorntail

archaius

2.2.0.Final-redhat-00021

[a] The monitor fraction has been removed from the BOM. It is still shipped with this release of Thorntail, but it will not be automatically imported when you specify the BOM as a dependency in your application project.

Chapter 8. Spring Boot

8.1. Supported Spring Boot Maven Artifacts

Artifacts listed below are supported by Red Hat for direct use in RHOAR Spring Boot application projects. Spring Boot starters provide functionalities that rely on supported Spring Boot features. To use the supported starters in your application:

  1. Import the Spring Boot BOM to ensure artifact versions resolve correctly.
  2. Specify the supported starter directly as dependencies without the artifact version in the pom.xml file of your application project. The artifact version is resolved automatically based on the imported BOM.
Group IDArtifact IDVersion

org.springframework.boot

spring-boot-starter

1.5.16.RELEASE

org.springframework.boot

spring-boot-starter-test

1.5.16.RELEASE

org.springframework.boot

spring-boot-starter-tomcat

1.5.16.RELEASE

org.springframework.boot

spring-boot-starter-undertow

1.5.16.RELEASE

org.springframework.boot

spring-boot-starter-web

1.5.16.RELEASE

org.springframework.boot

spring-boot-starter-websocket

1.5.16.RELEASE

org.apache.cxf

cxf-spring-boot-starter-jaxrs

3.1.12.redhat-1

org.springframework.boot

spring-boot-starter-data-jpa

1.5.16.RELEASE

org.springframework.boot

spring-boot-starter-jdbc

1.5.16.RELEASE

org.springframework.boot

spring-boot-starter-actuator

1.5.16.RELEASE

io.opentracing.contrib

opentracing-spring-jaeger-web-starter

0.2.0.redhat-00010

org.springframework.cloud

spring-cloud-starter-kubernetes

0.2.0.RELEASE

org.springframework.cloud

spring-cloud-starter-kubernetes-config

0.2.0.RELEASE

org.infinispan

infinispan-spring-boot-starter-embedded

2.0.0.Alpha1

org.infinispan

infinispan-spring-boot-starter-remote

2.0.0.Alpha1

org.springframework.boot

spring-boot-starter-activemq

1.5.16.RELEASE

org.springframework.boot

spring-boot-starter-artemis

1.5.16.RELEASE

org.amqphub.spring

amqp-10-jms-spring-boot-starter

1.0.0

me.snowdrop

narayana-spring-boot-starter

1.0.1

org.keycloak

keycloak-spring-boot-starter

3.4.3.Final-redhat-2

org.springframework.boot

spring-boot-starter-validation

1.5.16.RELEASE

8.2. Removed Spring Boot Maven Artifacts

The following artifacts are no longer shipped with RHOAR Spring Boot and have been removed from the BOM in the 1.5.16.RELEASE release.

Group IDArtifact IDVersion

org.springframework.cloud

spring-cloud-starter-netflix-hystrix

1.4.5.RELEASE

org.springframework.cloud

spring-cloud-starter-netflix-ribbon

1.4.5.RELEASE

org.springframework.cloud

spring-cloud-kubernetes-core

0.2.0.RELEASE

org.springframework.cloud

spring-cloud-starter-kubernetes-netflix

0.2.0.RELEASE

org.springframework.cloud

spring-cloud-sleuth-zipkin

1.3.4.RELEASE

8.3. Deploying Spring Boot applications on Red Hat JBoss Fuse

As a Technology Preview feature, RHOAR allows you to build and deploy Spring Boot applications packaged as JAR files on Red Hat JBoss Fuse, both in standalone mode and on OpenShift. For additional information, see Red Hat JBoss Fuse documentation.

8.4. Deploying Spring Boot Applications From WAR Files

RHOAR allows you to repackage your Spring Boot application as an executable WAR file. This feature is currently provided with the RHOAR release of Spring Boot as a Technology Preview and is not supported by Red Hat.

8.5. Known Spring Boot Issues

8.5.1. Missing APR/native library in the openshift-openjdk image

Issue Key:

SB-379

NOTE: You do not have to log into JIRA to view this issue.

