JBoss Enterprise Application Platform 6.4 Update 19 Release Notes

Updated

Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:

In order to better meet customer expectations, micro releases for JBoss EAP 6 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.

Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.

For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+

This update includes all fixes and changes from This content is not included.JBoss EAP 6.4 Update 18

This update includes fixes for the following security related issues:

IDComponentSummary
CVE-2018-1041jbossasjboss-remoting: High CPU Denial of Service
CVE-2017-12617jbossasjbossweb: tomcat: Remote Code Execution bypass for CVE-2017-12615
CVE-2017-12174jbossashornetq: artemis/hornetq: memory exhaustion via UDP and JGroups discovery
CVE-2017-2582SecurityThe fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml

This update includes the following bug fixes or changes:
IDComponentSummary
This content is not included.1373412ClusteringTimeoutException when request ends up on non-coordinator node (invalidation cache, web session passivation and shared cache store)
This content is not included.1360391EJBEJB client unnecessary mark a channel/connection as broken if can't read a message [details]
This content is not included.1508105EJBDefault SFSB Lifecycle methods transaction attribute causing warnings [details]
This content is not included.1500297EJBAddress DeploymentUnitProcessor leaks in the codebase [details]
This content is not included.1460347EJBEJB run-as identity gets lost if an unsecured ejb in the call stack
This content is not included.1469369HornetQMessages get stuck if you change the configuration to host messages in memory from paging
This content is not included.1480095JCAPotential for deadlock on pool's flush This content is not included.[details]
This content is not included.1497591JCAset-tx-query-timeout does not work when the remaining transaction timeout is shorter than one second [details]
This content is not included.1531005JCAPool.flush does not work correctly
This content is not included.1518851JMSAdd CriticalAnalyzer to TimedBuffer operations follow up to BZ1487313
This content is not included.1516650JMSFailback not working on NFSv4 [details]
This content is not included.1429570PicketLinkSAML2STSLoginModule cannot be configured with module options instead of configFile
This content is not included.1464597Weblosing security context with parallel requests to secured REST EJB This content is not included.[details]
This content is not included.1523870WebClustered session still unexpectedly expired by sso after cluster member is stopped
This content is not included.1403939Web Services@javax.jws.Oneway causes security-context to be lost This content is not included.[details]

Note: This update should only be applied to installer or zip-based installations.

To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:

bin/jboss-cli.sh "patch apply path/to/jboss-eap-6.4.19-patch.zip"

To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:

bin\jboss-cli.bat "patch apply path\to\jboss-eap-6.4.19-patch.zip"

These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 6.4 Installation Guide

SBR
Product(s)
Category
Components
Article Type