JBoss Enterprise Application Platform 7.0 Update 05 Release Notes
Updated
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from This content is not included.JBoss EAP 7.0 Update 04
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2016-8656 | RPM | unsafe chown of server.log in jboss init script allows privilege escalation |
| CVE-2016-9589 | Web (Undertow) | ParseState headerValuesCache can be exploited to fill heap with garbage |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-4852 | ActiveMQ | ARTEMIS-551 - ActiveMQ logs truststore password in plain text |
| Content from issues.jboss.org is not included.JBEAP-5826 | ActiveMQ | ARTEMIS-651 - Typo in word "topology" in log message in class ServerLocatorImpl |
| Content from issues.jboss.org is not included.JBEAP-5825 | ActiveMQ | ARTEMIS-652 - Incorrect null check in ActiveMQActivationSpec#toString for attribute connectionFactoryLookup |
| Content from issues.jboss.org is not included.JBEAP-5824 | ActiveMQ | ARTEMIS-653 - Possible Null Pointer Exception during message properties read using XmlDataImporter |
| Content from issues.jboss.org is not included.JBEAP-4772 | ActiveMQ | ARTEMIS-697 - AMQ224033: Failed to broadcast connector configs: java.lang.IllegalStateException: channel is closed |
| Content from issues.jboss.org is not included.JBEAP-5829 | ActiveMQ | ARTEMIS-709 - Possible NPE on UUIDGenerator.getAllNetworkInterfaces() |
| Content from issues.jboss.org is not included.JBEAP-6170 | ActiveMQ | ARTEMIS-715 - MessageProducer can send a message to a wrong queue after SecurityException |
| Content from issues.jboss.org is not included.JBEAP-4407 | ActiveMQ | ARTEMIS-747 - Consumer crashes with IndexOutOfBoundsException when reading non-text message from imported journal |
| Content from issues.jboss.org is not included.JBEAP-5940 | ActiveMQ | ARTEMIS-914 - Max saved replicated journal size on Live node should not be -1 |
| Content from issues.jboss.org is not included.JBEAP-8358 | ActiveMQ | Remove e.printStackTrace() from ActiveMQActivationSpec.validate |
| Content from issues.jboss.org is not included.JBEAP-4220 | ActiveMQ | java.lang.NullPointerException - io.netty.buffer.PoolChunk.initBufWithSubpage(PoolChunk.java:383) |
| Content from issues.jboss.org is not included.JBEAP-7412 | ActiveMQ | ARTEMIS-859 - Artemis backlog property not in allowed properties |
| Content from issues.jboss.org is not included.JBEAP-7740 | ActiveMQ | ARTEMIS-748 - Page Address Size gets negative on Artemis |
| Content from issues.jboss.org is not included.JBEAP-7091 | CDI / Weld | EJB injection with indirection via web.xml is ignored |
| Content from issues.jboss.org is not included.JBEAP-8468 | CLI | WFCORE-1352 - Remove the logs of post installation tasks (Windows) |
| Content from issues.jboss.org is not included.JBEAP-7872 | Clustering | Configuring L1 results in invalid configuration for 'routing' and 'client-mapping' caches |
| Content from issues.jboss.org is not included.JBEAP-6052 | Clustering | ISPN-6806 - Exception serializing L1InternalCacheEntry during state transfer |
| Content from issues.jboss.org is not included.JBEAP-7655 | Clustering | ISPN-3702 - Too many threads for cleaning up infinispan transactions [details] |
| Content from issues.jboss.org is not included.JBEAP-7545 | Domain Management | Direct end user mods of a slave-HC-managed domain server's config are possible if included in a composite op |
| Content from issues.jboss.org is not included.JBEAP-7632 | Domain Management | Domain server 'kill' and 'destroy' operations need to ensure the server is dead |
| Content from issues.jboss.org is not included.JBEAP-7372 | Domain Management | Embedded Server ignores system properties when starting. |
| Content from issues.jboss.org is not included.JBEAP-8138 | Domain Management | Full-replace rollback is failing with java.util.NoSuchElementException: No child 'name' exists: java.util.NoSuchElementException: No child > 'name' exists |
| Content from issues.jboss.org is not included.JBEAP-7803 | Domain Management | HC is unaware when managed server's MSC is unstable |
| Content from issues.jboss.org is not included.JBEAP-7974 | Domain Management | NPE thrown during application redeployment, slaves taken offline |
| Content from issues.jboss.org is not included.JBEAP-4928 | EJB | Deploying @Stateless EJB causes default ejb cache to start unnecessarily |
