JBoss Enterprise Application Platform 7.1 Update 3 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.1 Update 02
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2017-7525 | Documentation | jackson-databind: incomplete fix for CVE-2017-7525 permits unsafe serialization via c3p0 libraries |
| CVE-2016-8657 | RPM | jboss: jbossas writable config files allow privilege escalation |
| CVE-2018-7489 | Server | jackson-databind Remote Code Execution (RCE) |
| CVE-2018-1114 | Undertow | undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service [details] |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-14755 | Possible issue in CloneableCloner.clone | |
| Content from issues.jboss.org is not included.JBEAP-11215 | ActiveMQ | ARTEMIS-1761 - Log one warning if cluster could not be formed because it's not possible to connect to other cluster node |
| Content from issues.jboss.org is not included.JBEAP-14534 | ActiveMQ | DefaultJMSConnectionFactory not found after switching to elytron and removing picketbox subsystem |
| Content from issues.jboss.org is not included.JBEAP-14190 | ActiveMQ | ENTMQBR-1034 - Cannot establish connection between EAP 6 HornetQ and EAP 7 Artemis if connector or acceptor contains any properties |
| Content from issues.jboss.org is not included.JBEAP-14280 | ActiveMQ | ENTMQBR-1043 - AMQ119034: Params for management operations must be of the following type: int long double String boolean Map or array thereof but found [B" |
| Content from issues.jboss.org is not included.JBEAP-14468 | Build System | Remove all slf4j dependencies from WildFly (EAP full) |
| Content from issues.jboss.org is not included.JBEAP-14645 | CDI / Weld | Bean discovery in deployment dependencies (modules) fails to inject from static module-alias's exported dependency |
| Content from issues.jboss.org is not included.JBEAP-14707 | CLI | Unable to pass any attribute to jboss-cli.ps1 script |
| Content from issues.jboss.org is not included.JBEAP-14479 | Clustering | Memory leak in Infinispan serialization |
| Content from issues.jboss.org is not included.JBEAP-7503 | EE | JBJCA-1358 - Container is not cleaning up container-managed JMSContext |
| Content from issues.jboss.org is not included.JBEAP-14545 | EJB | A Timer will hang forever if the database connection is not available |
| Content from issues.jboss.org is not included.JBEAP-11601 | EJB | The fix for WFLY-4625 breaks PolicyContext("javax.security.auth.subject.container") in CXF web service with STS |
| Content from issues.jboss.org is not included.JBEAP-14561 | EJB | jboss.ejb.default-local-transport-provider missing in appclient mode |
| Content from issues.jboss.org is not included.JBEAP-13936 | EJB | use of WildFlyInitialContext with wildfly-config.xml throws javax.naming.NoInitialContextException |
| Content from issues.jboss.org is not included.JBEAP-14153 | Hibernate | HHH-11617 Statement leak in case of "SQLGrammarException: could not extract ResultSet" |
| Content from issues.jboss.org is not included.JBEAP-14664 | Hibernate | HHH-11766 Accessing lazy basic property on entity loaded from 2nd level cache throws exception |
| Content from issues.jboss.org is not included.JBEAP-14493 | Hibernate | HHH-12423 HHH-12392 HHH-12562 Fix regressions related to database schemas |
| Content from issues.jboss.org is not included.JBEAP-14651 | Hibernate | HHH-12507 InsertOrderingWithCompositeTypeAssociation test fails on Oracle due to reserved word |
| Content from issues.jboss.org is not included.JBEAP-14683 | Hibernate | HHH-12508 HHH-12520 Bugs related to second-level/query cache not enabled |
| Content from issues.jboss.org is not included.JBEAP-14663 | Hibernate | HHH-12512 LazyGroupMappedByTestTask fails on Oracle |
| Content from issues.jboss.org is not included.JBEAP-14480 | Hibernate | HHH-12226: EntityNotFoundException for lazy OneToOne association using a derived key [details] |
| Content from issues.jboss.org is not included.JBEAP-14503 | Hibernate | HHH-12439 Merging of new entities can fail depending on cascade order |
| Content from issues.jboss.org is not included.JBEAP-14519 | JCA | - WFLY-10181 Deadlock for threads executing org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory.isEqual (EAP Full) [details] |
| Content from issues.jboss.org is not included.JBEAP-14434 | JCA | JBJCA-1370: Disable PoolConfiguration.isPrefill when initialSize is 0 [details] |
| Content from issues.jboss.org is not included.JBEAP-14616 | JCA | JBJCA-1371 - Deadlock for threads executing org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory.isEqual |
| Content from issues.jboss.org is not included.JBEAP-14506 | JCA | MySQLValidConnectionChecker swallow a root cause of the exception |
| Content from issues.jboss.org is not included.JBEAP-14775 | JMS | Regression in Remote JCA scenario with JDBC store after Artemis upgrade |
| Content from issues.jboss.org is not included.JBEAP-13950 | JMS | ARTEMIS-1639 - MDB does no longer receive messages after broker was restarted |
| Content from issues.jboss.org is not included.JBEAP-14691 | JMX | jboss.as:management-root=server MBean might be filtered on queryName/queryMBean methods |
