JBoss Enterprise Application Platform 6.4 Update 04 Release Notes
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 6 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from This content is not included.JBoss EAP 6.4 Update 3 / Release Notes
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2015-5220 | jbossas | OOME from EAP 6 http management console |
| CVE-2015-5188 | Web Console | CSRF vulnerability in EAP Web Console [details] |
| CVE-2015-5178 | Domain Management | EAP administration interface vulnerable to clickjacking |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.1242085 | CDI/Weld | ClassNotFoundException when session replication is triggered |
| This content is not included.1249031 | CLI | Intermittent Disconnection from CLI After Reload in domain mode |
| This content is not included.1237035 | CLI | aesh logs remain under tmp directory when run JBoss CLI |
| This content is not included.1164277 | CLI | cli tab completion gets confused by double slash |
| This content is not included.1233968 | Clustering | KeyAffinityService race condition on view change [details] |
| This content is not included.1228780 | Clustering | Replication: The DELTA_WRITE flag should force a remote get during state transfer |
| This content is not included.1223081 | Domain Management | Don't reload jsp after redeploy application in Domain Mode |
| This content is not included.1257301 | Domain Management | can not configure system properties in the server group level after applying CP03 [details] |
| This content is not included.1257612 | EJB | TimerServiceTimerService.getTimers() returns not only the associated timer entries for the current Bean |
| This content is not included.1202354 | Infinispan | Local Transactional Cache loses data when eviction is enabled and there are multiple readers and one writer |
| This content is not included.1201358 | JMS | java.lang.ClassNotFoundException: org.jboss.naming.remote.client.InitialContextFactory |
| This content is not included.1210388 | Security | Plain text password is logged at DEBUG level when FORM-based authentication is used |
| This content is not included.1097276 | Security | MsSql datasource throws IllegalStateException while obtaining connection |
| This content is not included.1243553 | Security | Reuse authenticated subject from incoming context when security domains match |
| This content is not included.1246939 | Tomcat | Multiple file uploading issue |
| This content is not included.1259522 | Web | CLI shows 0 for session stats of distributable web apps |
| This content is not included.1261526 | Web | WFLY-84 - Pass VFS deployment root to the JSP loader |
| This content is not included.1221446 | Web | FormAuthenticator returns a body of login form for a HEAD request |
| This content is not included.1242359 | Web | Websockets OnClose method on server endpoint always represents close reason close code as 1000 (normal_closure) |
| This content is not included.1249553 | Web Console | Datasource: Statement Cache Size, Min Pool Size, Max Pool Size should not be required fields |
| This content is not included.1251969 | Web Console | When we create 10+ datasources in standalone.xml, then we cant see all the datasources in runtime tab [details] |
| This content is not included.1248009 | Web Console | JVM configuration for a host in domain mode did not allow empty HeapSize |
| This content is not included.1251542 | Web Console | Outbound-socket details not rendered in admin console if ports use expressions [details] |
| This content is not included.1256819 | Web Console | Incorrect display of application name while assigning a new application to the ServerGroup. |
| This content is not included.1238756 | Web Console | slowness on web console with more than 500 servers on pagination domain controller |
| This content is not included.1221740 | Web Console | Add TCPPING to Jgroups tcp stack protocol list |
| This content is not included.1188204 | Web Services | Invalid ?wsdl response with relative imports/includes when using jaxws-catalog.xml |
| This content is not included.1224170 | jbossas | Running EAP 6 service using standalone-full-ha.xml profile causes fake [FAILED] output |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-6.4.4-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-6.4.4-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 6.4 Installation Guide