JBoss Enterprise Application Platform 7.1 Update 6 Release Notes
Updated
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
- Red Hat JBoss EAP 7.1 update 6 (7.1.6) is the last maintenance release for EAP 7.1
- JBoss EAP 7 Maintenance Schedule
- This content is not included.JBoss EAP 7 Update Downloads
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.1 Update 05
Download This content is not included.JBoss Enterprise Application Platform 7.1 Update 6
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2018-14719 | Server | jackson-databind: arbitrary code execution in blaze-ds-opt and blaze-ds-core classes |
| CVE-2018-14718 | Server | jackson-databind: arbitrary code execution in slf4j-ext class |
| CVE-2018-19362 | Server | jackson-databind: improper polymorphic deserialization in jboss-common-core class |
| CVE-2018-10934 | Web Console | Cross-site scripting (XSS) in JBoss Management Console |
| CVE-2018-19361 | Server | jackson-databind: improper polymorphic deserialization in openjpa class |
| CVE-2018-19360 | Server | jackson-databind: improper polymorphic deserialization in axis2-transport-jms class |
| CVE-2018-14642 | Web (Undertow) | Infoleak in some circumstances where Undertow can serve data from a random buffer |
| CVE-2018-1000632 | Server | XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-15652 | ActiveMQ | AMQ154003: Unable to reconnect org.apache.activemq.artemis.ra.inflow.ActiveMQActivationSpec(ra=org.apache.activemq.artemis.ra.ActiveMQResourceAdapter@3ca2957 destination=inQueue |
| Content from issues.jboss.org is not included.JBEAP-15516 | ActiveMQ | ARTEMIS-1874 - NPE in ActiveMQMessage.setObjectProperty |
| Content from issues.jboss.org is not included.JBEAP-15275 | ActiveMQ | ARTEMIS-2040 / ARTEMIS-1814 - Try Original Connector when Live and Backup are both restarted |
| Content from issues.jboss.org is not included.JBEAP-15276 | ActiveMQ | ARTEMIS-2041 - Client fail over fails when live shut down too soon |
| Content from issues.jboss.org is not included.JBEAP-15278 | ActiveMQ | ARTEMIS-2042 - Wrong classLoader used in hornetq RA Reconnect |
| Content from issues.jboss.org is not included.JBEAP-15456 | ActiveMQ | DB2 sending larger message (1MB) crashes the whole server |
| Content from issues.jboss.org is not included.JBEAP-16026 | ActiveMQ | Live's topology update may be ignored |
| Content from issues.jboss.org is not included.JBEAP-15901 | ActiveMQ | DB2 sending larger message (1MB) crashes the whole server |
| Content from issues.jboss.org is not included.JBEAP-15227 | ActiveMQ | Critical IO Error ... when starting Artemis with HA JDBC store |
| Content from issues.jboss.org is not included.JBEAP-15792 | Batch | JBERET-459: JBeret batches fail following timed out transactions [details] |
| Content from issues.jboss.org is not included.JBEAP-15441 | CDI / Weld | WeldResourceInjectionServices runs into NoSuchElementException when deploying multiple EJBs |
| Content from issues.jboss.org is not included.JBEAP-16490 | Clustering | JBEAP-15501 - Potential memory leak using infinispan EJB cache |
| Content from issues.jboss.org is not included.JBEAP-15508 | Clustering | UNDERTOW-1415 - Cross-context and session distributable blocked by DistributableSessionManager [details] |
| Content from issues.jboss.org is not included.JBEAP-15609 | EJB | Legacy EJB2 application is not able to invoke server side EJB2 application via RemoteHome interface [details] |
| Content from issues.jboss.org is not included.JBEAP-15859 | EJB | Lock is not released when JTS is enabled and a timer is cancelled inside a transaction |
| Content from issues.jboss.org is not included.JBEAP-15620 | EJB | NPE when trying to remove an EJB subsystem channel-creation-options resource [details] |
| Content from issues.jboss.org is not included.JBEAP-15752 | EJB | violation of call-by-value if a outbound connection is configured [details] |
| Content from issues.jboss.org is not included.JBEAP-15883 | Hibernate | HHH-10891 Exception at bootstrap when @Any is inside an @Embeddable object |
| Content from issues.jboss.org is not included.JBEAP-15366 | Hibernate | HHH-12958 NotFoundLogicalOneToOneTest fails on Oracle due to identifiers that are too long |
| Content from issues.jboss.org is not included.JBEAP-15940 | Hibernate | HHH-13126 Update README and migration notes to indicate changes in Java compatibility in 5.1 branch |
| Content from issues.jboss.org is not included.JBEAP-15376 | Hibernate | HHH-12374 HHH-12380 : Order inserts sorting code gives up too soon [details] |
| Content from issues.jboss.org is not included.JBEAP-15326 | Hibernate | HHH-12935: Constraint and AuxiliaryDatabaseObject export identifiers are not qualified by schema or catalog [details] |
| Content from issues.jboss.org is not included.JBEAP-15596 | Hibernate | HHH-6781/HHH-13011/HHH-12875/HHH-12882/HHH-12937 - Where clause filters ignored when loading collections This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-15271 | JCA | JBJCA-1382 - Destroy managed connection on failed reconnect |
| Content from issues.jboss.org is not included.JBEAP-15550 | JCA | JBJCA-1385 - EAP 7 / xa-datasource creates twice connections as much as max-pool-size [details] |
| Content from issues.jboss.org is not included.JBEAP-15524 | Logging | LOGMGR-203 - LogManager stops any logging output after changing "encoding" attribute to file-handler [details] |
