JBoss Enterprise Application Platform 7.4 Update 6 Release Notes
Updated -
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 05
Download JBoss Enterprise Application Platform 7.4 Update 6
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2022-24823 | Server | netty: world readable temporary file containing sensitive data |
| CVE-2022-25647 | Server | com.google.code.gson-gson: Deserialization of Untrusted Data in com.google.code.gson-gson |
| CVE-2021-44906 | Server | org.jboss.hal-hal-parent: minimist: prototype pollution |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| JBEAP-23423 | Batch | JBERET-543 - sql/jberet.ddl used for database MariaDB instead of sql/jberet-mysql.ddl |
| JBEAP-21249 | Clustering | CNFE ManageableThreadPoolExecutorService from Module "org.infinispan" |
| JBEAP-18799 | Clustering | Clustering: com.microsoft.sqlserver.jdbc.SQLServerException in SQL Server tests |
| JBEAP-23510 | EJB | NPE when EJB Database Timer Persistence adjustCreateAutoTimerStatement is called |
| JBEAP-23522 | EJB | WFLY-16298 - Improve performance related to TimerServiceImpl#scheduledTimerFutures |
| JBEAP-23622 | EJB | WEJBHTTP-80 - Ejb over http and picketbox stop working with ejb client bom 7.4.3.GA on port 80 |
| JBEAP-16680 | IO | WorkerResourceDefinition.WorkerWriteAttributeHandler implementations incorrectly handle undefined values |
| JBEAP-23506 | JCA | JBJCA-1362 - NPE from SemaphoreConcurrentLinkedDequeManagedConnectionPool.returnForFrequencyCheck |
| JBEAP-23502 | JCA | WFLY-16272 - Using an expression in use-java-context for a datasource results in IllegalArgumentException for certain console commands |
| JBEAP-14177 | JMS | CLI operation list-prepared-transaction-jms-details-as-json returns Object.toString() instead of Json string |
| JBEAP-23564 | JPA/Hibernate | HHH-12338 - Incorrect metamodel for basic collections |
| JBEAP-23519 | JSF | JSF application undeploy generates SEVERE log entries |
| JBEAP-3029 | Management | Referrals 'throw' does not work correctly for ldap authentication to mgmt console with MS Active Directory |
| JBEAP-922 | Migration | [Migration operation] [Web to Undertow] truststore - keystore-password does it really needs to be mandatory? |
| JBEAP-11074 | Remoting | Operation removing http-connector requires full server reload but does not change the server state accordingly |
| JBEAP-23523 | Remoting | REM3-391 - Remove the lock around Endpoint connection creation |
| JBEAP-15649 | Scripts | Check and consider to put escaped quotes (\") back to the -Xloggc in standalone.sh |
| JBEAP-12448 | Scripts | standalone.bat script does not parse JAVA_OPTS containing '|' symbol properly |
| JBEAP-4869 | Security | PicketLink - SAMLStatusResponseTypeParser.parseStatus fails on IBM JDK (SAMLSloResponseParserTestCase#testSLOResponseFromSalesforce) |
| JBEAP-3030 | Security | Referrals roles assignment for referral user does not work for LdapExtLoginModule with Active Directory |
| JBEAP-20152 | Security | SASL configuration fails with NPE |
| JBEAP-3026 | Security | SECURITY-975 - Default distinguishedNameAttribute value of LdapExtLoginModule causes not working referrals on MS Active Directory |
| JBEAP-23621 | Security | WFCORE-5650 - Adding management user newly requires reload |
| JBEAP-15378 | Security | PLINK-734 - IdentityUrl element has changed but XSD schema not |
| JBEAP-15388 | Security | StaxUtil should write namespaces firstly for IBM JDK (WSTrustRenewTargetParsingTestCase#testWST_ResponseRenew) |
| JBEAP-4868 | Security | XML processing in SAMLParserUtil fails on IBM JDK (SAMLAssertionParserTestCase#showParserIsFailingWithEmptyAttributeValue) |
| JBEAP-23570 | Security | ELY-2308 ELY-2315 - Digest authentication fails for encoded queries |
| JBEAP-23689 | Security | WFCORE-5936 - Ldap authentication using referrals fails on JDK 17 with ApacheDS |
| JBEAP-23496 | Security | libwfssl.so doesn't get autmatically loaded on RHEL 9 |
| JBEAP-18546 | Security | Inconsistent parameter count between in PicketLink request wrapper |
| JBEAP-15066 | Server | Cover possible error when host controllers can not connect to domain after creating a rollout plan and restarting the master host controller |
| JBEAP-21478 | Server | The Bouncy Castle bcmail module is missing the java.se dependency |
| JBEAP-23725 | Test Suite | Test EAP on RHEL9 |
| JBEAP-23525 | Undertow | UNDERTOW-2069 - Filter.destroy can deadlock with running filter on shutdown |
| JBEAP-23524 | Undertow | UNDERTOW-2070 - Empty reply from Undertow if sendRedirect is called after setting content length |
| JBEAP-23581 | Undertow | UNDERTOW-2094 - Bad relative redirect is generated if app is mapped to trailing slash context |
| JBEAP-23796 | Undertow | UNDERTOW-2116 - java.lang.AssertionError: Content-Encoding header should be defined |
| JBEAP-12293 | Web Console | Cannot add new credential store with credential reference store field |
| JBEAP-12414 | Web Console | Patching via Management Console double-prompts user to restart |
| JBEAP-12001 | Web Console | Unnecessary add and remove button for main-administrator role. |
| JBEAP-13587 | Web Console | When editing Elytron Policy in Web Console, policy attribute values are getting lost |
| JBEAP-13766 | Web Services | Allow to use remapped elytron application security domain |
| JBEAP-23190 | Web Services | CXF-8655 - Incorrect XSD resolution when the file name is the same in different folders |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.6-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.6-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
Notes
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- The Helm Chart for JBoss EAP 7.4 / JBoss EAP XP 3 allows to build and deploy applications on OpenShift using Helm package manager
- The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
- Hibernate Search 5 APIs Deprecated in JBoss EAP 7.4 that will be changed in EAP 8 / Hibernate 6
- The RHSSO Galleon Layer is deprecated in JBoss EAP 7.4, see more details.
- JBoss EAP 7.4 Update 5+ support for JDK 17 is in technical preview, see configuration changes needed here.
Comments