JBoss Enterprise Application Platform 7.1 Update 4 Release Notes
Updated
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.1 Update 03
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2018-10237 | Server | guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service |
| CVE-2018-10862 | Server | Path traversal can allow the extraction of .war archives to write arbitrary files (Zip Slip) |
| CVE-2018-1000180 | Server | bouncycastle: flaw in the low-level interface to RSA key pair generator |
| CVE-2018-8039 | Server | apache-cxf: TLS hostname verification does not work correctly with com.sun.net.ssl.* |
| CVE-2017-12624 | Server | cxf: Improper size validation in message attachment header for JAX-WS and JAX-RS services |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-13995 | ActiveMQ | Artemis broker should shutdown if no journal file can be found within specified timeout |
| Content from issues.jboss.org is not included.JBEAP-14991 | Batch | JBERET-148 ChunkListener.onError() method not invoked before retry rollback |
| Content from issues.jboss.org is not included.JBEAP-14992 | Batch | JBERET-351 Step metrics WRITE_COUNT does not correctly reflect the number of items to be written |
| Content from issues.jboss.org is not included.JBEAP-12419 | Batch | JBERET-350 - Wrong length calculation for an i18n string in JDBC repository schema [details] |
| Content from issues.jboss.org is not included.JBEAP-14733 | Batch | JBERET-417 - Incorrect jberet batch status is shown if we have multiple standalone node involved. |
| Content from issues.jboss.org is not included.JBEAP-14335 | CLI | Cannot connect to JBoss controller via CLI by passing password in command line if password contains '!' character (for JBoss EAP 7.1 GA in Windows) |
| Content from issues.jboss.org is not included.JBEAP-14753 | EE | Domain mode shutdown of EE executor service with :stop() or :stop(timeout=0) command doesn't work |
| Content from issues.jboss.org is not included.JBEAP-14796 | EJB | NPE on EJB txn recover request |
| Content from issues.jboss.org is not included.JBEAP-14921 | EJB | Problem with @Schedule and daylight-saving time |
| Content from issues.jboss.org is not included.JBEAP-14981 | EJB | EJB contextData not sent back to client in response |
| Content from issues.jboss.org is not included.JBEAP-14635 | JCA | JBJCA-1375 - ActiveCount of data-source is not correct after reloaded |
| Content from issues.jboss.org is not included.JBEAP-14708 | JCA | JBJCA-1376 Recovery disabled if using a security domain [details] |
| Content from issues.jboss.org is not included.JBEAP-14758 | JCA | JBJCA-1377 - Cached-connection-manager DEBUG connection closure could be too eager with enlistment-trace==false [details] |
| Content from issues.jboss.org is not included.JBEAP-13892 | JMS | Add CriticalAnalyzer to TimedBuffer operations |
| Content from issues.jboss.org is not included.JBEAP-14126 | JMX | Enum is misspelled causing java.lang.IllegalArgumentException |
| Content from issues.jboss.org is not included.JBEAP-14888 | JPA / Hibernate | HHH-12687: ManyToOne associations in embeddable collection elements are always eagerly loaded [details] |
| Content from issues.jboss.org is not included.JBEAP-14147 | JPA / Hibernate | org.jboss.as.jpa.hibernate5.management.QueryName.displayable() consumes high amount of CPU [details] |
| Content from issues.jboss.org is not included.JBEAP-14817 | Management | EAP backup slave not reconnecting after master shutdown |
| Content from issues.jboss.org is not included.JBEAP-14805 | Management | Host starts with server assigned to non-existent server group |
| Content from issues.jboss.org is not included.JBEAP-14793 | Naming | Infinite recursion in RelativeFederatingContext This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-15005 | REST | If proxy gets an entity but a ClientResponseFilter throws an Exception, Resteasy should close connection |
