JBoss Enterprise Application Platform 7.1 Update 2 Release Notes
Updated
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.1 Update 01
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2018-1047 | Web (Undertow) | undertow: Path traversal in ServletResourceManager class |
| CVE-2018-8088 | Server | Deserialisation vulnerability in EventData constructor can allow for arbitrary code execution |
| CVE-2018-1067 | Server | undertow: HTTP header injection using CRLF with UTF-8 Encoding (incomplete fix of CVE-2016-4993) |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-14303 | JBJCA-1369 - SemaphoreConcurrentLinkedDequeManagedConnectionPool.returnConnection throws NPE | |
| Content from issues.jboss.org is not included.JBEAP-14223 | Reduce log level for RequestCorrelator "channel is not connected" error during shutdown | |
| Content from issues.jboss.org is not included.JBEAP-13420 | ActiveMQ | ARTEMIS-1227 - Artemis JMS bridge does not remove vendor specific properties from message headers |
| Content from issues.jboss.org is not included.JBEAP-13423 | ActiveMQ | ARTEMIS-1455 - Error on resetting large message deliver - null: java.lang.NullPointerException |
| Content from issues.jboss.org is not included.JBEAP-13979 | ActiveMQ | Page Cleanup will make MessageCount to show negative values |
| Content from issues.jboss.org is not included.JBEAP-14173 | ActiveMQ | ARTEMIS-1670 - NPE on CLI operation drop-durable-subscription |
| Content from issues.jboss.org is not included.JBEAP-14233 | CDI / Weld | Bean discovery in deployment dependencies (modules) is always interpreted as "all" and fails to inject from static module's exported dependency |
| Content from issues.jboss.org is not included.JBEAP-14389 | CDI / Weld | Revise Java 8 default methods support |
| Content from issues.jboss.org is not included.JBEAP-14425 | CDI / Weld | SingletonProvider may be incorrectly initialized with RegistrySingletonProvider |
| Content from issues.jboss.org is not included.JBEAP-14330 | CLI | CLI syntax for "cd" command does not work the same in EAP 7.1 |
| Content from issues.jboss.org is not included.JBEAP-14059 | Clustering | ISPN-8893 - Stack trace of a primary request of Infinispan is lost, damaging supportability severely |
| Content from issues.jboss.org is not included.JBEAP-14107 | Domain Management | StringIndexOutOfBoundsException if config file with wrong name is present in 'standalone_xml_history/snapshot' folder |
| Content from issues.jboss.org is not included.JBEAP-12478 | EJB | Log error org.jboss.security.annotation.SecurityDomain annotation is used in EJB |
| Content from issues.jboss.org is not included.JBEAP-12670 | EJB | EJB client gets stuck in awaitResponse or AbstractHandleableCloseable when server is disconnected from network [details] |
| Content from issues.jboss.org is not included.JBEAP-14243 | EJB | EJB invocation for Remote interface fails when Client Interceptor registered via META-INF/services/org.jboss.ejb.client.EJBClientInterceptor |
| Content from issues.jboss.org is not included.JBEAP-12416 | EJB | EJBCLIENT-293 - EJB client exception when authentication fails is too long |
| Content from issues.jboss.org is not included.JBEAP-14246 | EJB | EJBCLIENT-295 - Annotated EJB Client Interceptor being called more than once |
| Content from issues.jboss.org is not included.JBEAP-11951 | EJB | Elements defined in 'jboss-ejb-security_1_1.xsd' must be optional |
| Content from issues.jboss.org is not included.JBEAP-12752 | EJB | NPE when ejb client is on Xbootclasspath |
| Content from issues.jboss.org is not included.JBEAP-14286 | EJB | XNIO-320 - IllegalArgumentException: Parameter 'address' may not be null |
| Content from issues.jboss.org is not included.JBEAP-14278 | Hibernate | HHH-12074 HHH-12086 HHH-12105 HHH-12113 HHH-12355 More bugs using hibernate.order_inserts=true |
| Content from issues.jboss.org is not included.JBEAP-14304 | Hibernate | @LazyGroup is ignored on LazyToOne association with 'mappedBy' [details] |
| Content from issues.jboss.org is not included.JBEAP-14268 | Hibernate | HHH-12059 HHH-11440 HHH-11286 HHH-10333 HHH-12406 hbm2ddl.auto=validate/hbm2ddl.auto=update don't work with Oracle or SQLServer |
| Content from issues.jboss.org is not included.JBEAP-13570 | JCA | JBJCA-1356: BaseWrapperManagedConnection.unlock fails to unlock This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-14064 | JCA | JBJCA-1366 - Need handle failover for end of DB in HA-Datasource Failover |
| Content from issues.jboss.org is not included.JBEAP-14103 | JCA | JBJCA-1367 - Connection cleanup prevents lock to unlock |
| Content from issues.jboss.org is not included.JBEAP-14098 | JCA | JBJCA-1368 - JDBC XAManagedConnection.end could loop endlessly when broadcasting error |
