JBoss Enterprise Application Platform 7.2 Update 2 Release Notes
Updated
Important: This update is not the latest cumulative patch, it is recommended to apply the latest update, see these links for the latest:
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule, targeting a new release every 6 weeks.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.2 Update 01
Download This content is not included.JBoss Enterprise Application Platform 7.2 Update 2
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2019-3888 | Web (Undertow) | leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed |
| CVE-2019-3873 | Security | URL injection via xinclude parameter |
| CVE-2019-3872 | Server | reflected XSS in SAMLRequest via RelayState parameter |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-16619 | CDI / Weld | org.infinispan.commons.marshall.NotSerializableException: org.jboss.weld.bean.proxy.PrivateMethodHandler |
| Content from issues.jboss.org is not included.JBEAP-15853 | Class Loading | WFCORE-4265 - Latest DB2 11.1 JDBC driver requires additional IBM JDK system dependency |
| Content from issues.jboss.org is not included.JBEAP-15665 | Clustering | JGRP-2302 - Default ASYM_ENCRYPT asym_keylength is considered breakable |
| Content from issues.jboss.org is not included.JBEAP-16585 | Clustering | WFLY-11884 - Mutations following HttpSession.setAttribute(...) lost on failover when using ATTRIBUTE granularity distributed web session with a non-transactional cache |
| Content from issues.jboss.org is not included.JBEAP-16584 | Clustering | WFLY-11882 - Mutable getAttribute(...) and setAttribute(...) combination triggers redundant cache operation when using ATTRIBUTE granularity distributed web sessions with a transactional cache |
| Content from issues.jboss.org is not included.JBEAP-16810 | Clustering | WFLY-12022 - Concurrent singleton service installation can cause service to run simultaneously on 2 members. |
| Content from issues.jboss.org is not included.JBEAP-16390 | EJB | EJBCLIENT-319 - Update affinities on return in NamingEJBClientInterceptor |
| Content from issues.jboss.org is not included.JBEAP-16057 | EJB | WFLY-11489 - SFSB not sticky on a single cluster node when clustering of the bean is disabled [details] |
| Content from issues.jboss.org is not included.JBEAP-16341 | EJB | WFLY-11682 - Clustered SLSB membership anomalies when all cluster members removed |
| Content from issues.jboss.org is not included.JBEAP-16891 | EJB | WFLY-12064 - SFSBs left in invalid/inconsistent state if @PrePassivate throws an exception/error. |
| Content from issues.jboss.org is not included.JBEAP-16716 | EJB | WFDISC-34 - Add ability to perform a service discovery with timeout |
| Content from issues.jboss.org is not included.JBEAP-16699 | EJB | WEJBHTTP-24 - Cannot invoke EJB over HTTP on JDK 11 |
| Content from issues.jboss.org is not included.JBEAP-15737 | EJB | WFLY-10150 - EJB race condition can cause client to be in awaitResponse while server is done |
| Content from issues.jboss.org is not included.JBEAP-16509 | EJB | EJB Client side heartbeat settings not working |
| Content from issues.jboss.org is not included.JBEAP-16545 | EJB | EJBCLIENT-324 - Phantom NoSuchEJBExceptions |
| Content from issues.jboss.org is not included.JBEAP-16690 | EJB | REM3-331 - Configure the hearbeat timeout by default for auto created remote EJB client connections [details] |
| Content from issues.jboss.org is not included.JBEAP-16601 | EJB | SFSB expiration can fail |
| Content from issues.jboss.org is not included.JBEAP-12237 | EJB | Too Many Dependencies Error occurs while deploying a large number of SLSBs to EAP 7 |
| Content from issues.jboss.org is not included.JBEAP-16391 | EJB | WEJBHTTP-23 - EJB contextData not sent back to client in response when using EJB over HTTP |
| Content from issues.jboss.org is not included.JBEAP-16543 | EJB | WFLY-11819 - max-allowed-connected-nodes element in jboss-ejb-client.xml not used |
| Content from issues.jboss.org is not included.JBEAP-16550 | EJB | WFLY-11848 - EJB WFLYEJB0473: JNDI bindings for ... ejb: is not correct when there is not an appName [details] |
