JBoss Enterprise Application Platform 6.4 Update 16 Release Notes
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 6 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from This content is not included.JBoss EAP 6.4 Update 15 / Release Notes
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2016-5018 | jbossas | Security manager bypass via IntrospectHelper utility function |
| CVE-2017-2595 | jbossas | Arbitrary file read via path traversal |
| CVE-2016-6796 | jbossas | Security manager bypass via JSP Servlet config parameters |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.1446458 | CLI | Patching EAP 6.x returns only "Patching Exception" rather than providing the actual reason for failure [details] |
| This content is not included.1399195 | Clustering | RequestCorrelator "channel is not connected" error during shutdown |
| This content is not included.1380657 | Clustering | JGroups ASYM_ENCRYPT logs error message "key server is currently not set" during startup [details] |
| This content is not included.1330729 | Clustering | EAP is setting up JGroups property that is affecting JGroups in deployment |
| This content is not included.1442325 | Domain Management | Network interface selection criteria is not working for a duplicate IP addresses but one is down [details] |
| This content is not included.1327758 | Domain Management | Mutual authentication with SSL fails to work with the LDAP security-realm |
| This content is not included.1455588 | Domain Management | ManagedServerOperationsFactory is not propagating the 'module' attribute to the servers This content is not included.[details] |
| This content is not included.1435549 | EJB | Exception coming from a transaction resource has to be provided to client when transaction failure occurs on server This content is not included.[details] |
| This content is not included.1442955 | EJB | @TransactionAttribute should not be inherited per EJB spec (no-interface view) |
| This content is not included.1373953 | HornetQ | max-saved-replicated-journal-size = 0 should preserve no old journals [details] |
| This content is not included.1195079 | JCA | "org.postgresql.util.PSQLException: Cannot change transaction isolation" at calling Connection#setTransactionIsolation() when enabling connection validation in EAP 6 [details] |
| This content is not included.1350757 | Logging | StringIndexOutOfBoundsException throw while formatting log |
| This content is not included.1441890 | Logging | Suppressed exceptions in log formatting |
| This content is not included.1449932 | MSC | Performance problem in JarFileResourceLoader [details] |
| This content is not included.1448390 | Other | EAP cannot load module referenced by target-name |
| This content is not included.1456502 | Remoting | JBMAR-179 - SecurityManager issue in SerializableClassRegistry#lookup |
| This content is not included.1445480 | Remoting | JBMAR-195 - SerializingCloner.clone of PriorityBlockingQueue causes NullPointerException [details] |
| This content is not included.1328146 | Scripts and Commands | Start-up script jboss-as-standalone.sh does not work on RHEL 5 OS |
| This content is not included.1447878 | Scripts and Commands | On /etc/rc.d/init.d/jbossas-domain and standalone inconsistent use of >> and > to write to console.log |
| This content is not included.1443122 | Security | LDAP credential is revealed when error occurs at startup [details] |
| This content is not included.1432440 | Security | The username is not getting parsed properly in the method getUsername() of LdapExtLoginModule which results in StringIndexOutOfBoundsException . |
| This content is not included.1436390 | Server | NPE when MBean does not have no-arg constructor |
| This content is not included.1441808 | Web | Clustered session unexpectedly expired by sso after cluster member is stopped [details] |
| This content is not included.1419145 | Web | Content type can show other header value after FORM auth restores request [details] |
| This content is not included.1439225 | Web | multipart/form-data is not always read with correct encoding [details] |
| This content is not included.1257061 | Web | access-log relative-to attribute is not physically written to the configuration it the value is the default one |
| This content is not included.1205263 | Web Console | Set "module" element in the web console when creating security-domain login-module |
| This content is not included.1208250 | Web Console | Management Console: Refresh issue with Domain Manage Deployments > Attributes > Assigned Groups [details] |
| This content is not included.1417712 | jbossas | Custom java security permission does not work |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-6.4.16-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-6.4.16-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 6.4 Installation Guide