JBoss Enterprise Application Platform 7.4 Update 12 Release Notes
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 11
Download JBoss Enterprise Application Platform 7.4 Update 12
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2023-1436 | Server | jettison: Uncontrolled Recursion in JSONArray |
| CVE-2021-46877 | Server | jackson-databind: Possible DoS if using JDK serialization to serialize JsonNode |
| CVE-2023-3223 | Undertow | undertow: OutOfMemoryError due to @MultipartConfig handling |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| JBEAP-6180 | ActiveMQ | Artemis is logging warnings during server shut down |
| JBEAP-24841 | Clustering | Session is not getting expired even after Session timeout time. In EAP 7.4 Update 10 with JDK 1.8 |
| JBEAP-24844 | Clustering | WFLY-16030 - Infinispan subsystem custom to use modules configuration attribute as List of modules |
| JBEAP-24742 | EJB | ELY-2535 - EJB lookups between two deployments doesn't work |
| JBEAP-24839 | EJB | WFLY-17807 - Invalid @Schedule expression results in infinite loop |
| JBEAP-24824 | EJB | WFLY-17957 - EJB timer schedule increment 0 should be considered as single value |
| JBEAP-24818 | EJB | EJBCLIENT-493 - Verbose DISCOVERY_ADDITIONAL_TIMEOUT logging during EJB discovery |
| JBEAP-24691 | EJB | French translation bug in WLFYEJB0330 message: timer has expired != La minuterie n'a pas expiré |
| JBEAP-24734 | Hibernate | HHH-15602 - ByteBuddy enhancement generates faulty code with many-to-many associations |
| JBEAP-24791 | Hibernate | HHH-16485 - Insert ordering doesn't consider root entity names |
| JBEAP-24992 | Insights | Generated report from Insights is sometimes invalid JSON |
| JBEAP-24735 | JCA | Annotations in resource adapter module are not processed |
| JBEAP-24688 | JCA | JBoss EAP does not log exceptions thrown during a failed deployment of a resource adapter module |
| JBEAP-24860 | Management | WFCORE-6339 - Define remote name as origin if none is defined |
| JBEAP-24846 | Management | WFCORE-6351 - The publish-configuration command doesn't throw an error when the git location is invalid |
| JBEAP-24741 | Scripts | enable elytron example cli scripts not setting security=elytron on iiop subsystem |
| JBEAP-24752 | Security | Picketlink causing ConcurrentModificationException while deploying the application from DocumentBuilderImpl.setFeatures |
| JBEAP-24669 | Security | applicationSSC is required when running enable-elytron-se17.cli / enable-elytron-se17-domain.cli [details] |
| JBEAP-24716 | Server | WFCORE-6290 - Failure to handle errors loading process-uuid file |
| JBEAP-23722 | Undertow | UNDERTOW-2241 Undertow write-timeout can cause missing the last zero-length chunk in long polling [details] |
| JBEAP-24545 | Undertow | UNDERTOW-2243 - Eager flush/close on content length response prevents POST from finishing |
| JBEAP-24328 | Undertow | UNDERTOW-2251 / UNDERTOW-2258 - protocol error with HTTP/2 and Expect: 100-continue part 2 |
| JBEAP-24946 | Undertow | UNDERTOW-2267 - Fix change in behaviour of Servlet.init() method when loadOnStartup is required [details] |
| JBEAP-25198 | Undertow | Server responds with chunked transfer even for short data from deployment |
| JBEAP-25053 | Undertow | UNDERTOW-2281 - Undertow HTTP2 breaks protocol specification when client misbehaves |
| JBEAP-24733 | Web Console | HAL-1848 - Web console: Disabled datasource throws error in Runtime |
| JBEAP-24823 | XML Frameworks | XALANJ-2419 - Astral characters written as a pair of NCRs with the surrogate scalar values when using UTF-8 |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.12-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.12-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
Notes
- JBoss EAP 7.4 Update 13+ contains some bug fixes that did not make it into EAP 8.0 GA, it is recommended you wait for EAP 8.0 Update 1 before upgrading to EAP 8.0
- Red Hat Insights is available for JBoss EAP 7.4 Update 11+, see more details
- Helm Chart for EAP 7.4 Updates
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- The Helm Chart for JBoss EAP 7.4 / JBoss EAP XP 3 allows to build and deploy applications on OpenShift using Helm package manager
- The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
- Hibernate Search 5 APIs Deprecated in JBoss EAP 7.4 that will be changed in EAP 8 / Hibernate 6
- The RHSSO Galleon Layer is deprecated in JBoss EAP 7.4, see more details.
- JBoss EAP 7.4 Update 8+ now supports OpenJDK 17 / Oracle JDK 17, see configuration changes needed here.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 7
- jndi-name has been required for admin-object definitions as per the schema, the server will require it to be specified or will result in an error, see more details here
Comments