JBoss Enterprise Application Platform 7.2 Update 2 Release Notes
Updated -
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.2 Update 01
Download JBoss Enterprise Application Platform 7.2 Update 2
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2019-3888 | Web (Undertow) | leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed |
| CVE-2019-3873 | Security | URL injection via xinclude parameter |
| CVE-2019-3872 | Server | reflected XSS in SAMLRequest via RelayState parameter |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| JBEAP-16619 | CDI / Weld | org.infinispan.commons.marshall.NotSerializableException: org.jboss.weld.bean.proxy.PrivateMethodHandler |
| JBEAP-15853 | Class Loading | WFCORE-4265 - Latest DB2 11.1 JDBC driver requires additional IBM JDK system dependency |
| JBEAP-15665 | Clustering | JGRP-2302 - Default ASYM_ENCRYPT asym_keylength is considered breakable |
| JBEAP-16585 | Clustering | WFLY-11884 - Mutations following HttpSession.setAttribute(...) lost on failover when using ATTRIBUTE granularity distributed web session with a non-transactional cache |
| JBEAP-16584 | Clustering | WFLY-11882 - Mutable getAttribute(...) and setAttribute(...) combination triggers redundant cache operation when using ATTRIBUTE granularity distributed web sessions with a transactional cache |
| JBEAP-16810 | Clustering | WFLY-12022 - Concurrent singleton service installation can cause service to run simultaneously on 2 members. |
| JBEAP-16390 | EJB | EJBCLIENT-319 - Update affinities on return in NamingEJBClientInterceptor |
| JBEAP-16057 | EJB | WFLY-11489 - SFSB not sticky on a single cluster node when clustering of the bean is disabled [details] |
| JBEAP-16341 | EJB | WFLY-11682 - Clustered SLSB membership anomalies when all cluster members removed |
| JBEAP-16891 | EJB | WFLY-12064 - SFSBs left in invalid/inconsistent state if @PrePassivate throws an exception/error. |
| JBEAP-16716 | EJB | WFDISC-34 - Add ability to perform a service discovery with timeout |
| JBEAP-16699 | EJB | WEJBHTTP-24 - Cannot invoke EJB over HTTP on JDK 11 |
| JBEAP-15737 | EJB | WFLY-10150 - EJB race condition can cause client to be in awaitResponse while server is done |
| JBEAP-16509 | EJB | EJB Client side heartbeat settings not working |
| JBEAP-16545 | EJB | EJBCLIENT-324 - Phantom NoSuchEJBExceptions |
| JBEAP-16690 | EJB | REM3-331 - Configure the hearbeat timeout by default for auto created remote EJB client connections [details] |
| JBEAP-16601 | EJB | SFSB expiration can fail |
| JBEAP-12237 | EJB | Too Many Dependencies Error occurs while deploying a large number of SLSBs to EAP 7 |
| JBEAP-16391 | EJB | WEJBHTTP-23 - EJB contextData not sent back to client in response when using EJB over HTTP |
| JBEAP-16543 | EJB | WFLY-11819 - max-allowed-connected-nodes element in jboss-ejb-client.xml not used |
| JBEAP-16550 | EJB | WFLY-11848 - EJB WFLYEJB0473: JNDI bindings for ... ejb: is not correct when there is not an appName [details] |
| JBEAP-16573 | EJB | WFLY-11866 - Cannot get exception as pass-by-reference [details] |
| JBEAP-16576 | EJB | WFLY-11870 - abstract classes with @EJB annotation included in libraries will cause deployment failures [details] |
| JBEAP-16703 | EJB | WFLY-11970 - SFSB memory leak due to Date() usage |
| JBEAP-11207 | EJB | Setting wrong protocol in EJB client results in client freezeup |
| JBEAP-16422 | Hibernate | HHH-12939 Database name not quoted at schema update |
| JBEAP-16456 | Hibernate | HHH-13277 - HibernateMethodLookupDispatcher - Issue with Security Manager |
| JBEAP-16771 | Hibernate | HHH-13300 Query.getSingleResult() throws org.hibernate.NonUniqueResultException instead of javax.persistence.NonUniqueResultException |
| JBEAP-16645 | Hibernate | HHH-13326 Transaction passed to Hibernate Interceptor methods is null when JTA is used |
| JBEAP-16638 | Hibernate | HHH-13343 Bytecode enhancement using ByteBuddy fails when the class is not available from the provided ClassLoader |
| JBEAP-16781 | Hibernate | HHH-13376 Upgrade Javassist dependency to 3.23.2-GA |
| JBEAP-16315 | Hibernate | HHH-13241 / HHH-13138 - Constraint violation when deleting entites in bi-directional, lazy OneToMany association with bytecode enhancement |
| JBEAP-16478 | Hibernate | HHH-13266 - LocalDateTime values are wrong around 1900 [details] |
