JBoss Enterprise Application Platform 7.0 Update 02 Release Notes
Updated
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from This content is not included.JBoss EAP 7.0 Update 01
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2016-5406 | Domain Management | RBAC configurations are discarded by transformers for legacy slaves running management API versions 1.8 and earlier |
| CVE-2016-4993 | Web (Undertow) | HTTP header injection / response splitting |
| CVE-2015-0254 | XML Frameworks | XXE and RCE via XSL extension in JSTL XML tags |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-4742 | ActiveMQ | Duplicate messages in replicated HA topology when backup is shutdowned |
| Content from issues.jboss.org is not included.JBEAP-5175 | ActiveMQ | Fix bridge support for large messages |
| Content from issues.jboss.org is not included.JBEAP-4721 | ActiveMQ | In rare circumstances MessageProducer can send a message to wrong queue. |
| Content from issues.jboss.org is not included.JBEAP-3419 | ActiveMQ | Lost large messages if backup is shutdown during synchronization |
| Content from issues.jboss.org is not included.JBEAP-3313 | ActiveMQ | Lost message when using transaction session on subscriber/consumer. |
| Content from issues.jboss.org is not included.JBEAP-3002 | ActiveMQ | NPE when suspending server with MDB deployed |
| Content from issues.jboss.org is not included.JBEAP-3675 | ActiveMQ | Redistribution loses large messages when server with HA is restarted |
| Content from issues.jboss.org is not included.JBEAP-4909 | ActiveMQ | max-saved-replicated-journal-size is ignored |
| Content from issues.jboss.org is not included.JBEAP-5164 | ActiveMQ | Server should always remove old files beyond getMaxSavedReplicatedJournalsSize |
| Content from issues.jboss.org is not included.JBEAP-4862 | Batch | Add step property (jberet.analyzer.txDisabled) to allow applictions to turn off PartitionAnalyzer transactions |
| Content from issues.jboss.org is not included.JBEAP-4811 | Batch | Batch thread tx context not cleaned up properly on tx timeout in chunk-type step |
| Content from issues.jboss.org is not included.JBEAP-4847 | Batch | NPE in retry after a partitioned chunk |
| Content from issues.jboss.org is not included.JBEAP-3409 | Batch | When a job listener is not found and the batch fails to start, we cannot detect the error using Batch API. |
| Content from issues.jboss.org is not included.JBEAP-4955 | CLI | In domain it is not possible to configure journal paths via CLI |
| Content from issues.jboss.org is not included.JBEAP-3969 | Clustering | Session draining always takes maximum configured timeout |
| Content from issues.jboss.org is not included.JBEAP-4665 | Clustering | JGRP-2045 - Can't init JChannel using FILE_PING when JVM is shutting down |
| Content from issues.jboss.org is not included.JBEAP-4664 | Clustering | JGRP-2051 - S3_PING.generatePreSignedUrl() has to use https for the protocol |
| Content from issues.jboss.org is not included.JBEAP-4670 | Clustering | JGRP-2058 - Probe: add bundler type at runtime |
| Content from issues.jboss.org is not included.JBEAP-4667 | Clustering | JGRP-2059 - Added AverageMinMax - UPerf now also shows RTT times |
| Content from issues.jboss.org is not included.JBEAP-5227 | Clustering | RPCs to non-existant FORK channel are dropped |
| Content from issues.jboss.org is not included.JBEAP-4984 | Domain Management | Invalid unmanaged deployment breaks working managed deployments |
| Content from issues.jboss.org is not included.JBEAP-4273 | Domain Management | server instances cannot find keytab during domain startup |
| Content from issues.jboss.org is not included.JBEAP-4594 | EE | EJB with AroundConstruct interceptor with Object return type fails to deploy |
| Content from issues.jboss.org is not included.JBEAP-4682 | EJB | EJB view service allows invocations through before component has started resulting in potential race |
| Content from issues.jboss.org is not included.JBEAP-3459 | REST | Log warning message if two end-points are conflicting on the same path |
| Content from issues.jboss.org is not included.JBEAP-4247 | Security | AdvancedLdapLoginModule with rolesCtxDN=null leads to authentication failure |
