JBoss Enterprise Application Platform 7.1 Update 5 Release Notes
Updated
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.1 Update 04
Download This content is not included.JBoss Enterprise Application Platform 7.1 Update 5
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2018-14627 | Server | iiop does not honour strict transport confidentiality |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-5842 | ActiveMQ | AMQ224000: Failure in initialisation: java.lang.NullPointerException |
| Content from issues.jboss.org is not included.JBEAP-15133 | ActiveMQ | ENTMQBR-1832 - too many open files leak when paging replication catch up |
| Content from issues.jboss.org is not included.JBEAP-15365 | ActiveMQ | Out of order journal files after compacting may lead to transaction loss |
| Content from issues.jboss.org is not included.JBEAP-14248 | ActiveMQ | Large messages are not delete if spring MessageTemplate.sendAndReceive method timeout |
| Content from issues.jboss.org is not included.JBEAP-15074 | CDI / Weld | EAP unable to work with JSF 1.2 |
| Content from issues.jboss.org is not included.JBEAP-15308 | Clustering | Server stop blocked by DistributableSessionManager after invalidation during async request |
| Content from issues.jboss.org is not included.JBEAP-15091 | Clustering | Server stop indefinitely blocked by DistributableSessionManager in lifecycleLock.writeLockInterruptibly() |
| Content from issues.jboss.org is not included.JBEAP-14969 | EJB | Unsecured EJB causes "Multiple security domains" exception |
| Content from issues.jboss.org is not included.JBEAP-14418 | EJB | Server should verify EJB business methods during deployment and log a warning |
| Content from issues.jboss.org is not included.JBEAP-13941 | Hibernate | HHH-10603 ORA-00932: inconsistent datatypes: expected - got BLOB after HHH-10345 with Oracle12cDialect |
| Content from issues.jboss.org is not included.JBEAP-15019 | Hibernate | HHH-12740 Subselect fetching doesn't work when multiLoad was used [details] |
| Content from issues.jboss.org is not included.JBEAP-15029 | Hibernate | HHH-3930: one-to-one causes redundant select query [details] |
| Content from issues.jboss.org is not included.JBEAP-14557 | JCA | resource adapter sometimes fails to start when it uses legacy security-domain |
| Content from issues.jboss.org is not included.JBEAP-13775 | JCA | set-tx-query-timeout does not work at all because ContextTransactionManager does not implement TransactionTimeoutConfiguration#getTimeLeftBeforeTransactionTimeout() [details] |
| Content from issues.jboss.org is not included.JBEAP-15063 | JSF | NullPointerException in ELFlash.get |
| Content from issues.jboss.org is not included.JBEAP-14214 | Logging | Logger.getEffectiveLevel() not working correctly |
| Content from issues.jboss.org is not included.JBEAP-15534 | Maven Repository | Bad version of wildfly core in jboss-server-migration-parent-1.0.7.Final-redhat-00001.pom |
| Content from issues.jboss.org is not included.JBEAP-14809 | Migration | Validation error in migration due to deprecated attributes in transaction subsystem [details] |
| Content from issues.jboss.org is not included.JBEAP-15110 | Modules | MODULES-374 - RedirectedUtils loadProvider WARN / debug if exception is thrown |
| Content from issues.jboss.org is not included.JBEAP-14887 | Modules | Unclear exception when specifying non-archive file as resource-root |
| Content from issues.jboss.org is not included.JBEAP-15263 | Remoting | Default constructor of non-Serializable parent POJO is not called in deserialization process |
| Content from issues.jboss.org is not included.JBEAP-14792 | Remoting | XNIO000017: Buffer was already freed |
| Content from issues.jboss.org is not included.JBEAP-10954 | Security | System property wildfly.config.url does not work with Windows path to local file without protocol |
| Content from issues.jboss.org is not included.JBEAP-14778 | Security | anonymous authentication for ejbs using legacy configuration - core part |
| Content from issues.jboss.org is not included.JBEAP-14929 | Security | The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml |
| Content from issues.jboss.org is not included.JBEAP-15316 | Security | (picketlink-bindings) The fix for CVE-2017-2582 breaks the feature of attribute replacement with system property in picketlink.xml |
| Content from issues.jboss.org is not included.JBEAP-15265 | Security | ELY-1510 - Bearer authentication sends 401 to unprotected resources when no auth in progress |
| Content from issues.jboss.org is not included.JBEAP-15004 | Security | No need to store CA cert redundantly for Elytron LDAP keystore |
| Content from issues.jboss.org is not included.JBEAP-15042 | Security | SAML2LogoutHandler should create logout request with nameid format |
| Content from issues.jboss.org is not included.JBEAP-15054 | Security | constraint drive authentication method in undertow doesn't work with elytron |
| Content from issues.jboss.org is not included.JBEAP-14973 | Security | org.jboss.security.Base64Encoder doesn't work for certain lengths (1026 or 3072 for example) |
| Content from issues.jboss.org is not included.JBEAP-15006 | Server | module with non existent dependency fails to load with no message [details] |
| Content from issues.jboss.org is not included.JBEAP-15028 | VFS | URL.getContent() returns VirtualFile instead of ImageProducer |
| Content from issues.jboss.org is not included.JBEAP-14605 | Web (Undertow) | degraded performance from ImportedClassELResolver [details] |
| Content from issues.jboss.org is not included.JBEAP-14978 | Web (Undertow) | IllegalMonitorStateException if session invalidated after redirect |
| Content from issues.jboss.org is not included.JBEAP-15250 | Web (Undertow) | Include jsp from a taglib throws exception if path not normalized |
| Content from issues.jboss.org is not included.JBEAP-13820 | Web (Undertow) | UNDERTOW-1319 - Partial use of scriptlet expression in jsp:include does not work |
| Content from issues.jboss.org is not included.JBEAP-14357 | Web (Undertow) | UNDERTOW-1325 - Servlet MultipartConfig attribute file-size-threshold not working |
| Content from issues.jboss.org is not included.JBEAP-15084 | Web (Undertow) | UNDERTOW-1372 - NPE in InMemorySessionManager |
| Content from issues.jboss.org is not included.JBEAP-15128 | Web (Undertow) | UNDERTOW-1385 - url-charset="UTF-8" didn't work in ajp-listener |
| Content from issues.jboss.org is not included.JBEAP-15183 | Web (Undertow) | UNDERTOW-1386 - multibytes language in URL request to ajp-listener are broken in EAP access log. |
| Content from issues.jboss.org is not included.JBEAP-15257 | Web (Undertow) | UNDERTOW-1399 - multibytes language in URL query part of request to ajp-listener is broken |
| Content from issues.jboss.org is not included.JBEAP-15264 | Web (Undertow) | UNDERTOW-1401 - Issues accessing JNLP application in Internet Explorer due to missing mime-type. |
| Content from issues.jboss.org is not included.JBEAP-14686 | Web Services | Testsuite for jbossws-cxf branch 5.1.x is broken |
| Content from issues.jboss.org is not included.JBEAP-15169 | Web Services | Cannot register web service, fails with NullPointerException in DelegateClassLoader |
| Content from issues.jboss.org is not included.JBEAP-15236 | Web Services | TCCL not set for JBoss WS deployment |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.1.5-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.1.5-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.1 Patching And Upgrading Guide
Note that the following tested configurations are now deprecated in EAP 7.1 and may no longer be tested in EAP 7.2 and going forward:
Java Virtual Machine
- HP-UX
Operating Systems and Related Web Servers
- Windows Server 2008 and associated IIS web server
- Solaris 10 / 11 and associated web servers
- HP-UX
- RHEL 6 32 bit
Databases
- DB2 e9.7
- MySQL 5.5
- Microsoft SQL Server 2012
- PostgreSQL 9.3
- EDB 9.3
- Sybase 15
JMS Providers/Adapters
- WebSphere MQ 7.5
- Tibco EMS
LDAP Servers
- RHEL DS 9.1
- Windows AD 2008
Tested Frameworks
- JQuery *
- AngularJS *
Cloud
- Amazon EC2
- Microsoft Azure
JBoss EAP 7 Maintenance Schedule
Red Hat JBoss Enterprise Application Platform (EAP) 7 Supported Configurations
SBR
Category
Components
Article Type