| Content from issues.jboss.org is not included.JBEAP-4442 | EJB | WFLY-6561 - EJB Timers Intermittently Execute Repeatedly on Server Restart with Error Code WFLYEJB0043 |
| Content from issues.jboss.org is not included.JBEAP-7026 | EJB | @Startup @Singleton fails to invoke EJB via Remote interface in PostConstruct |
| Content from issues.jboss.org is not included.JBEAP-8337 | Hibernate | HHH-10998 - NullPointerException when using join with subselect in hbm mapping |
| Content from issues.jboss.org is not included.JBEAP-8332 | Hibernate | HHH-11202 - IllegalAccessException on Embeddable ID after serializing Getter in cache key |
| Content from issues.jboss.org is not included.JBEAP-8335 | Hibernate | HHH-11289 - Lazy-initializing a static Method and making accessible not thread-safe |
| Content from issues.jboss.org is not included.JBEAP-6533 | Hibernate | HHH-11182 - HQL subquery with constraint property in superclass does not join superclass table [details] |
| Content from issues.jboss.org is not included.JBEAP-7953 | Hibernate | HHH-11241 - Missing column when executing HQL and criteria query with secondary table [details] |
| Content from issues.jboss.org is not included.JBEAP-7483 | Hibernate | HHH-11083 - WrongClassException using Infinispan and sharing cache regions [details] |
| Content from issues.jboss.org is not included.JBEAP-5862 | JDR | JDR is not collecting the file .overlays, layer.conf, version.txt config files |
| Content from issues.jboss.org is not included.JBEAP-8221 | JPA / Hibernate | race condition between the start of the custom cache configurationservice and the cache creation by the region factory [details] |
| Content from issues.jboss.org is not included.JBEAP-6958 | Logging | Log viewer does not show any log file for rpm installation |
| Content from issues.jboss.org is not included.JBEAP-8355 | MSC | MSC-151 - getClassLoader() should be called within doPrivileged() at SeviceControllerImpl#invokeListener |
| Content from issues.jboss.org is not included.JBEAP-7370 | Modules | Custom NameService by sun.net.spi.nameservice.provider.n doesn't work on WildFly |
| Content from issues.jboss.org is not included.JBEAP-7524 | REST | @GZIP annotation on client proxy doesn't set content-type gzip to the request header |
| Content from issues.jboss.org is not included.JBEAP-7614 | REST | NoClassDefFoundError when logging error with Yaml provider |
| Content from issues.jboss.org is not included.JBEAP-8375 | REST | RESTEasy should log used Providers and Interceptors in debug level |
| Content from issues.jboss.org is not included.JBEAP-5790 | REST | RESTEASY-1498 - Resteasy does not set Expires attribute for NewCookie correctly |
| Content from issues.jboss.org is not included.JBEAP-7811 | Remoting | Correct casting in BufferPipeInputStream#skip method |
| Content from issues.jboss.org is not included.JBEAP-8083 | Remoting | XNIO-268 - QueuedNioTcpServer always returns "-1" for "ConnectionCount" attribute in MBean |
| Content from issues.jboss.org is not included.JBEAP-8081 | Remoting | XNIO-279 - QueuedNioTcpServer can go into an infinite loop if accept fails |
| Content from issues.jboss.org is not included.JBEAP-7807 | Remoting | XNIO-284 - Race condition on creating Xnio instance |
| Content from issues.jboss.org is not included.JBEAP-3444 | Scripts | Use script name for file related to Wildfly to allow multiple instances easily |
| Content from issues.jboss.org is not included.JBEAP-8154 | Scripts | Incorrect JBOSS_HOME warning in vault.sh |
| Content from issues.jboss.org is not included.JBEAP-8240 | Scripts | Unable to disable the automatic GC log flags specifically in the standalone.sh/.bat [details] |
| Content from issues.jboss.org is not included.JBEAP-7001 | Scripts | standalone.sh fails to backup gc.log.#.current file silently. |
| Content from issues.jboss.org is not included.JBEAP-3997 | Security | Single Logout does not fully work on distributed PicketLink Identity Provider |
| Content from issues.jboss.org is not included.JBEAP-8867 | Security | PLINK-759 - PicketLink SP does not pass RelayState to IDP for Redirect Workflow |
| Content from issues.jboss.org is not included.JBEAP-8078 | Security | PLINK-759 - PicketLink SP does not pass RelayState to IDP |
| Content from issues.jboss.org is not included.JBEAP-8090 | Security | Security subsystem, audit provider-module lacks "module" attribute |
| Content from issues.jboss.org is not included.JBEAP-5273 | Security | PLINK-700 - SAML 2.0 Unsolicited Response MUST NOT contain an InResponseTo attribute |