| Content from issues.jboss.org is not included.JBEAP-4733 | Security | Flagging of invalid login credential for datasource is inconsistent - JBossSecuritySubjectFactory should check the root cause exception |
| Content from issues.jboss.org is not included.JBEAP-5269 | Security | Picketlink does not return SessionIndex in LogoutRequest |
| Content from issues.jboss.org is not included.JBEAP-3013 | Security | RolesSearch in AdvancedLdapLoginModule is doing a needless LDAP call for each individual role |
| Content from issues.jboss.org is not included.JBEAP-4266 | Security | AdvancedLdapLoginModule with rolesCtxDN="" can lead to authentication failure |
| Content from issues.jboss.org is not included.JBEAP-4216 | Security | NullPointerException in DeploymentRoleToRolesMappingProvider |
| Content from issues.jboss.org is not included.JBEAP-4045 | Security | SAML2STSLoginModule does not allow for configuring the ClockSkew |
| Content from issues.jboss.org is not included.JBEAP-2817 | Security | The root cause of login module failures gets lost when multiple login modules are stacked |
| Content from issues.jboss.org is not included.JBEAP-2491 | Server | WFCORE-761 - Not possible to overlay non existing file in WAR |
| Content from issues.jboss.org is not included.JBEAP-4748 | Web (Undertow) | Add log message indicating disabled |
| Content from issues.jboss.org is not included.JBEAP-4927 | Web (Undertow) | Provide username in trace logging for sec constraint during logout |
| Content from issues.jboss.org is not included.JBEAP-4821 | Web (Undertow) | access log states incorrect sizes for gzipped resources |
| Content from issues.jboss.org is not included.JBEAP-5002 | Web Console | Buttons at the end of modal panels get cut off |
| Content from issues.jboss.org is not included.JBEAP-4956 | Web Console | Impossible to read/configure messaging provider journal directory path |
| Content from issues.jboss.org is not included.JBEAP-5528 | Web Services | CXFHandlerResolverImpl not threadsafe |
| Content from issues.jboss.org is not included.JBEAP-5523 | Web Services | Coverity reports possible need to use doPrivileged block for MapToBeanConverter |
| Content from issues.jboss.org is not included.JBEAP-5527 | Web Services | Improve isolation between integration code and user code |
| Content from issues.jboss.org is not included.JBEAP-5520 | Web Services | Prevent Apache CXF from using ASM from user deployments |
| Content from issues.jboss.org is not included.JBEAP-5449 | Web Services | Self assignment of field WebserviceDescriptionMetaData.webservices |
| Content from issues.jboss.org is not included.JBEAP-5441 | Web Services | WS-Discovery doesn't work in IPv6-only network |
| Content from issues.jboss.org is not included.JBEAP-4726 | Web Services | jbossws-common - usage of Exception.printStackTrace() instead of logging feature |
| Content from issues.jboss.org is not included.JBEAP-4717 | Web Services | jbossws-cxf - usage of Exception.printStackTrace() instead of logging feature |
| Content from issues.jboss.org is not included.JBEAP-3279 | Web Services | slf4j is used by ws security related bits, logging bridge probably needed |
| Content from issues.jboss.org is not included.JBEAP-5521 | Web Services | wsdl diretory is not cleaned on application deploy/undeploy thereby leaving an empty folder under "/wsdl/data" directory |
| Content from issues.jboss.org is not included.JBEAP-3711 | Web Services | CXF-6799 - java.lang.ClassCastException: sun.reflect.generics.reflectiveObjects.ParameterizedTypeImpl cannot be cast to java.lang.reflect.TypeVariable |
| Content from issues.jboss.org is not included.JBEAP-5232 | XML Frameworks | Fix regression - JSTL TransformSupport XSL import not finding relative path |
| Content from issues.jboss.org is not included.JBEAP-4913 | XML Frameworks | After upgrading some of the attributes are not resolved by x:transform |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.0.2-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.0.2-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 7.0 Patching And Upgrading Guide
Category
Components
Article Type