| Content from issues.jboss.org is not included.JBEAP-16573 | EJB | WFLY-11866 - Cannot get exception as pass-by-reference [details] |
| Content from issues.jboss.org is not included.JBEAP-16576 | EJB | WFLY-11870 - abstract classes with @EJB annotation included in libraries will cause deployment failures [details] |
| Content from issues.jboss.org is not included.JBEAP-16703 | EJB | WFLY-11970 - SFSB memory leak due to Date() usage |
| Content from issues.jboss.org is not included.JBEAP-11207 | EJB | Setting wrong protocol in EJB client results in client freezeup |
| Content from issues.jboss.org is not included.JBEAP-16422 | Hibernate | HHH-12939 Database name not quoted at schema update |
| Content from issues.jboss.org is not included.JBEAP-16456 | Hibernate | HHH-13277 - HibernateMethodLookupDispatcher - Issue with Security Manager |
| Content from issues.jboss.org is not included.JBEAP-16771 | Hibernate | HHH-13300 Query.getSingleResult() throws org.hibernate.NonUniqueResultException instead of javax.persistence.NonUniqueResultException |
| Content from issues.jboss.org is not included.JBEAP-16645 | Hibernate | HHH-13326 Transaction passed to Hibernate Interceptor methods is null when JTA is used |
| Content from issues.jboss.org is not included.JBEAP-16638 | Hibernate | HHH-13343 Bytecode enhancement using ByteBuddy fails when the class is not available from the provided ClassLoader |
| Content from issues.jboss.org is not included.JBEAP-16781 | Hibernate | HHH-13376 Upgrade Javassist dependency to 3.23.2-GA |
| Content from issues.jboss.org is not included.JBEAP-16315 | Hibernate | HHH-13241 / HHH-13138 - Constraint violation when deleting entites in bi-directional, lazy OneToMany association with bytecode enhancement |
| Content from issues.jboss.org is not included.JBEAP-16478 | Hibernate | HHH-13266 - LocalDateTime values are wrong around 1900 This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-16730 | Hibernate | HHH-13364: Query.getSingleResult and getResultList() throw PessimisticLockException when pessimistic lock fails with timeout [details] |
| Content from issues.jboss.org is not included.JBEAP-16583 | IIOP | WFLY-11784 (WF Core part) - app classloader leaked by IIOP WorkCacheManager cache |
| Content from issues.jboss.org is not included.JBEAP-16465 | IIOP | WFLY-11784 (WF part) - app classloader leaked by IIOP WorkCacheManager cache |
| Content from issues.jboss.org is not included.JBEAP-16472 | IIOP | WFLY-11971 - OpenJDK ORB IndexOutOfBoundsException when when the actionString does not contain any slash character |
| Content from issues.jboss.org is not included.JBEAP-16722 | JCA | JBJCA-1388 - Validator is created using rar ClassLoader as the TCCL |
| Content from issues.jboss.org is not included.JBEAP-16702 | JCA | WFLY-11974 - resource adapter configured as module not finding validation provider This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-16535 | JSF | WFLY-11869 - JSF Session / View Beans @Destroy not invoked after GC |
| Content from issues.jboss.org is not included.JBEAP-16450 | Localization | Typo in the ServerLogger for Japanese in WildFly Core |
| Content from issues.jboss.org is not included.JBEAP-15120 | Management | WFCORE-3995 - Deployer or Maintainer RBAC role unable to write datasource credential after setting sensitive-classification credential requires-write=false [details] |
| Content from issues.jboss.org is not included.JBEAP-15755 | Management | WFCORE-4195 - CLI/Admin Console does not prompt for a reload after adding a new server-group to server-scoped-roles. |
| Content from issues.jboss.org is not included.JBEAP-16105 | Migration | WFLY-11584 - Legacy Web migrate op fails if a connector has scheme https and no SSL config |
| Content from issues.jboss.org is not included.JBEAP-16484 | Migration | CMTOOL-242 - Unable to migrate EAP 7.1 configuration using the Multi-JSF feature |
| Content from issues.jboss.org is not included.JBEAP-16679 | Modules | MODULES-375 - A NullPointerException is thrown when an artifact fails to be resolved |