Chapter 9. Node.js

9.1. Supported Node.js Base Images

Table 9.1. Node.js 8 LTS

Node.js base imageRelease

registry.access.redhat.com/rhoar-nodejs/nodejs-8

8.12.0-0

Table 9.2. Node.js 10 LTS

Node.js base imageRelease

registry.access.redhat.com/rhoar-nodejs/nodejs-10

10.11.0-1

9.2. Supported Node.js RPM Packages

Table 9.3. Node.js 8 LTS

Package nameArchitecture/TypeVersionDescription

rhoar-nodejs-8.12.0-4.el7.src.rpm

SRPMS

8.12.0

RHOAR Node.js 8 (LTS) sources

rhoar-nodejs-docs-8.12.0-4.el7.noarch.rpm

noarch

8.12.0

RHOAR Node.js 8 API documentation

npm-6.4.1-1.8.12.0.4.el7.x86_64.rpm

x86_64

6.4.1

npm package manager

rhoar-nodejs-8.12.0-4.el7.x86_64.rpm

x86_64

8.12.0

RHOAR Node.js (LTS) 8 binaries

rhoar-nodejs-debuginfo-8.12.0-4.el7.x86_64.rpm

x86_64

8.12.0

debug information for the RHOAR Node.js 8 package

Table 9.4. Node.js 10 LTS

Package nameArchitecture/TypeVersionDescription

rhoar-nodejs-10.11.0-1.el7.src.rpm

SRPMS

10.11.0

RHOAR Node.js 10 (LTS) sources

rhoar-nodejs-docs-10.11.0-1.el7.noarch.rpm

noarch

10.11.0

RHOAR Node.js 10 API documentation

npm-6.4.1-1.10.11.0.1.el7.x86_64.rpm

x86_64

6.4.1

npm package manager

rhoar-nodejs-10.11.0-1.el7.x86_64.rpm

x86_64

10.11.0

RHOAR Node.js 10 (LTS) binaries

rhoar-nodejs-debuginfo-10.11.0-1.el7.x86_64.rpm

x86_64

10.11.0

debug information for the RHOAR Node.js 10 package

npm-6.4.1-1.10.11.0.1.el7.ppc64le.rpm

PPC64LE

6.4.1

npm package manager

rhoar-nodejs-10.11.0-1.el7.ppc64le.rpm

PPC64LE

10.11.0

RHOAR Node.js 10 (LTS) binaries

rhoar-nodejs-debuginfo-10.11.0-1.el7.ppc64le.rpm

PPC64LE

10.11.0

debug information for the RHOAR Node.js 10 package

9.3. Community Node.js npm modules

The RHOAR Node.js base image allows you to develop a Node.js application for OpenShift using any of the community Node.js modules available through npm. Community npm modules are not supported by Red Hat.

9.4. Resolved Node.js Issues

Node.js 8.12.0

The RHOAR Node.js release is a Red Hat product release aligned with the community Node.js LTS release version 8.12.0. The current productized release contains aggregated bug fixes and enhancements introduced in community versions 8.11.4 through 8.12.0. For a list of issues resolved in this release, see the Node.js 8.12.0 changelog.

Security Bug Fixes

Bugfixes listed below for 8.12.0 applicable to 10.11.0 are addressed in both releases, but listed only once. Bugfixes specific to 10.11.0 only are listed separately under the Node.js 10 subsection.

9.4.1. CVE-2018-14634

Affected component
kernel
Issue summary
Integer overflow in Linux’s create_elf_tables function
Red Hat CVE database entry
CVE-2018-14634
Bugzilla Bug ID
1624498

9.4.2. CVE-2018-12384

Affected component
nss
Issue summary
ServerHello.random is all zeros when handling a v2-compatible ClientHello
Red Hat CVE database entry
CVE-2018-12384
Bugzilla Bug ID
1622089

Node.js 10.11.0

The RHOAR Node.js release is a Red Hat product release aligned with the community Node.js LTS release version 10.11.0. The current productized release contains aggregated bug fixes and enhancements introduced in the upstream between versions 10.10.0 and 10.11.0. For a list of issues resolved in this release, see the Node.js 10.11.0 changelog.

9.4.3. CVE-2018-14634

Security Bug Fixes

Affected component
kernel
Issue summary
Integer overflow in Linux’s create_elf_tables function
Red Hat CVE database entry
CVE-2018-14634
Bugzilla Bug ID
1624498

9.5. Known Node.js Issues

9.5.1. Deployment fails when an npm dependency specifies a git repository.

Description:

If a package.json file contains dependencies that specify a git repository, a deployment error occurs when packaging and deploying the application to OpenShift.

Workaround:

Install the rh-git29-git package available from Red Hat Software Collections.

Legal Notice

Copyright © 2018 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.