JBoss Enterprise Application Platform 7.0 Update 07 Release Notes
Updated
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.0 Update 06
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2016-4978 | ActiveMQ | JMSObjectMessage deserializes potentially malicious objects allowing Remote Code Execution |
| CVE-2017-7525 | Server | jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-3434 | ActiveMQ | AMQ224044: error acknowledging message: java.lang.NullPointerException |
| Content from issues.jboss.org is not included.JBEAP-11623 | ActiveMQ | Slow consumer detection not working when paging |
| Content from issues.jboss.org is not included.JBEAP-7800 | ActiveMQ | The countDelta attribute showing negative values |
| Content from issues.jboss.org is not included.JBEAP-10974 | ActiveMQ | max-saved-replicated-journal-size = 0 should preserve no old journals |
| Content from issues.jboss.org is not included.JBEAP-11052 | CDI / Weld | CDI request scope should be activated in the view interceptor chain |
| Content from issues.jboss.org is not included.JBEAP-10425 | Domain Management | WFCORE-2626 - Network interface selection criteria is not working for a duplicate IP addresses but one is down |
| Content from issues.jboss.org is not included.JBEAP-11172 | Domain Management | WFCORE-2741 - ManagedServerOperationsFactory is not propagating the 'module' attribute to the servers |
| Content from issues.jboss.org is not included.JBEAP-10404 | Domain Management | WFCORE-2678 - LDAP credential is revealed when error occurs at startup |
| Content from issues.jboss.org is not included.JBEAP-10405 | EJB | @TransactionAttribute should not be inherited per EJB 3.2 spec (no-interface view) |
| Content from issues.jboss.org is not included.JBEAP-10843 | EJB | StatefulSessionBean fail after 31 invocations [details] |
| Content from issues.jboss.org is not included.JBEAP-10259 | EJB | XNIO-296 - READ_TIMEOUT and WRITE_TIMEOUT options not set when opening new channel [details] |
| Content from issues.jboss.org is not included.JBEAP-9959 | Hibernate | HHH-11536 - Fix unit tests failing on Oracle |
| Content from issues.jboss.org is not included.JBEAP-11041 | Hibernate | HHH-10183 Mapping for NVARCHAR in SqlServer not working with native queries; org.hibernate.MappingException: No Dialect mapping for JDBC type: -9 [details] |
| Content from issues.jboss.org is not included.JBEAP-10844 | Hibernate | HHH-11324 HHH-11145 HHH-11352 SQLServer2005LimitHandler bugfixes [details] |
| Content from issues.jboss.org is not included.JBEAP-10915 | Hibernate | HHH-11740 HHH-11499 Default MultiTableBulkIdStrategy for DB2 does not work with connection pools |
| Content from issues.jboss.org is not included.JBEAP-11369 | IO | XNIO-297 - IO worker connection count provides incorrect values [details] |
| Content from issues.jboss.org is not included.JBEAP-8789 | JCA | JBJCA-1338 - CheckValidConnectionSQL can open a transaction, preventing application from changing transaction isolation level (PostgreSQL) |
| Content from issues.jboss.org is not included.JBEAP-10882 | JCA | JBJCA-1342 - Lazy Enlistment expects active transaction |
| Content from issues.jboss.org is not included.JBEAP-9846 | JMS | client-mapping attribute ignored in socket-binding of messaging subsystem |
| Content from issues.jboss.org is not included.JBEAP-5406 | JSF | ArrayIndexOutOfBoundsException happens when Accept header is just a slash |
| Content from issues.jboss.org is not included.JBEAP-10732 | JSF | JSF Duplicate ID fix to Mojarra 2.2.x |
| Content from issues.jboss.org is not included.JBEAP-10554 | Migration | EAP cannot load module referenced by target-name |
| Content from issues.jboss.org is not included.JBEAP-11662 | Modules | Jboss Modules creates lots duplicated of ArrayList's with only a single value |
| Content from issues.jboss.org is not included.JBEAP-10519 | Modules | MavenArtifactUtil does not use proxy, mirror or server credentials from settings.xml |
| Content from issues.jboss.org is not included.JBEAP-10942 | Modules | Performance problem in JarFileResourceLoader |
| Content from issues.jboss.org is not included.JBEAP-10428 | Modules | custom java security permission does not work |
| Content from issues.jboss.org is not included.JBEAP-11585 | Modules | NullPointerException in MBEANS: dumpModuleInformation, dumpAllModuleInformation... [details] |
| Content from issues.jboss.org is not included.JBEAP-11007 | REST | RESTEASY-1227 - MediaType set incorrectly in SegmentNode when multiple media types are offered. |
| Content from issues.jboss.org is not included.JBEAP-11346 | Remoting | JMX client hangs when closing an unresponsive connection |
| Content from issues.jboss.org is not included.JBEAP-9245 | Scripts | WFCORE-2348 - Error while starting JBoss as service in domain mode using init scripts. |
| Content from issues.jboss.org is not included.JBEAP-8786 | Security | Infinispan cache configuration is not always applied to security-domain This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-9923 | Server | NPE when MBean does not have no-arg constructor |
| Content from issues.jboss.org is not included.JBEAP-6039 | Transactions | Talk to the local transaction manager to determine if a transaction containing XAResources is still in-flight before relying on orphan detection |
| Content from issues.jboss.org is not included.JBEAP-11026 | Web (Undertow) | Race between SSO service start and deployment |
| Content from issues.jboss.org is not included.JBEAP-8803 | Web (Undertow) | UNDERTOW-994 - ajp connection hangs if a post HTTP request header contains 'Transfer-Encoding: chunked' |
| Content from issues.jboss.org is not included.JBEAP-9976 | Web Console | Do not pre-select server-group when assigning a deployment in domain mode |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.0.7-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.0.7-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 7.0 Patching And Upgrading Guide
Article Type