JBoss Enterprise Application Platform 6.4 Update 13 Release Notes
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 6 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from This content is not included.JBoss EAP 6.4 Update 12 / Release Notes
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2016-6816 | Web | HTTP Request smuggling vulnerability due to permitting invalid character in HTTP requests |
| CVE-2016-8627 | jbossas | Potential EAP resource starvation DOS attack via GET requests for server log files |
| CVE-2016-7061 | Other | Sensitive data can be exposed at the server level in domain mode |
| CVE-2016-8656 | jbossas | Unsafe chown of server.log in jboss init script allows privilege escalation |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.1255205 | CLI | Typo in the CLI command help output "home many" |
| This content is not included.1391080 | CLI | jconsole EAP tab not loading when using remote followup |
| This content is not included.1395543 | Class Loading | Custom NameService by sun.net.spi.nameservice.provider.n doesn't work on EAP [details] |
| This content is not included.1399703 | EJB | Deadlock in BasicAction when jboss remoting and JTA is used, part II |
| This content is not included.1378396 | EJB | Transaction context should not be propagated when calling remote server asynchronously |
| This content is not included.1320709 | EJB | A deployment jar with EJB2 SLSB and CMP Entities will not start correctly |
| This content is not included.1191493 | EJB | Invoking EJB2 stateful bean which is being destroyed leads to NullPointerException |
| This content is not included.1389428 | EJB | @Startup @Singleton fails to invoke EJB via Remote interface in PostConstruct [details] |
| This content is not included.1377705 | EJB | EJB injection with indirection via web.xml fail |
| This content is not included.1168712 | HornetQ | HQ222010: Critical IO Error, shutting down the server. file=NIOSequentialFile... |
| This content is not included.1396541 | HornetQ | HornetQ Enable BACKLOG_PROP_NAME in hornetq-client |
| This content is not included.1377703 | HornetQ | The countDelta attribute showing negative values |
| This content is not included.1385162 | Infinispan | Errors due to SuspectedException in Infinispan when a node leaves |
| This content is not included.1378877 | Infinispan | Lock acquired forever with delayed PrepareCommand |
| This content is not included.1378875 | Infinispan | Too many threads for cleaning up infinispan transactions |
| This content is not included.1159290 | JMS | JBAS011603: Failed to destroy queue: DLQ: java.lang.IllegalStateException: Cannot access JMS Server, core server is not yet active... |
| This content is not included.1391840 | JMS | HQ224000: Failure in initialisation: java.lang.NullPointerException |
| This content is not included.1390207 | JPA | Hibernate Scanner implementation class shouldn't leak application entity classes [details] |
| This content is not included.1322998 | RESTEasy | HTTP request using OPTIONS resets the HTTP response |
| This content is not included.1273093 | Scripts and Commands | EAP zip based init scripts doesn't detach jbossas process |
| This content is not included.1410107 | Scripts and Commands | when jdr report is created report entry sos_logs/skips.log should be empty |
| This content is not included.1389201 | Security | Second security vault warning is displayed even if only one vault definition is present in the server configuration |
| This content is not included.1379978 | Security | EAP RBAC domain mode, "Deployer" role and constraints |
| This content is not included.1391834 | Web | NullPointerException in AccessLogValve$SessionIdElement.addElement This content is not included.[details] |
| This content is not included.1376379 | Web | cookie with control character throws exception but page (empty) returns 200 OK |
| This content is not included.1393746 | Web Console | EAP 6.4 Some socket bindings group is not in table with all socket binding groups in web console |
| This content is not included.1400629 | Web Console | 'Force Shutdown' link removed from Domain topology view even if the server process is alive |
| This content is not included.1259767 | Web Console | "OutOfMemoryError: PermGen or Unable to Create new native thread " of a given server affects the admin console operation [details] |
| This content is not included.1386448 | Web Services | ClassCastException from javax.mail.internet.InternetHeaders to java.util.Map in SoapActionInInterceptor.getSoapAction |
| This content is not included.1196686 | Web Services | Web Services can't inherit a JDK8 default method [details] |
| This content is not included.1368905 | Web Services | CXF-6506 - Client-side message context value HTTP_REQUEST_HEADERS is not shared between SOAP handlers |
| This content is not included.1397055 | jbossas | In OpenJDK 1.6 environment, EAP 6.4.x makes the vfs folder increased after restarting. |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-6.4.13-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-6.4.13-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 6.4 Installation Guide