| Content from issues.jboss.org is not included.JBEAP-4422 | Security | PLINK-738 - SAML2LogoutHandler is not handling PicketLinkSP/LogOutResponseLocation attribute properly |
| Content from issues.jboss.org is not included.JBEAP-7252 | Security | SPFormAuthenticationMechanism SAML principal is available only in web module, but not in ejb |
| Content from issues.jboss.org is not included.JBEAP-5112 | Security | security-realms that defer to jaas cannot load login-modules from org.jboss.as.security |
| Content from issues.jboss.org is not included.JBEAP-8299 | Server | WFCORE-2192 - optional module dependencies can cause continual redeployment |
| Content from issues.jboss.org is not included.JBEAP-7958 | Transactions | JBTM-2822 - Add suppressed exceptions for failures during prepare This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-8655 | Web (Undertow) | UNDERTOW-791 - Potential stack overflow with websockets when worker is shut down |
| Content from issues.jboss.org is not included.JBEAP-8329 | Web (Undertow) | UNDERTOW-840 - Proxy connection still communicating after timeout |
| Content from issues.jboss.org is not included.JBEAP-8330 | Web (Undertow) | UNDERTOW-841 - Predicate language does not allow you to clear a header |
| Content from issues.jboss.org is not included.JBEAP-8328 | Web (Undertow) | UNDERTOW-874 - SinglePortConfidentialityHandler generates invalid URL if the client sent a full URI in the request |
| Content from issues.jboss.org is not included.JBEAP-8007 | Web (Undertow) | UNDERTOW-938 - Potential concurrent ConcurrentModificationException when calling AbstractFramedChannel.markReadsBroken |
| Content from issues.jboss.org is not included.JBEAP-8396 | Web (Undertow) | UNDERTOW-961 - File descriptors leak in MultiPartParserDefinition |
| Content from issues.jboss.org is not included.JBEAP-8464 | Web (Undertow) | UNDERTOW-966 - Finished listener might not be called if fixed length channel is terminated early |
| Content from issues.jboss.org is not included.JBEAP-8466 | Web (Undertow) | UNDERTOW-967 - Range requests do not handle ranges that exceed the resource content length correctly |
| Content from issues.jboss.org is not included.JBEAP-8653 | Web (Undertow) | UNDERTOW-976 - SingleSignOnAuthenticationMechanism fails to destroy SSO following session invalidation if session was registered with SSO on remote node |
| Content from issues.jboss.org is not included.JBEAP-8657 | Web (Undertow) | UNDERTOW-980 - servlet-name '*' is not recognised for filter mappings |
| Content from issues.jboss.org is not included.JBEAP-6716 | Web (Undertow) | UNDERTOW-881 / UNDERTOW-895 - AJP and HTTP/2 listeners ignore max header and parameter limits |
| Content from issues.jboss.org is not included.JBEAP-7557 | Web (Undertow) | UNDERTOW-918 - Improve access logging output for Remote host (%h) and Remote IP (%a) |
| Content from issues.jboss.org is not included.JBEAP-7942 | Web (Undertow) | UNDERTOW-926 - Undertow connection may not be closed on IO exception in some circumstances |
| Content from issues.jboss.org is not included.JBEAP-8041 | Web (Undertow) | jboss-web.xml overlay option not honored [details] |
| Content from issues.jboss.org is not included.JBEAP-8087 | Web (Undertow) | UNDERTOW-847 - X-Forwarded-Host without port results in ':80' added to URL |
| Content from issues.jboss.org is not included.JBEAP-2018 | Web Console | HAL-1188 - Inconsistent setting of preffered store for writing transactions logs in web console |
| Content from issues.jboss.org is not included.JBEAP-5818 | Web Console | HAL-1112 - Web console is not able to read capacity-(de |
| Content from issues.jboss.org is not included.JBEAP-5370 | Web Services | @org.apache.cxf.annotations.SchemaValidation working on @WebMethod |
| Content from issues.jboss.org is not included.JBEAP-5673 | Web Services | CXF-6908 - Prefix "SOAP-ENV" for element "SOAP-ENV:Fault" is not bound |
| Content from issues.jboss.org is not included.JBEAP-8226 | Web Services | SANTUARIO-457 - Marshaller:sendAttributeToWriter broken by Attr without namespace |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.0.5-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.0.5-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the [JBoss EAP 7.0 Patching And Upgrading Guide](https://access.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0/patching-and-upgrading-guide/#patching-jboss-eap
Category
Components
Article Type