JBoss Enterprise Application Platform 6.4 Update 21 Release Notes
In order to better meet customer expectations, micro releases for JBoss EAP 6 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from This content is not included.JBoss EAP 6.4 Update 20 / Release Notes
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2018-10237 | jbossas | guava: Unbounded memory allocation in AtomicDoubleArray and CompoundOrdering classes allow remote attackers to cause a denial of service |
| CVE-2017-7536 | jbossas | hibernate-validator: Privilege escalation when running under the security manager |
| CVE-2018-1336 | jbossas | jbossweb: tomcat: A bug in the UTF-8 decoder can lead to DoS |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.1467848 | CLI | CLI to add a socket-binding fails first time |
| This content is not included.1599625 | Domain Management | Host controllers can not connect to domain after creating a rollout plan and restarting the master host controller [details] |
| This content is not included.1580986 | EJB | raise default timeouts in ejbclient: reconnect.tasks.timeout, version handshake [details] |
| This content is not included.1580975 | EJB | RemotingConnectionEJBReceiver initialModuleAvailabilityLatch timeout not configurable [details] |
| This content is not included.1603973 | HornetQ | HornetQ cannot failover with network disconnected |
| This content is not included.1613494 | HornetQ | Wrong classLoader used in hornetq RA Reconnect |
| This content is not included.1609964 | HornetQ | tearDown may interrupt wrong threads after failures |
| This content is not included.1610340 | HornetQ | HORNETQ-1571 Try Original Connector when Live and Backup are both restarted |
| This content is not included.1610342 | HornetQ | HORNETQ-1572 Client fail over fails when live shut down too soon |
| This content is not included.1612123 | JCA | MySQLValidConnectionChecker swallow a root cause of the exception |
| This content is not included.1613424 | JCA | JBJCA-1371 - Deadlock for threads executing org.jboss.jca.adapters.jdbc.xa.XAManagedConnectionFactory.isEqual [details] |
| This content is not included.1542685 | PicketLink | PicketLink - configure the signature algorithm for IDP and SP |
| This content is not included.1594389 | Security | The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml |
| This content is not included.1569958 | Security | Invalid Secret Key when using a vault and JDK 1.8.0_171 [details] |
| This content is not included.1580398 | Server | Upgrade to jackson-1.9.9-12 in EAP 6.4.20.CR1 breaks RHV [details] |
| This content is not included.1599851 | VFS | URL.getContent() returns VirtualFile instead of ImageProducer |
| This content is not included.1593129 | Web | loginmodule.logout() is not invoked when session replicated [details] |
| This content is not included.1600900 | XML Frameworks | StackOverflowError due to the bug XERCESJ-589 [details] |
| This content is not included.1622313 | XML Frameworks | XERCESJ-1456 - Regular expression is incorrectly handled in pattern facet |
Note: This update should only be applied to installer or zip-based installations.
Note: This update requires JBoss EAP 6.4 Update 19 be applied prior to applying it. See this article for more information.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-6.4.21-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-6.4.21-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 6.4 Installation Guide