| Content from issues.jboss.org is not included.JBEAP-13198 | REST | RESTEasy: Log a warn message for REST methods having ambiguous paths. |
| Content from issues.jboss.org is not included.JBEAP-15125 | RPM | Incomplete update of wildfly-openssl libraries in EAP7.1.3 leads to inability to use OpenSSL with EAP |
| Content from issues.jboss.org is not included.JBEAP-13281 | Remoting | Server fails to start after setting invalid property of remoting connector |
| Content from issues.jboss.org is not included.JBEAP-14904 | Scripts | elytron-tool.sh script detects JBOSS_HOME incorrectly |
| Content from issues.jboss.org is not included.JBEAP-14863 | Security | JASPI mech shows error message in FORM authentication |
| Content from issues.jboss.org is not included.JBEAP-14694 | Server | Add main-class to org.jboss.jandex module to simplify usage |
| Content from issues.jboss.org is not included.JBEAP-14959 | Transactions | JBTM-3017 - Provide a check to see if the last recovery scan "cleaned" the store. so that Fuse can verify the outcome of an XAResourceModule recovery scan |
| Content from issues.jboss.org is not included.JBEAP-14623 | Web (Undertow) | Requesting a session with an invalid character causes request to fail with "IllegalArgumentException: Illegal base64 character" [details] |
| Content from issues.jboss.org is not included.JBEAP-14993 | Web (Undertow) | UNDERTOW-1346 Make collection fields of DeploymentInfo modifiable |
| Content from issues.jboss.org is not included.JBEAP-14994 | Web (Undertow) | UNDERTOW-1347 Deep clone DeploymentInfo.principalVersusRolesMap |
| Content from issues.jboss.org is not included.JBEAP-14995 | Web (Undertow) | UNDERTOW-1353 Contention in ServletChain |
| Content from issues.jboss.org is not included.JBEAP-14996 | Web (Undertow) | UNDERTOW-1362 ConnectorStatisticsImpl does not handle max active requests correctly |
| Content from issues.jboss.org is not included.JBEAP-14901 | Web (Undertow) | ClassLoader leak in org.jboss.el.cache.FactoryFinderCache |
| Content from issues.jboss.org is not included.JBEAP-14757 | Web (Undertow) | TLDs under META-INF/resources inside the web-fragment jar is not loaded [details] |
| Content from issues.jboss.org is not included.JBEAP-13594 | Web (Undertow) | UNDERTOW-1220 - Handling HTTP/1.0 protocol |
| Content from issues.jboss.org is not included.JBEAP-13243 | Web Console | SSL context atrribute is not marked as required even though it is |
| Content from issues.jboss.org is not included.JBEAP-14416 | Web Console | In Management Console - Jboss domain controller deployment units under tab ServerGroup are showing as server not running even though they are. |
| Content from issues.jboss.org is not included.JBEAP-14460 | Web Services | LogicalMessageContext.get(MessageContext.HTTP_REQUEST_HEADERS) always returns null on client-side in JBoss EAP 7 |
| Content from issues.jboss.org is not included.JBEAP-14530 | mod_cluster | mod_cluster DefaultMCMPHandler should handle "Connection: close" response header and close a connection [details] |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.1.4-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.1.4-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 7.1 Patching And Upgrading Guide
Note that the following tested configurations are now deprecated in EAP 7.1 and may no longer be tested in EAP 7.2 and going forward:
Java Virtual Machine
- HP-UX
Operating Systems and Related Web Servers
- Windows Server 2008 and associated IIS web server
- Solaris 10 / 11 and associated web servers
- HP-UX
- RHEL 6 32 bit
Databases
- DB2 e9.7
- MySQL 5.5
- Microsoft SQL Server 2012
- PostgreSQL 9.3
- EDB 9.3
- Sybase 15
JMS Providers/Adapters
- WebSphere MQ 7.5
- Tibco EMS
LDAP Servers
- RHEL DS 9.1
- Windows AD 2008
Tested Frameworks
- JQuery *
- AngularJS *
Cloud
- Amazon EC2
- Microsoft Azure
Red Hat JBoss Enterprise Application Platform (EAP) 7 Supported Configurations
SBR
Category
Components
Tags
Article Type