Why is it recommended to keep current on JBoss EAP Updates or Cumulative Patches?
Red Hat JBoss Enterprise Application Platform (EAP) maintenance releases, most commonly referred to as updates or cumulative patches, contain security and customer reported bug fixes. For details about what makes up an update release and how they are distributed, see Maintenance Release Changes in EAP 6.2+.
With each minor release, the maintenance stream shifts to that new minor version. Any new fixes for security vulnerabilities (CVEs) and customer reported bugs will be done on the maintenance stream. Because these fixes will typically not be put into prior minor releases, Red Hat expects and encourages customers to update regularly.
Updates are easy to apply using the JBoss CLI and can be rolled back just as easily.
For a smooth maintenance stream transition period from the previous minor release to the current, Red Hat provides the Update Extension Period for EAP 7.x. The Update Extension Period begins when the latest minor is released and extends for 3 months OR for two (2) update releases, whichever comes first.
Red Hat JBoss Enterprise Application Platform (EAP) 8.1
As of JBoss EAP 8.1 Update 4.1, there have been 7 security issues (CVEs) fixed since JBoss EAP 8.1 was released in August 2025. All future fixes for security issues (CVEs) and customer reported bugs will be done on this version.
The latest JBoss EAP 8.1 update can be downloaded from This content is not included.JBoss EAP 8.1 Patches Downloads page. For more information about the JBoss EAP 8 maintenance schedule, see JBoss EAP 8 Maintenance Schedule.
Red Hat JBoss Enterprise Application Platform (EAP) 8.0
NOTE: Red Hat JBoss EAP 8.0 Update 12 (8.0.12) is the last maintenance release for EAP 8.0. It is recommended to move to This content is not included.EAP 8.1 and apply the This content is not included.latest 8.1 update (when available).
As of JBoss EAP 8.0 Update 12, there have been 50 security issues (CVEs) fixed since JBoss EAP 8.0 was released in May 2024. There have also been several other fixes for customer reported bugs as well.
The latest JBoss EAP 8.0 update can be downloaded from This content is not included.JBoss EAP 8.0 Patches Downloads page. For more information about the JBoss EAP 8 maintenance schedule, see JBoss EAP 8 Maintenance Schedule.
Red Hat JBoss Enterprise Application Platform (EAP) 7.4
NOTE: Red Hat JBoss EAP 7 entered Extended life cycle support (ELS) 1 with end of June 2025. It is recommended to move to an active JBoss EAP and apply the latest update to be current on security and customer reported bug fixes.
During ELS-1 Red Hat delivers Critical impact security fixes and selected urgent-priority bug fixes, if and when available.
As of JBoss EAP 7.4 Update 23, there have been 120 security issues (CVEs) fixed since JBoss EAP 7.4 was released in July 2021. There have also been several other fixes for customer reported bugs as well.
The latest JBoss EAP 7.4 update can be downloaded from This content is not included.JBoss EAP 7.4 Patches Downloads page. For more information about the JBoss EAP 7 maintenance schedule, see JBoss EAP 7 Maintenance Schedule.
Red Hat JBoss Enterprise Application Platform (EAP) 7.3
NOTE: Red Hat JBoss EAP 7.3 Update 10 (7.3.10) is the last maintenance release for EAP 7.3. It is recommended to move to This content is not included.EAP 7.4 and apply the This content is not included.latest 7.4 cumulative patch (when available).
As of JBoss EAP 7.3 Update 10, there have been 66 security issues (CVEs) fixed since JBoss EAP 7.3 was released in March 2020. There have also been several other fixes for customer reported bugs as well.
The latest JBoss EAP 7.3 update can be downloaded from This content is not included.JBoss EAP 7.3 Patches Downloads page. For more information about the JBoss EAP 7.3 maintenance schedule, see JBoss EAP 7 Maintenance Schedule.
Red Hat JBoss Enterprise Application Platform (EAP) 7.2
NOTE: Red Hat JBoss EAP 7.2 Update 09 (7.2.9) is the last maintenance release for EAP 7.2. It is recommended to move to This content is not included.EAP 7.4 and apply the This content is not included.latest 7.4 cumulative patch (when available).
As of JBoss EAP 7.2 Update 09, there have been 76 security issues (CVEs) fixed since JBoss EAP 7.2 was released in January 2019. There have also been several other fixes for customer reported bugs as well.
The latest JBoss EAP 7.2 update can be downloaded from This content is not included.JBoss EAP 7.2 Patches Downloads page. For more information about the JBoss EAP 7.2 maintenance schedule, see JBoss EAP 7 Maintenance Schedule.
Red Hat JBoss Enterprise Application Platform (EAP) 7.1
NOTE: Red Hat JBoss EAP 7.1 Update 06 (7.1.6) is the last maintenance release for EAP 7.1. It is recommended to move to This content is not included.EAP 7.4 and apply the This content is not included.latest 7.4 cumulative patch (when available).
As of JBoss EAP 7.1 Update 06, there have been 27 security issues (CVEs) fixed since JBoss EAP 7.1 was released in December 2017. There have also been several other fixes for customer reported bugs as well.
The latest JBoss EAP 7.1 update can be downloaded from This content is not included.JBoss EAP 7.1 Patches Downloads page. For more information about the JBoss EAP 7.1 maintenance schedule, see JBoss EAP 7 Maintenance Schedule.
Red Hat JBoss Enterprise Application Platform (EAP) 7.0
NOTE: Red Hat JBoss EAP 7.0 Update 09 (7.0.9) is the last maintenance release for EAP 7.0. It is recommended to move to This content is not included.EAP 7.4 and apply the This content is not included.latest 7.4 cumulative patch (when available).
As of JBoss EAP 7.0 Update 09, there have been 27 security issues (CVEs) fixed since JBoss EAP 7.0 was released in May 2016. There have also been several other fixes for customer reported bugs as well.
The latest JBoss EAP 7.0 update can be downloaded from This content is not included.JBoss EAP 7.0 Patches Downloads page. For more information about the JBoss EAP 7.0 maintenance schedule, see JBoss EAP 7 Maintenance Schedule.
Red Hat JBoss Enterprise Application Platform (EAP) 6.4
NOTE: Red Hat JBoss EAP 6 entered end of life and the last update was June 30, 2022, it is recommended to move to an active JBoss EAP and apply the latest cumulative patch to be current on security and customer reported bug fixes
As of JBoss EAP 6.4 Update 23, there have been 49 security issues (CVEs) fixed since JBoss EAP 6.4 was released in April 2015. There have also been several other fixes for customer reported bugs as well.
The latest JBoss EAP 6.4 update can be downloaded from This content is not included.JBoss EAP 6.4 Patches Downloads page. For more information about the JBoss EAP 6.4 maintenance schedule, see JBoss EAP 6 Maintenance Schedule.