JBoss Enterprise Application Platform 7.4 Update 1 Release Notes
Updated -
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
Download JBoss Enterprise Application Platform 7.4 Update 1
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2021-3642 | Server | wildfly-elytron: possible timing attack in ScramServer |
| CVE-2021-21409 | JMS | netty: Request smuggling via content-length header |
| CVE-2021-3597 | Undertow | undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS |
| CVE-2021-3536 | Web Console | wildfly: XSS via admin console when creating roles in domain mode |
| CVE-2020-13936 | Web Services | velocity: arbitrary code execution when attacker is able to modify templates |
| CVE-2021-3644 | Management | wildfly-core: Invalid Sensitivity Classification of Vault Expression |
| CVE-2021-28170 | EE | jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate |
| CVE-2021-3690 | Undertow | undertow: buffer leak on incoming websocket PONG message may lead to DoS |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| JBEAP-21302 | ActiveMQ | WFLY-10725 / ENTMQBR-3702 / ARTEMIS-2176 - Repeating WARN log message "Notified of connection failure" after every xa recovery when read-timeout is configure with a smaller value than default client-failure-check-period (30 seconds) |
| JBEAP-22203 | Batch | JBERET-506 Support retrieving job executions by job name |
| JBEAP-22172 | Batch | More efficient way of getting batch job executions by job name |
| JBEAP-21442 | Batch | JBERET-508 - Restart batch job execution from a different node |
| JBEAP-21993 | Batch | WFLY-14275 - Large job repository is blocking deployment |
| JBEAP-21804 | Batch | WFLY-14619 - Stop batch job execution from a different node |
| JBEAP-21772 | Batch | WFLY-14750 - Batch task not restarted after server resumed from suspended state |
| JBEAP-21284 | CDI / Weld | WFLY-14546 - NameNotFoundException: java:comp/TransactionSynchronizationRegistry when firing and observing CDI events asynchronously |
| JBEAP-21929 | Clustering | org.infinispan.client.hotrod module is missing a dependency on org.infinispan.protostream |
| JBEAP-22065 | Clustering | Do not allow application to create a new session or change the identifier of a session after response is committed |
| JBEAP-21276 | Clustering | ISPN-12787 - Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation |
| JBEAP-21258 | Clustering | ISPN-12807 - Simple cache does not update eviction statistics |
| JBEAP-22185 | Clustering | Session objects left in memory after non-coordinator member left a cluster |
| JBEAP-21362 | Clustering | ISPN-12930 - Clustering: JDBC store using DB2 DB2 v11.1.1.1 doesn't work anymore |
| JBEAP-21265 | EE | WFLY-14561 - Incorrect deserialization using getValue method |
| JBEAP-22170 | EJB | Wrong error code in EjbLogger.connectorNotConfiguredForEJBClientInvocations compared to upstream |
| JBEAP-21323 | EJB | CLI ...service=timer-service/timer=* throws NullPointerException |
| JBEAP-21260 | EJB | WEJBHTTP-56 - UT000065: SSL must be specified to connect to a https URL when using ejb over https when 2nd --> 3rd remote ejb call |
| JBEAP-21433 | EJB | WEJBHTTP-57 - Use error code and initCause of XAException |
| JBEAP-21960 | EJB | WEJBHTTP-58 - Wildfly Http Client HttpServerHelper should log initial exception |
| JBEAP-22011 | EJB | WEJBHTTP-59 - EJB over HTTP getting java.lang.ClassNotFoundException to Unchecked Exception |
| JBEAP-22082 | EJB | WFTC-93 - When CancellationException is thrown, throw XaException.XAER_RMFAIL |
| JBEAP-21275 | Hibernate | HHH-12320 HHH-12436 HHH-12842 HHH-13875 IdentifierGenerationException: null id generated for:class ... |
| JBEAP-21419 | Hibernate | HHH-14537 EntityNotFoundException thrown when non-existing association with @NotFound(IGNORE) mapped has proxy in PersistenceContext |
| JBEAP-22235 | Hibernate | HHH-14608 Merge causes StackOverflow when JPA proxy compliance is enabled [details] |
| JBEAP-21975 | Hibernate | HHH-14616 Optimistic Lock throws "could not retrieve version" exception [details] |
| JBEAP-21373 | JCA | JBJCA-1426 - OAUTH marshaling failure when connecting to Oracle database using Kerberos authentication |
| JBEAP-22077 | JCA | JBJCA-1410 - Fix hook call failures in Ironjacamar JCA |
| JBEAP-21432 | JCA | JBJCA-1410 - Fix performance regression in Ironjacamar JCA. |
| JBEAP-21315 | JCA | JBJCA-1418 - IllegalStateException can be thrown when cached connection manager stack is initialized in Servlet and then used in txn EJB method |
| JBEAP-21295 | JCA | JBJCA-1422 -MaxWaitCount will be counted one less than waiting requests |
| JBEAP-21832 | JCA | JBJCA-1423 - Pool prefill setting silently ignored for multi-user pool configurations |
| JBEAP-21838 | JCA | JBJCA-1425 - Datasource clearStatistics operation clears things it shouldn't |
| JBEAP-22165 | JMS | JmsXA connection factory not binding to java:jboss/DefaultJMSConnectionFactory |
| JBEAP-21431 | JMX | WFLY-14655 - Invocations of ServiceMBeanSupport startService are not in dependency order |