| Content from issues.jboss.org is not included.JBEAP-14279 | JCA | elytron security is getting ignored with resource adaptor |
| Content from issues.jboss.org is not included.JBEAP-14148 | JPA / Hibernate | org.jboss.as.jpa.hibernate5.management.QueryName.displayable() consumes high amount of CPU [details] |
| Content from issues.jboss.org is not included.JBEAP-10242 | JSF | JAVASERVERFACES_SPEC_PUBLIC-671 The old model value is redisplayed on @NotNull validation error with INTERPRET_EMPTY_STRING_SUBMITTED_VALUES_AS_NULL=true |
| Content from issues.jboss.org is not included.JBEAP-13439 | Migration | CMTOOL-162 - Server migrate tool returns "1" code on --help |
| Content from issues.jboss.org is not included.JBEAP-13305 | Migration | CMTOOL-168 - Elytron subsystem created by migration tool is outdated |
| Content from issues.jboss.org is not included.JBEAP-14163 | Migration | CMTOOL-173/CMTOOL-174/CMTOOL-175 - Server migration fails if environment modifies target server dirs |
| Content from issues.jboss.org is not included.JBEAP-14300 | Remoting | JBMAR-218 - Object replacement does not function correctly with null values |
| Content from issues.jboss.org is not included.JBEAP-14238 | Security | Attribute required-attributes of Elytron x500-attribute-principal-decoder cannot be added to configuration, doing this via management API leads to server stop |
| Content from issues.jboss.org is not included.JBEAP-13648 | Security | ELY-1428 - Elytron provider has to be installed manually for key-store-ssl-certificate |
| Content from issues.jboss.org is not included.JBEAP-13656 | Security | ELY-1430 - WARN logged during server shutdown when Elytron JACC is set |
| Content from issues.jboss.org is not included.JBEAP-13736 | Security | Error on startup when multiple FIPS Credential Stores are configured |
| Content from issues.jboss.org is not included.JBEAP-12479 | Security | Fix javadoc for org.jboss.security.annotation.SecurityDomain |
| Content from issues.jboss.org is not included.JBEAP-4876 | Security | PicketLink FileBasedMetadataConfigurationStoreUnitTestCase fails on Windows |
| Content from issues.jboss.org is not included.JBEAP-14202 | Security | Configure Signature Algorithm for IdP and SP |
| Content from issues.jboss.org is not included.JBEAP-13122 | Security | Duplicate record is written in property file when group name set to empty [details] |
| Content from issues.jboss.org is not included.JBEAP-14152 | Security | ELY-1503 - SPNEGO fails on |
| Content from issues.jboss.org is not included.JBEAP-13973 | Security | NameNotFoundException due to policyRegistration -- service jboss.naming.context.java.policyRegistration [details] |
| Content from issues.jboss.org is not included.JBEAP-10449 | Security | Need to handle a http post method on picketlink sp authentication |
| Content from issues.jboss.org is not included.JBEAP-14261 | Security | Remove DEBUG message in server logs while calling isCallerInRole(String roleName) method |
| Content from issues.jboss.org is not included.JBEAP-14318 | Server | If an exception occurs resuming an activity the exception is lost |
| Content from issues.jboss.org is not included.JBEAP-6191 | Web (Undertow) | HTTP2 WINDOW_UPDATE delta is non-zero check |
| Content from issues.jboss.org is not included.JBEAP-9608 | Web (Undertow) | UNDERTOW-1016 - Mod-cluster filter throws NPE on processing IPv6 zone interface id with a subinterface |
| Content from issues.jboss.org is not included.JBEAP-14234 | Web (Undertow) | UNDERTOW-1281 - Option to have 100-continue response sent even if request body has come |
| Content from issues.jboss.org is not included.JBEAP-14384 | Web (Undertow) | UNDERTOW-1305 - StuckThreadDetectionHandler does not properly guard against registering multiple timers |
| Content from issues.jboss.org is not included.JBEAP-14376 | Web (Undertow) | UNDERTOW-1306 - ChunkedStreamSinkChannel can truncate response in some circumstances |
| Content from issues.jboss.org is not included.JBEAP-14073 | Web Console | Datasource "Use CCM" value always reported as "false" in the web console [details] |
| Content from issues.jboss.org is not included.JBEAP-14066 | Web Console | Logout redirect failed from a management Web console using IE |
| Content from issues.jboss.org is not included.JBEAP-14141 | mod_cluster | MODCLUSTER-639 - proxy reset requests can allow for other MCMPs to bad proxy |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.1.2-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.1.2-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 7.1 Patching And Upgrading Guide
SBR
Category
Components
Article Type