| Content from issues.jboss.org is not included.JBEAP-16681 | Modules | MODULES-382 - Previous stack trace is lost when converting ModuleLoadException to error |
| Content from issues.jboss.org is not included.JBEAP-16631 | Modules | MODULES-387 - Expose a classLocation(module-name, class-name) via JMX |
| Content from issues.jboss.org is not included.JBEAP-16721 | Modules | WFCORE-4413 - Fix backward compatibility issues of javax.api & javax.sql.api modules |
| Content from issues.jboss.org is not included.JBEAP-16841 | OpenShift | [OCP 4.1] Tests using openshift.KUBE_PING are failing |
| Content from issues.jboss.org is not included.JBEAP-16427 | REST | RESTEASY-2148 - Add the ability to disable Filename encoding in Content-Disposition |
| Content from issues.jboss.org is not included.JBEAP-16542 | REST | RESTEASY-2157 - Resteasy is not able to load the proxy interface |
| Content from issues.jboss.org is not included.JBEAP-15396 | RPM | WFCORE-4129 - WFLYSRV0266: Server home is set to... info msg in domain for RPM installation |
| Content from issues.jboss.org is not included.JBEAP-16469 | Remoting | JBMAR-222 - JBoss Marshalling - Vector marshalling not serialized |
| Content from issues.jboss.org is not included.JBEAP-16669 | Remoting | REM3-330 - Log wildfly-config.xml parsing issue at WARN |
| Content from issues.jboss.org is not included.JBEAP-16566 | Remoting | XNIO-336 - Socket accept error should log at ERROR level before closing the channel [details] |
| Content from issues.jboss.org is not included.JBEAP-16410 | Scripts | Windows service install script assumes incorrect prunsrv.exe location |
| Content from issues.jboss.org is not included.JBEAP-16740 | Security | PicketLink : Change use of HTTP download locations to HTTPS |
| Content from issues.jboss.org is not included.JBEAP-16741 | Security | PicketLink bindings: Change use of HTTP download locations to HTTPS |
| Content from issues.jboss.org is not included.JBEAP-16526 | Security Manager | WFCORE-4374 - security-manager minimum-set for MBeanServerPermission createMBeanServer not working but permissions.xml does [details] |
| Content from issues.jboss.org is not included.JBEAP-16816 | Server | WFCORE-4390 - Introduce COMPONENT_JNDI_DEPENDENCIES attachment key |
| Content from issues.jboss.org is not included.JBEAP-15939 | Server | WFCORE-4239 - WARN if system-property is already set and is being overridden |
| Content from issues.jboss.org is not included.JBEAP-16522 | Server | WFCORE-4373 - org.jboss.log4j.logmanager module requires java.sql module |
| Content from issues.jboss.org is not included.JBEAP-16624 | VFS | JDK 11 Multi-Release jars - Classes for newer versions are not loaded and VFSResourceLoader doesn't take into account the Multi-Release manifest attribute value [details] |
| Content from issues.jboss.org is not included.JBEAP-16644 | Web (Undertow) | UNDERTOW-1504 - Move UNDERTOW-1159 configuration property of DeploymentInfo |
| Content from issues.jboss.org is not included.JBEAP-16395 | Web (Undertow) | Internal Server Error (500) when using directory-listing in FileHandler |
| Content from issues.jboss.org is not included.JBEAP-16777 | Web (Undertow) | UNDERTOW-1504 - Move UNDERTOW-1159 configuration property of DeploymentInfo |
| Content from issues.jboss.org is not included.JBEAP-16496 | Web Console | HAL-1570 - Do not automatically set datasource-class at datasource wizard [details] |
| Content from issues.jboss.org is not included.JBEAP-16534 | Web Console | HAL-1572 - Console fails to display datasources correctly when a datasource has a property substitution |
| Content from issues.jboss.org is not included.JBEAP-16719 | Web Console | HAL-1583 - Management Console says to close the tab to logout, but closing the browser is needed |
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.2.2-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.2.2-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.2 Patching And Upgrading Guide
SBR
Category
Components
Article Type