JBoss Enterprise Application Platform 7.0 Update 06 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.0 Update 05
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2017-2595 | Logging | Arbitrary file read via path traversal |
| CVE-2016-9606 | REST | Resteasy: Yaml unmarshalling vulnerable to RCE |
| CVE-2017-2666 | Undertow | HTTP Request smuggling vulnerability due to permitting invalid characters in HTTP requests |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-8832 | WFCORE-1786 - SelfContainedContainer: Allow the ConfigurationPersisterFactory to be customised | |
| Content from issues.jboss.org is not included.JBEAP-8834 | WFCORE-1797 - LaunchType.SELF_CONTAINED doesn't cleanup the temporary "wildfly-self-contained" directory | |
| Content from issues.jboss.org is not included.JBEAP-7935 | JBWS-4046 - PostConstruct method not invoked on web service handler | |
| Content from issues.jboss.org is not included.JBEAP-6196 | ActiveMQ | ARTEMIS-734 - Message expired while being moved on the cluster bridge does not follow the address setting configuration |
| Content from issues.jboss.org is not included.JBEAP-8744 | ActiveMQ | ARTEMIS-950 - Change log level from INFO to WARN for "Invalid "host" value "0.0.0.0" detected for..." when Artemis is bound to 0.0.0.0 |
| Content from issues.jboss.org is not included.JBEAP-6776 | Batch | Unable to load job xml in jar files inside WAR (and EAR) |
| Content from issues.jboss.org is not included.JBEAP-8440 | CDI / Weld | Injection with @EJB is not working as expected with CDI (REST) beans |
| Content from issues.jboss.org is not included.JBEAP-10482 | CLI | CLI returns always "0" if CLI is started with "cmd /c " on Windows |
| Content from issues.jboss.org is not included.JBEAP-10229 | CLI | jboss-cli.bat script is unable to start on Windows, if JBOSS_HOME folder contains '!' character |
| Content from issues.jboss.org is not included.JBEAP-8422 | CLI | CLI fails to reload when connection upgrades from http to https |
| Content from issues.jboss.org is not included.JBEAP-8807 | CLI | Error applying patch through CLI [details] |
| Content from issues.jboss.org is not included.JBEAP-4651 | CLI | Failed CLI batch command with "deploy --force" for replace deployment |
| Content from issues.jboss.org is not included.JBEAP-9135 | CLI | JBoss-CLI "deploy -l" always returns exit code 1 even when it succeeds |
| Content from issues.jboss.org is not included.JBEAP-5653 | CLI | default bin/jboss-cli.xml has wrong version number |
| Content from issues.jboss.org is not included.JBEAP-9852 | Clustering | ISPN-7207 - Cache creation requires specific permissions when using security manager |
| Content from issues.jboss.org is not included.JBEAP-7789 | EE | Need system property to enable EL 2.2 backward compatible switch "javax.el.bc2.2" |
| Content from issues.jboss.org is not included.JBEAP-9559 | EJB | jboss-ejb-iiop_1_0.xsd is invalid |
| Content from issues.jboss.org is not included.JBEAP-8359 | EJB | EJBCLIENT-176 - EJB client retry mechanisms causing inconsistencies with interceptor chain index when client side and server side retries invoked. |
| Content from issues.jboss.org is not included.JBEAP-6177 | EJB | Reconnect handlers leaking channels, need to unregister the ejb receiver |
| Content from issues.jboss.org is not included.JBEAP-9161 | Hibernate | HHH-11516 - Level two cache may not be enabled when using @Cacheable without/instead of @Cache [details] |
| Content from issues.jboss.org is not included.JBEAP-8393 | Hibernate | Found use of deprecated 'collection property' issue for valid JPQL query [details] |
| Content from issues.jboss.org is not included.JBEAP-9743 | JCA | Account for additional DB2 FATAL connection errors |
| Content from issues.jboss.org is not included.JBEAP-8933 | JDR | JDR Subsystem destroys password related system properties |
| Content from issues.jboss.org is not included.JBEAP-2148 | JPA/Hibernate | Dependency for javassist not resolved for native Hibernate applications |
| Content from issues.jboss.org is not included.JBEAP-5933 | Logging | logging profile with apache commons does not work in JBoss EAP 7 |
| Content from issues.jboss.org is not included.JBEAP-8247 | Management | WFCORE-2182 - RuntimeVaultReader should not throw SecurityException |
| Content from issues.jboss.org is not included.JBEAP-9173 | Modules | MODULES-245 - Reduce memory usage at startup related to version detection |