| Content from issues.jboss.org is not included.JBEAP-13836 | JSF | Cannot inject session bean with @EJB to JSF PhaseListener |
| Content from issues.jboss.org is not included.JBEAP-14320 | Logging | LOGMGR-191 - Amend NullPointerException in RegexFilter.isLoggable() |
| Content from issues.jboss.org is not included.JBEAP-14458 | Logging | org.apache.commons.discovery.DiscoveryException: Unable to instantiate implementation class for org.apache.commons.logging.LogFactory |
| Content from issues.jboss.org is not included.JBEAP-14501 | Migration | CMTOOL-190 - Server Migration Tool not adding |
| Content from issues.jboss.org is not included.JBEAP-14661 | Modules | Invalid Secret Key when using a vault and JDK 1.8.0_171 [details] |
| Content from issues.jboss.org is not included.JBEAP-14398 | Modules | ModuleClassLoader throw exception InvalidPathException "Illegal char <?> [details] |
| Content from issues.jboss.org is not included.JBEAP-12374 | Productization | File permissions discrepancy between zip and rpms installation |
| Content from issues.jboss.org is not included.JBEAP-14297 | Remoting | A connection attempt with correct auth info can fail if a connection attempt with incorrect auth info is in progress at the same time |
| Content from issues.jboss.org is not included.JBEAP-14604 | Remoting | IllegalStateException: Constructor is unexpectedly inaccessible |
| Content from issues.jboss.org is not included.JBEAP-14095 | Scripts | JBOSS_HOME is unset in powershell scripts |
| Content from issues.jboss.org is not included.JBEAP-13978 | Security | External CS, PKCS11 can't be configured with externalPath (WFCORE) |
| Content from issues.jboss.org is not included.JBEAP-13441 | Security | External CS, PKCS11 can't be configured with externalPath |
| Content from issues.jboss.org is not included.JBEAP-783 | Security | IPv6 address in security realm using Kerberos |
| Content from issues.jboss.org is not included.JBEAP-14565 | Security | JACC is broken after server reload |
| Content from issues.jboss.org is not included.JBEAP-14225 | Security | Verify public API signatures during Elytron build. |
| Content from issues.jboss.org is not included.JBEAP-14702 | Security | Wildfly Elytron Tool, location is required even for non-filebased type e.g. PKCS11 |
| Content from issues.jboss.org is not included.JBEAP-14536 | Security | NPE in io.undertow.security.impl.BasicAuthenticationMechanism.authenticate when picketbox subsystem removed |
| Content from issues.jboss.org is not included.JBEAP-14462 | Security | Need to handle a http post method on picketlink sp authentication - test |
| Content from issues.jboss.org is not included.JBEAP-14585 | Security | Test HttpMethodToHtmlTestCase.testPutMethod fails due to regression |
| Content from issues.jboss.org is not included.JBEAP-14591 | Security | WFSSL-9 - SSL Context does not handler intermediate certificates correctly |
| Content from issues.jboss.org is not included.JBEAP-14467 | Server | Move all slf4j modules to WildFly Core eap |
| Content from issues.jboss.org is not included.JBEAP-14698 | Server | jackson-databind-1872 - NullPointerException in SubTypeValidator.validateSubType when validating Spring interface |
| Content from issues.jboss.org is not included.JBEAP-14790 | Server | Module ch.qos.cal10n contains upstream jar |
| Content from issues.jboss.org is not included.JBEAP-14549 | Server | Use of relative-to="jboss.domain.base.dir" prevents the host from starting up. [details] |
| Content from issues.jboss.org is not included.JBEAP-14516 | Testing/Validation | : Adding test in EAT for JBEAP-14505 in order to be tested with all the servers |
| Content from issues.jboss.org is not included.JBEAP-14641 | Undertow | CodecSessionConfig#findSessionId() can cause an incorrect JSESSIONID response cookie reusing a requested non-existent session id [details] |
| Content from issues.jboss.org is not included.JBEAP-14689 | Undertow | UNDERTOW-1332 - NullPointerException at HttpServletRequestImpl.getLocalAddr [details] |
| Content from issues.jboss.org is not included.JBEAP-14603 | Undertow | UNDERTOW-1333 - setContentLength(-1) is not clearing the content length header |
| Content from issues.jboss.org is not included.JBEAP-14625 | Undertow | UNDERTOW-1336 - access-log rotates to a new file name with an incorrect date string when the rotation happens after restarting the instance [details] |
| Content from issues.jboss.org is not included.JBEAP-14688 | Web Console | HAL-1455 - Messages Added to a JMS topic is always displayed 0 in the management console |
| Content from issues.jboss.org is not included.JBEAP-14649 | Web Console | HAL-1457 - Console 'Failed to create security context' if there are no data-sources |
| Content from issues.jboss.org is not included.JBEAP-14637 | Web Console | HHH-12508 HHH-12520 Web administration console not reporting application status because of NullPointerException when accessing entity-cache resource |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.1.3-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.1.3-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.1 Patching And Upgrading Guide
SBR
Category
Components
Article Type