JBoss Enterprise Application Platform 6.4 Update 17 Release Notes
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
A This content is not included.regression was found in CP17 due to a bug fix and it is recommended to use This content is not included.CP18 or This content is not included.later
In order to better meet customer expectations, micro releases for JBoss EAP 6 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from This content is not included.JBoss EAP 6.4 Update 16 / Release Notes
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2017-7525 | jbossas | jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper |
| CVE-2017-5664 | Web | Security constrained bypass in error page mechanism |
| CVE-2017-5645 | jbossas | log4j: Socket receiver deserialization vulnerability |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.1466488 | CLI | jboss-cli.sh goes into interactive mode when certificate expired causes hanging in non-interactive use cases |
| This content is not included.1465995 | Class Loading | Improve BZ1449932 to reduce memory usage after performance fix [details] |
| This content is not included.1443209 | Domain Management | WFCORE-1399 Failure when resolving an expression with the default value containing a '$' at the end [details] |
| This content is not included.1192591 | EJB | jboss-ejb-iiop_1_0.xsd is invalid [details] |
| This content is not included.1136054 | EJB | Wrong Transaction behaviour for EJBs if JTS is enabled |
| This content is not included.1461416 | EJB | Race condition if timers overlap due to long running execution and short schedules if database persistence is used [details] |
| This content is not included.1464134 | EJB | MDC is lost during @Asynchronous EJB calls [details] |
| This content is not included.1455429 | EJB | Base class method modifiers should not affect the overriden method in the EJB [details] |
| This content is not included.1452879 | Hibernate | HHH-10183 Mapping for NVARCHAR in SqlServer not working with native queries; org.hibernate.MappingException: No Dialect mapping for JDBC type: -9 [details] |
| This content is not included.1421404 | Infinispan | ISPN-7461 - Web sessions can't be created after a cluster split/merge |
| This content is not included.1457508 | JPA | race condition and level 2 cache configuration in standalone*.xml or domain*.xml [details] |
| This content is not included.1408961 | Patching | Error while applying CP12 patch in windows environment through CLI command. [details] |
| This content is not included.1322414 | PicketLink | Single Logout does not fully work on distributed PicketLink Identity Provider |
| This content is not included.1466582 | PicketLink | SP can not parse SAML response if namespace is declared in root element This content is not included.[details] |
| This content is not included.1415963 | Remoting | Authentication via remoting fail for larger requests i.e. long password [details] |
| This content is not included.1456503 | Remoting | JBMAR-181 - NullPointerException while deserializing an object whose class doesn't have a no-arg constructor |
| This content is not included.1452408 | Remoting | JBMAR-189 - Race condition in SerializableClassRegistry.lookup |
| This content is not included.1456505 | Remoting | JBMAR-190 - Using internal JDK classes causes issues on recent JDK9 builds |
| This content is not included.1454564 | Remoting | JMX client hangs when closing an unresponsive connection [details] |
| This content is not included.1459769 | Scripts and Commands | On Windows, when running standalone/Domain with the JAVA_HOME environment variable set (but pointing to an empty directory), JBoss EAP fails to start and does not give an error message. |
| This content is not included.1221892 | Security | Specific ERROR message when keystore doesnt exist on filesystem |
| This content is not included.1464176 | Transaction Manager | There is a memory leak due to org.jboss.as.ejb3.remote.ImportedTransactionCache class |
| This content is not included.1464254 | VFS | JBVFS-204 - File system operations require both java.io.FilePermission and VirtualFilePermission |
| This content is not included.1464257 | VFS | JBVFS-201 - Use simple cycle instead of recursive string concatenation |
| This content is not included.1433123 | Web | request with invalid characters receives 505 response instead of expected 400 [details] |
| This content is not included.1458058 | Web Services | CXF-7269 - schemavalidate failed when use mtom and Provider |
| This content is not included.1449287 | Web Services | CXF-7350 - the exception should be able to return to client if retry is 0 with ws-rm |
| This content is not included.1283249 | jbossas | Possible NPE on RA deployment during AS startup |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-6.4.17-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-6.4.17-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 6.4 Installation Guide