JBoss Enterprise Application Platform 6.4 Update 14 Release Notes
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 6 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from This content is not included.JBoss EAP 6.4 Update 13 / Release Notes
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2017-6056 | Web | Infinite loop in the processing of https requests [details] |
| CVE-2016-8657 | jbossas | jbossas writable config files allow privilege escalation |
| CVE-2016-6346 | RESTEasy | Abuse of GZIPInterceptor in RESTEasy can lead to denial of service attack |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.1388757 | CDI/Weld | WELD-1256 - AbstractConversationContext calls conversation.end() without checking if its transient [details] |
| This content is not included.1412495 | Clustering | Problem using nested contexts in clustered environment [details] |
| This content is not included.1408222 | Domain Management | Rollback of undeploy and deployment remove will fail [details] |
| This content is not included.1404553 | Domain Management | WFCORE-1138 - Operation ("clean-obsolete-content") failed with NullPointerException [details] |
| This content is not included.1298521 | EJB | UnknownFormatConversionException is thrown if a customer TimerInfoObject contains illegal format characters as toString() output [details] |
| This content is not included.1413033 | EJB | Persistent calendar timers cause a NullPointerException if the method is removed/renamed from the class [details] |
| This content is not included.1414747 | HornetQ | Page Cleanup will make MessageCount to show negative values |
| This content is not included.1402765 | HornetQ | AddressSize show a negative number. |
| This content is not included.1259902 | IIOP | EJB IOR contains wrong port (non-SSL port) information when SSL is required |
| This content is not included.1403018 | Infinispan | ISPN-4706 - Executing a GET throws "Failure to marshal argument(s)" [details] |
| This content is not included.1414557 | MSC | MSC-151 - getClassLoader() should be called within doPrivileged() at SeviceControllerImpl#invokeListener |
| This content is not included.1401506 | MSC | ConcurrentModificationException being thrown during Operation ("add") when Jboss is starting This content is not included.[details] |
| This content is not included.1338093 | Other | WELD-001408: Unsatisfied dependencies on hot deploy of app using module-alias as dependency This content is not included.[details] |
| This content is not included.1213316 | Remoting | logging statement to trace remoting heartbeat |
| This content is not included.1282973 | Scripts and Commands | Unable to disable the automatic GC log flags specifically in the standalone.sh/.bat [details] |
| This content is not included.1280512 | Security | A security-domain can only load login-modules from a single JBoss module [details] |
| This content is not included.1392436 | Security | security subsystem, audit provider-module lacks "module" attribute [details] |
| This content is not included.1408846 | Server | Class names with $ generates a warning [details] |
| This content is not included.1401637 | Server | MBean implementation lifecycle methods in MSC threads |
| This content is not included.1412833 | Server | optional module dependencies can cause continual redeployment [details] |
| This content is not included.1409644 | Server | WFCORE-1047 - Rollback of undeploy and deployment remove will fail [details] |
| This content is not included.1406552 | Transaction Manager | JBTM-2822 - Add suppressed exceptions for failures during prepare This content is not included.[details] |
| This content is not included.1399005 | Web | No logging output when hitting maxSwallowSize [details] |
| This content is not included.1384856 | Web Services | NullPointerException at org.apache.cxf.common.jaxb.JAXBUtils.createJAXBContextProxy [details] |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-6.4.14-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-6.4.14-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 6.4 Installation Guide