| JBEAP-21575 | MP OpenTracing | Remove leftover dependencies of MP Opentracing from EAP |
| JBEAP-21204 | Management | WFCORE-5334 - Deleting Configuration Data when Git connection is failed |
| JBEAP-21482 | Management | WFCORE-5370 - Metrics Subsystem(s) are not honoring user's role |
| JBEAP-22151 | Management | WFCORE-1934 - Make number of thread size for ServerService Thread Pool configurable [details] |
| JBEAP-21839 | Management | WFCORE-5368 Populating the boot error collector does not distinguish between problems that happen as part of boot vs those that happen during boot [details] |
| JBEAP-21002 | OpenShift | ISPN000280: Caught exception [java.lang.IllegalArgumentException] while invoking method [public java.util.concurrent.CompletionStage |
| JBEAP-21230 | OpenShift | kubernetes.KUBE_PING can repeat WARN "failed getting JSON response from Kubernetes Client" |
| JBEAP-22439 | OpenShift | Wrong environment variable S2I_FP_VERSION in 7.4.1.GA-CR1 OpenShift image |
| JBEAP-21285 | Remoting | EJBCLIENT-347 / REM3-350 - Remoting outbound channels are not closed |
| JBEAP-21580 | Remoting | REM3-377 - Use safeClose() in ClientServiceHandle.close() |
| JBEAP-21999 | Scripts | "servicepass" is not correctly passed to the parameter to run prunsrv.exe in service.bat |
| JBEAP-21989 | Scripts | EAP 7 cannot be installed as Windows Service if installation path contains a whitespace in service.bat |
| JBEAP-21852 | Security | ELY-2120 - Avoid an NPE in ServerAuthenticationContext when the peer's IP address is not known |
| JBEAP-21329 | Security | WFCORE-4827 - Errors Missing on Invalid Configuration |
| JBEAP-21288 | Security | WFCORE-5272 - Setting jacc provider to Elytron throws exceptions |
| JBEAP-21363 | Security | WFLY-14423 - Force restart when legacy security initialize-jacc setting is changed |
| JBEAP-21378 | Security | ELY-2111 - JwkManager uses incorrect non url-safe Base64 to load the jwks endpoint |
| JBEAP-21587 | Security | ELY-2118 - Elytron tool command execution fails with java.lang.UnsupportedOperationException on AIX OS. |
| JBEAP-21738 | Security | ELYWEB-113 - SecurityContextImpl.login incorrectly assumes authenticate would be called first. |
| JBEAP-21781 | Security | WFCORE-5185 - Update ProviderDefinition to use optimised service loading API |
| JBEAP-22053 | Security | WFNAM00007 exception when group name contains a colon |
| JBEAP-21957 | Security | WFCORE-5219 - OpenSSL tests should be running on JDK 11 |
| JBEAP-20799 | Security Manager | WFCORE-5243 - NullPointerException when invalid |
| JBEAP-21813 | Transactions | WFLY-14762 - Concurrency issue with "ISPN000482: Cannot create remote transaction GlobalTx:xx:xx, already completed" |
| JBEAP-22033 | Undertow | Sessions do not expire in cluster after coordinator is killed |
| JBEAP-21267 | Undertow | UNDERTOW-1837 - ServletRequest#getLocalPort(), getLocalAddr() and getLocalName() can return wrong information when proxy-address-forwarding="true" is enabled |
| JBEAP-21269 | Undertow | UNDERTOW-1849 - NPE happens at StoredResponseStreamSinkConduit.terminateWrites when StoredResponseHandler (store-response) is enabled |
| JBEAP-21266 | Undertow | UNDERTOW-1856 UNDERTOW-1858 - Undertow read-timeout can cause closing a connection for long running request even if the request processing is not reading any request data |
| JBEAP-21440 | Undertow | UNDERTOW-1864 - EAP returns 403 even after adding the welcome file to unmanaged exploded deploy |
| JBEAP-21387 | Undertow | UNDERTOW-1873 - JSP file does not recompile when forwarding a request path is not canonicalized in exploded deployment |
| JBEAP-21749 | Undertow | UNDERTOW-1886 - Undertow ignores two-dot segments in relative path URI when its canonicalized path is outside servlet context |
| JBEAP-22026 | Undertow | UNDERTOW-1898 - DefaultServlet will not serve content from any directories starting with WEB-INF or META-INF [details] |
| JBEAP-21568 | Web Console | HAL-1742 - HAL-1749 - Messaging default server is not shown after changing the server profile |
| JBEAP-21945 | Web Console | HAL-1750 Web Console returning WFLYCTL0030: No resource definition is registered for address |
| JBEAP-22009 | Web Console | HAL-1753 - The Locations table is not updated after changing the profile in breadcrumb navigation |
| JBEAP-21280 | XML Frameworks | Xalan XML to stream transformation produces wrong encoding |
| JBEAP-21381 | mod_cluster | WFLY-14130 proxy-list attribute ignored in modcluster subsystem |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.1-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.1-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
Notes
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- The Helm Chart for JBoss EAP 7.4 / JBoss EAP XP 3 allows to build and deploy applications on OpenShift using Helm package manager
-
The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
-
The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
-
Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
Comments