Issued:: 2026-01-19
Updated:: 2026-01-19

RHSA-2026:0742 - Security Advisory

Overview
Updated Packages

Synopsis

Critical: Red Hat JBoss Enterprise Application Platform 7.1.13 on RHEL 7 security update

Type/Severity

Security Advisory: Critical

Red Hat Lightspeed patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.1.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.1.12, and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.1.13 Release Notes for information about the most significant bug fixes and enhancements included in this release.

Security Fix(es):

jackson-core: jackson-core Potential StackoverflowError [eap-7.1.z] (CVE-2025-52999)
netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability [eap-7.1.z] (CVE-2025-55163)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, ensure all previously released errata relevant to your system have been applied. Also, back up your existing installation, including all applications, configuration files, databases and database settings. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258

Affected Products

JBoss Enterprise Application Platform 7.1 EUS 7.1 x86_64

Fixes

BZ - 2374804 - CVE-2025-52999 com.fasterxml.jackson.core/jackson-core: jackson-core Potential StackoverflowError
BZ - 2388252 - CVE-2025-55163 netty: netty-codec-http2: Netty MadeYouReset HTTP/2 DDoS Vulnerability
JBEAP-30775 - Tracker bug for the EAP 7.1.13 release for RHEL-7
JBEAP-31347 - (7.1.z) Upgrade undertow from 1.4.18.SP15 to 1.4.18.SP16
JBEAP-31349 - [7.1] Upgrade wildfly-core from 3.0.28.Final to 3.0.29.Final

CVEs

References

Note: More recent versions of these packages may be available. Click a package name for more details.

JBoss Enterprise Application Platform 7.1 EUS 7.1

SRPM
eap7-jackson-annotations-2.8.11-2.redhat_00004.1.ep7.el7.src.rpm	SHA-256: c65133339b357d70edfec20d095ffac1e8d8eeb81c70e7098b29cdf39434374e
eap7-jackson-core-2.8.11-3.redhat_00004.1.ep7.el7.src.rpm	SHA-256: f487cc0f19f9a3454adbba01b9629d2746704fff34abf0d0f6d52657bffd92ef
eap7-jackson-jaxrs-providers-2.8.11-3.redhat_00004.1.ep7.el7.src.rpm	SHA-256: 220a9f05781b78a7a2ac797077e219ac5e009d437ee42077b26d6a1a626b59de
eap7-jackson-module-jaxb-annotations-2.8.11-3.redhat_00004.1.ep7.el7.src.rpm	SHA-256: d0f7b351c1f7aa9cafdf514ed7b372168abaa9154ee082f768967adde8d6d3be
eap7-jackson-modules-java8-2.8.11-2.redhat_00004.1.ep7.el7.src.rpm	SHA-256: 0ca76456e5afa52aae684afa1540be82fdf436007e9792a3f8206ba7d4acd509
eap7-netty-4.1.63-3.Final_redhat_00004.1.ep7.el7.src.rpm	SHA-256: 4ba8224736b022ee59657886423ddd87f82d16b5f3650321e769940f6143f01f
eap7-undertow-1.4.18-18.SP16_redhat_00001.1.ep7.el7.src.rpm	SHA-256: edd298556712c6c32b7baacb8b6c9559919d9ae43e62927b24fc7b780a992c10
eap7-wildfly-7.1.13-6.GA_redhat_00002.1.ep7.el7.src.rpm	SHA-256: 381a35bf66562426580a881180a2b962952039b4b9b2d0ff69a56b15ce4f7062
x86_64
eap7-jackson-annotations-2.8.11-2.redhat_00004.1.ep7.el7.noarch.rpm	SHA-256: aa43097e6ae9f53352bb609b6157a316890df1d475103309782195dfed7e6312
eap7-jackson-core-2.8.11-3.redhat_00004.1.ep7.el7.noarch.rpm	SHA-256: e7fdf90aae9f3b67bc97be99460dfda358406b756cbd8a626ce04e2e580d5e42
eap7-jackson-datatype-jdk8-2.8.11-2.redhat_00004.1.ep7.el7.noarch.rpm	SHA-256: 91cdc14f8047f333bd724cb41b20481a4966dedceda8f28742dd0689092c7ee0
eap7-jackson-datatype-jsr310-2.8.11-2.redhat_00004.1.ep7.el7.noarch.rpm	SHA-256: 43b0fc392ed5cc4e8537645f53faf0944910dc9793e53f4850d40c08ec7fecec
eap7-jackson-jaxrs-base-2.8.11-3.redhat_00004.1.ep7.el7.noarch.rpm	SHA-256: 3bd34d9daae3ead4ef2cfe3129cb338ce23319719019ed445d3f3dbd6d300f95
eap7-jackson-jaxrs-json-provider-2.8.11-3.redhat_00004.1.ep7.el7.noarch.rpm	SHA-256: cbef59419d44f8559b91070d92e423119402989f126459d3ec47454d3659e39b
eap7-jackson-module-jaxb-annotations-2.8.11-3.redhat_00004.1.ep7.el7.noarch.rpm	SHA-256: d15749a8915b79e3ab73ea6928e3b1af4f3ab946434f22ab908d347a7a9fe5bd
eap7-jackson-modules-java8-2.8.11-2.redhat_00004.1.ep7.el7.noarch.rpm	SHA-256: 4e25a1742c42088c32af6670f0c34878a03d16692842f6eb77d2e849d0931fbb
eap7-netty-4.1.63-3.Final_redhat_00004.1.ep7.el7.noarch.rpm	SHA-256: fddfa8ea4593c00aaede74b037ff903e4c3fb5af4d60ba491b10a3912c4bf8f4
eap7-netty-all-4.1.63-3.Final_redhat_00004.1.ep7.el7.noarch.rpm	SHA-256: 0704525325592809f76a88c68156fdc3de11768e85c17af8eb0450ad5e7981fb
eap7-undertow-1.4.18-18.SP16_redhat_00001.1.ep7.el7.noarch.rpm	SHA-256: d04d9da8fec2efa54ae5348122faac51314aa4429d8be9a01effa2bda41b8b81
eap7-wildfly-7.1.13-6.GA_redhat_00002.1.ep7.el7.noarch.rpm	SHA-256: 85ffe318a87b900694d2b7018a4c5867e38315d5b258e52ef26f18f925f845d9
eap7-wildfly-modules-7.1.13-6.GA_redhat_00002.1.ep7.el7.noarch.rpm	SHA-256: f97e6fa7f7377bbb2eb69712230e7cc832dd98011f1151bf5b62024dc71150c8

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation