JBoss Enterprise Application Platform 6.4 Update 22 Release Notes
In order to better meet customer expectations, micro releases for JBoss EAP 6 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This This content is not included.update includes all fixes and changes from This content is not included.JBoss EAP 6.4 Update 21 / Release Notes
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2018-10934 | jbossas | Cross-site scripting (XSS) in JBoss Management Console |
| CVE-2018-8034 | jbossas | host name verification missing in WebSocket client |
| CVE-2018-1000632 | jbossas | XML Injection in Class: Element. Methods: addElement, addAttribute which can impact the integrity of XML documents |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.1640047 | ConfigAdmin | EAP Management console does not display more than 100 profiles |
| This content is not included.1434141 | Domain Management | NullPointerException when removing configuration history |
| This content is not included.1691399 | EJB | Remote Naming EJB Invocation is not releasing EJBClientContext after close and leaking memory [details] |
| This content is not included.1648762 | EJB | Lock is not released when JTS is enabled and a timer is cancelled inside a transaction |
| This content is not included.1631775 | HornetQ | HORNETQ-1575 Fix new connection establishment after failure during failover |
| This content is not included.1694076 | HornetQ | HORNETQ-1578 Exceptions are swallowed, making it hard to diagnose issues |
| This content is not included.1611765 | JCA | Destroy managed connection on failed reconnect |
| This content is not included.1646860 | Localization | JBAS016012; Japanese log message is wrong on EAP 6.x |
| This content is not included.1688362 | RESTEasy | HORNETQ-1559 Page.write() should throw exception if file is closed |
| This content is not included.1539985 | Server | Deployment fails with "IllegalArgumentException: Empty module specification" when Dependencies is empty in a jars manifest [details] |
| This content is not included.1654454 | Server | WARN if system-property is already set and is being overridden |
| This content is not included.1675138 | Web Services | Code-Injection via JSONP-Injection in REST-Services |
| This content is not included.1619815 | Web Services | JDK 8 causes SOAP element order to change |
Note: This update should only be applied to installer or zip-based installations.
Note: This update requires JBoss EAP 6.4 Update 19 be applied prior to applying it. See this article for more information.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-6.4.22-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-6.4.22-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the This content is not included.JBoss EAP 6.4 Installation Guide