JBoss Enterprise Application Platform 6.4 Update 05 Release Notes
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 6 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from This content is not included.JBoss EAP 6.4 Update 4 / Release Notes
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2015-5304 | jbossas | jbossas: Missing authorization check for Monitor/Deployer/Auditor role when shutting down server |
| CVE-2015-7501 | Infinispan | Apache commons-collections: Remote code execution during deserialisation [details] |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.1252583 | CDI/Weld | Naming store is null before CDI lifecycle BeforeShutdown event fires |
| This content is not included.1268185 | Clustering | Custom socket factory for JGroups subsystem not set correctly |
| This content is not included.976654 | EJB | Slow startup of standalone ejb-clients if not all defined server-connections are available |
| This content is not included.1265300 | EJB | Problems due to infinite transaction timeout period for distributed transaction branch [details] |
| This content is not included.1261191 | EJB | ejb-client scoped context not using thread context classloader when initializing causing client interceptors to not be loaded |
| This content is not included.1266112 | EJB | ConcurrentModificationException in ClusterContext.getConnectedAndDeployedNodes |
| This content is not included.1268424 | EJB | SFSB infinite loop if Passivate fails |
| This content is not included.1270360 | Hibernate | HHH-10182 - org.infinispan.util.concurrent.TimeoutException: Unable to acquire lock after [0 milliseconds] ... Lock held by [null] |
| This content is not included.1271799 | Hibernate | HHH-5255, HHH-7573 - ClassCastException on lazy properties when merging or flushing with PreUpdate callback |
| This content is not included.1250150 | Hibernate | HHH-9928 - Pending put leaks when the entity is not found in DB [details] |
| This content is not included.1276604 | HornetQ | Fix pontential ConcurrentModificationException when closing connections |
| This content is not included.1175722 | HornetQ | Add WARN log when setting connection-ttl OR connection-ttl-override equal to check-period |
| This content is not included.1193793 | HornetQ | After failback cachedCommands are never cleaned |
| This content is not included.1259753 | HornetQ | HORNETQ-1483 - Client side load balancing of HornetQ pooled connection does not work |
| This content is not included.1230981 | JCA | Need to handle SQLException in OracleValidConnectionChecker |
| This content is not included.1231658 | JCA | Prefill race condition in flush |
| This content is not included.1277919 | JCA | Peculiar behavior of data source pool statistics |
| This content is not included.1271806 | JCA | Verify if a SQLException is fatal in all methods |
| This content is not included.1217035 | JMS | java.lang.RuntimeException: JBAS011643: Failed to shutdown HornetQ server |
| This content is not included.1266913 | JMS | start-delivery/stop-delivery operations are missing from MDB deployment in domain mode |
| This content is not included.1250286 | JSF | JAVASERVERFACES-3241 - IndexOutOfBoundsException caused by javax.faces.component.AttachedObjectListHolder::restoreState(FacesContext context, Object state) |
| This content is not included.1266615 | Microcontainer and Deployers | DefaultDeploymentOperations.getDeploymentsStatus doesn't consider model operation result outcome |
| This content is not included.1238420 | Remoting | RejectedExecutionException when closing connection on channel close |
| This content is not included.1273620 | Remoting | Ensure buffers freed when ssl used to prevent memory leak |
| This content is not included.1262114 | Remoting | Deadlock when connection is closing while we are writing |
| This content is not included.1257031 | Remoting | Change default for pooled buffers to false |
| This content is not included.1181457 | Security | Second security vault warning is displayed even if only one vault definition is present in the server configuration |
| This content is not included.1219778 | Security | Fix for SECURITY-868 breaks flush-cache capability |
| This content is not included.1052644 | Security | LdapExtLoginModule cannot find custom ldap socket factory |
| This content is not included.1263336 | Security | JACC Class can be specified as system properties but module can not be specified |
| This content is not included.1266247 | Web | Http11NioProtocol + HTTPS fails to unwrap large requests even with acceptLargeFragments is true [details] |
| This content is not included.1243175 | Web Console | datasource test-connection from cli is always enabled with user who has even Operator role. |
| This content is not included.1028443 | Web Console | Deployment file is removed from a wrong server group in the manage deployments screen |
| This content is not included.1245173 | Web Console | Unnecessary validation of numeric fields forces user to manually enter even default values when configuring infinispan subsystem |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-6.4.5-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-6.4.5-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 6.4 Installation Guide