| JBEAP-16730 | Hibernate | HHH-13364: Query.getSingleResult and getResultList() throw PessimisticLockException when pessimistic lock fails with timeout [details] |
| JBEAP-16583 | IIOP | WFLY-11784 (WF Core part) - app classloader leaked by IIOP WorkCacheManager cache |
| JBEAP-16465 | IIOP | WFLY-11784 (WF part) - app classloader leaked by IIOP WorkCacheManager cache |
| JBEAP-16472 | IIOP | WFLY-11971 - OpenJDK ORB IndexOutOfBoundsException when when the actionString does not contain any slash character |
| JBEAP-16722 | JCA | JBJCA-1388 - Validator is created using rar ClassLoader as the TCCL |
| JBEAP-16702 | JCA | WFLY-11974 - resource adapter configured as module not finding validation provider [details] |
| JBEAP-16535 | JSF | WFLY-11869 - JSF Session / View Beans @Destroy not invoked after GC |
| JBEAP-16450 | Localization | Typo in the ServerLogger for Japanese in WildFly Core |
| JBEAP-15120 | Management | WFCORE-3995 - Deployer or Maintainer RBAC role unable to write datasource credential after setting sensitive-classification credential requires-write=false [details] |
| JBEAP-15755 | Management | WFCORE-4195 - CLI/Admin Console does not prompt for a reload after adding a new server-group to server-scoped-roles. |
| JBEAP-16105 | Migration | WFLY-11584 - Legacy Web migrate op fails if a connector has scheme https and no SSL config |
| JBEAP-16484 | Migration | CMTOOL-242 - Unable to migrate EAP 7.1 configuration using the Multi-JSF feature |
| JBEAP-16679 | Modules | MODULES-375 - A NullPointerException is thrown when an artifact fails to be resolved |
| JBEAP-16681 | Modules | MODULES-382 - Previous stack trace is lost when converting ModuleLoadException to error |
| JBEAP-16631 | Modules | MODULES-387 - Expose a classLocation(module-name, class-name) via JMX |
| JBEAP-16721 | Modules | WFCORE-4413 - Fix backward compatibility issues of javax.api & javax.sql.api modules |
| JBEAP-16841 | OpenShift | [OCP 4.1] Tests using openshift.KUBE_PING are failing |
| JBEAP-16427 | REST | RESTEASY-2148 - Add the ability to disable Filename encoding in Content-Disposition |
| JBEAP-16542 | REST | RESTEASY-2157 - Resteasy is not able to load the proxy interface |
| JBEAP-15396 | RPM | WFCORE-4129 - WFLYSRV0266: Server home is set to... info msg in domain for RPM installation |
| JBEAP-16469 | Remoting | JBMAR-222 - JBoss Marshalling - Vector marshalling not serialized |
| JBEAP-16669 | Remoting | REM3-330 - Log wildfly-config.xml parsing issue at WARN |
| JBEAP-16566 | Remoting | XNIO-336 - Socket accept error should log at ERROR level before closing the channel [details] |
| JBEAP-16410 | Scripts | Windows service install script assumes incorrect prunsrv.exe location |
| JBEAP-16740 | Security | PicketLink : Change use of HTTP download locations to HTTPS |
| JBEAP-16741 | Security | PicketLink bindings: Change use of HTTP download locations to HTTPS |
| JBEAP-16526 | Security Manager | WFCORE-4374 - security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does [details] |
| JBEAP-16816 | Server | WFCORE-4390 - Introduce COMPONENT_JNDI_DEPENDENCIES attachment key |
| JBEAP-15939 | Server | WFCORE-4239 - WARN if system-property is already set and is being overridden |
| JBEAP-16522 | Server | WFCORE-4373 - org.jboss.log4j.logmanager module requires java.sql module |
| JBEAP-16624 | VFS | JDK 11 Multi-Release jars - Classes for newer versions are not loaded and VFSResourceLoader doesn't take into account the Multi-Release manifest attribute value [details] |
| JBEAP-16644 | Web (Undertow) | UNDERTOW-1504 - Move UNDERTOW-1159 configuration property of DeploymentInfo |
| JBEAP-16395 | Web (Undertow) | Internal Server Error (500) when using directory-listing in FileHandler |
| JBEAP-16777 | Web (Undertow) | UNDERTOW-1504 - Move UNDERTOW-1159 configuration property of DeploymentInfo |
| JBEAP-16496 | Web Console | HAL-1570 - Do not automatically set datasource-class at datasource wizard [details] |
| JBEAP-16534 | Web Console | HAL-1572 - Console fails to display datasources correctly when a datasource has a property substitution |
| JBEAP-16719 | Web Console | HAL-1583 - Management Console says to close the tab to logout, but closing the browser is needed |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.2.2-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.2.2-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.2 Patching And Upgrading Guide
Comments