| Content from issues.jboss.org is not included.JBEAP-9170 | Modules | MODULES-278 - Detection of Intel 32-bits processors on Linux reported the wrong native library search path |
| Content from issues.jboss.org is not included.JBEAP-4650 | Modules | Unsatisfied dependencies on hot deploy of app using module-alias as dependency |
| Content from issues.jboss.org is not included.JBEAP-10487 | REST | Old RESTEasy client gives out of memory error, if consuming a huge data via POST |
| Content from issues.jboss.org is not included.JBEAP-7948 | REST | Regex with parenthesis doesn't work with resource locator |
| Content from issues.jboss.org is not included.JBEAP-10572 | RPM | RPM - yum update overrides EAP_HOME/bin/[standalone |
| Content from issues.jboss.org is not included.JBEAP-9964 | Remoting | xnio - Fix wrong remaining count |
| Content from issues.jboss.org is not included.JBEAP-4957 | Scripts | Use JBOSS_NAME variable in the JBOSS_LOCKFILE in the init script for RHEL |
| Content from issues.jboss.org is not included.JBEAP-9460 | Scripts | standalone.sh can hang on gc log back up moves |
| Content from issues.jboss.org is not included.JBEAP-5468 | Security | ELY-389 - Insufficient logging available during cipher suite selection |
| Content from issues.jboss.org is not included.JBEAP-9729 | Security | ELY-421 - IBM JDK uses a slightly different stack for property permission checking |
| Content from issues.jboss.org is not included.JBEAP-3734 | Security | ELY-438 - There is not possibility to use alternative JSSE Cipher Suite Names for IBM JDK |
| Content from issues.jboss.org is not included.JBEAP-9742 | Security | ELY-647 - MechanismDatabase SSL_ aliases fix |
| Content from issues.jboss.org is not included.JBEAP-6543 | Security | SECURITY-931 - PicketBoxMessages.authorizationFailedMessage misspelled Acces => Access |
| Content from issues.jboss.org is not included.JBEAP-7848 | Security | A security-domain can only load login-modules from a single JBoss module |
| Content from issues.jboss.org is not included.JBEAP-9851 | Security | SAML LogoutResponse includes invalid Responder status |
| Content from issues.jboss.org is not included.JBEAP-9232 | Undertow | EL - Use the correct class loader when attempting to resolve constants |
| Content from issues.jboss.org is not included.JBEAP-9049 | Undertow | UNDERTOW-1003 - If an existing session id is present Undertow should check other session managers to see if it exists |
| Content from issues.jboss.org is not included.JBEAP-9736 | Undertow | UNDERTOW-1005 - max-parameters limit on listener value results in accepting up to max-parameters+1 value |
| Content from issues.jboss.org is not included.JBEAP-8788 | Undertow | UNDERTOW-986 - HTTP2 listener doesn't respect MAX_HEADER_SIZE setting |
| Content from issues.jboss.org is not included.JBEAP-9233 | Undertow | Usage of static fields from java.lang classes as EL expressions in JSPs doesn't work |
| Content from issues.jboss.org is not included.JBEAP-6145 | Undertow | 'name' attribute missing in XSD while required by web subsystem parser |
| Content from issues.jboss.org is not included.JBEAP-9734 | Undertow | UNDERTOW-1009 - SSLHeaderHandler should not require base64 SSL_SESSION_ID |
| Content from issues.jboss.org is not included.JBEAP-8386 | Undertow | UNDERTOW-958 - FORM authentication fails to change URL session id after login |
| Content from issues.jboss.org is not included.JBEAP-8828 | Undertow | Undertow listener start/stop messages do not reflect jboss.socket.binding.port-offset |
| Content from issues.jboss.org is not included.JBEAP-9900 | Web Services | JBWS-4038 - Log ignored exceptions at trace |
| Content from issues.jboss.org is not included.JBEAP-9899 | Web Services | JBWS-4031 - Avoid array allocation in SubjectCreatingPolicyInterceptor |
| Content from issues.jboss.org is not included.JBEAP-6432 | Web Services | NullPointerException at org.apache.cxf.common.jaxb.JAXBUtils.createJAXBContextProxy |
| Content from issues.jboss.org is not included.JBEAP-9187 | XML Frameworks | HV-1280 - JAXP is used within a deployment lifecycle without pushing / popping the TCCL |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.0.6-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.0.6-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 7.0 Patching And Upgrading Guide
Category
Components
Article Type