| Content from issues.jboss.org is not included.JBEAP-15559 | Management | Booting a slave HC fails if the content repository entry for a rollout plan is not present [details] |
| Content from issues.jboss.org is not included.JBEAP-15537 | Maven Repository | Unavailable artifacts referenced in eap-runtime-artifacts-7.1.5.GA.pom BOM file |
| Content from issues.jboss.org is not included.JBEAP-12073 | Migration | jboss-server-migration help content improvements (UX) |
| Content from issues.jboss.org is not included.JBEAP-15434 | Modules | JAXP redirection fails on 8u161, also in embedded scenarios [details] |
| Content from issues.jboss.org is not included.JBEAP-16374 | RPM | yum groupupdate jboss-eap7 does not work correctly |
| Content from issues.jboss.org is not included.JBEAP-15893 | Security | AdvancedLdapLoginModule - skip roles search when rolesCtxDN is null |
| Content from issues.jboss.org is not included.JBEAP-15894 | Security | Referrals roles assignment for referral user does not work for AdvancedLdapLoginModule with Active Directory |
| Content from issues.jboss.org is not included.JBEAP-15547 | Security | HC cannot connect to DC after lost connect with error "WFLYCTL0332: Permission denied" [details] |
| Content from issues.jboss.org is not included.JBEAP-15838 | Security | PLINK-692 - Audience restriction check is too strict |
| Content from issues.jboss.org is not included.JBEAP-6730 | Security | PicketLinkAuthenticator returns null in sendChallenge method |
| Content from issues.jboss.org is not included.JBEAP-15168 | Security | constraint drive authentication method in undertow doesn't work with elytron |
| Content from issues.jboss.org is not included.JBEAP-15472 | Security | periodic-rotating-file-audit-log / size-rotating-file-audit-log configuration does not persist when file-audit-log is not defined in elytron subsystem [details] |
| Content from issues.jboss.org is not included.JBEAP-2125 | Security | ELY-386 - Unable to create HTTPS connection when some opnessl cipher suite with DHE are used |
| Content from issues.jboss.org is not included.JBEAP-2204 | Security | ELY-396 - Undertow HTTPS listener does not accept EXPORT40 and EXPORT56 cipher strings |
| Content from issues.jboss.org is not included.JBEAP-4114 | Security | ELY-715 / ELY-1547 - SPNEGO: missing negstat field in the first reply |
| Content from issues.jboss.org is not included.JBEAP-15261 | Server | "WFLYSRV0003: Could not index class ..." happens during application deployment when the packaged library contains module-info.class [details] |
| Content from issues.jboss.org is not included.JBEAP-15059 | Transactions | Transaction manager CMR wrongly handles commit of periodic recovery |
| Content from issues.jboss.org is not included.JBEAP-15950 | Web (Undertow) | PathResource.list() does not set the correct path on child resources |
| Content from issues.jboss.org is not included.JBEAP-15571 | Web (Undertow) | Getting Unable to find unambiguous method when Calling an Enum function from JSF page [details] |
| Content from issues.jboss.org is not included.JBEAP-15597 | Web (Undertow) | JSP optimize-scriplets causes compilation failure when string concatenation exists inside method arguments [details] |
| Content from issues.jboss.org is not included.JBEAP-15330 | Web (Undertow) | UNDERTOW-1231/UNDERTOW-1179 - Deadlock AbstractFramedChannel when notifyClosed and markStreamBroken are called related to Http2Channel [details] |
| Content from issues.jboss.org is not included.JBEAP-15564 | Web (Undertow) | UNDERTOW-1237 - MultipartParser doesn't properly handle multi-line headers [details] |
| Content from issues.jboss.org is not included.JBEAP-15134 | Web (Undertow) | UNDERTOW-1404 - Need Bad Request handling of AJP for UT000072 |
| Content from issues.jboss.org is not included.JBEAP-15698 | Web (Undertow) | UNDERTOW-1418 - ServletRegistrationImpl.addMapping processing time increases with servlet counts |
| Content from issues.jboss.org is not included.JBEAP-15921 | Web (Undertow) | UNDERTOW-1444 - Range headers do not seem to be handled correctly for files larger than 10 mb [details] |
| Content from issues.jboss.org is not included.JBEAP-15520 | Web (Undertow) | domain="undefined" in JSESSIONIDSSO [details] |
| Content from issues.jboss.org is not included.JBEAP-15290 | Web (Undertow) | taglib-location pointing to jar fails to deploy [details] |
| Content from issues.jboss.org is not included.JBEAP-15548 | Web (Undertow) | Uploading content from HAL in SSL doesn't work [details] |
| Content from issues.jboss.org is not included.JBEAP-16141 | Web Services | jbossws-common DOMUtils incorrectly assumes presence of DocumentBuilderFactory on all CLs |
| Content from issues.jboss.org is not included.JBEAP-15673 | Web Services | Apply CXF Fix managing closing of temp queues (CXF-7768) [details] |
| Content from issues.jboss.org is not included.JBEAP-15389 | Web Services | CXF-7832 - WrappedMessageContext containsKey not consistent with get/put [details] |
| Content from issues.jboss.org is not included.JBEAP-16013 | XTS | InboundBridge recovery aborts live transactions |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.1.6-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.1.6-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.1 Patching And Upgrading Guide
SBR
Category
Components
Article Type