JBoss Enterprise Application Platform 7.3 Update 3 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.3 Update 02
Download This content is not included.JBoss Enterprise Application Platform 7.3 Update 3
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2020-1954 | Web Services | cxf: JMX integration is vulnerable to a MITM attack |
| CVE-2020-14338 | XML Frameworks | xercesimpl: XML validation manipulation due to incomplete application of use-grammar-pool-only in xercesImpl |
| CVE-2020-14299 | Management | picketbox: JBoss EAP reload to admin-only mode allows authentication bypass |
| CVE-2020-14340 | Remoting | xnio: file descriptor leak caused by growing amounts of NIO Selector file handles may lead to DoS |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-19722 | SIGSEGV in libaio when running RHEL 7.8 | |
| Content from issues.jboss.org is not included.JBEAP-19153 | ActiveMQ | ENTMQBR-3434 - Can not close underlying artemis connection when using an SSL connection factory |
| Content from issues.jboss.org is not included.JBEAP-20087 | CDI / Weld | WFLY-13147 - Deployment slowdown after WFLY upgrade (DeploymentArchive handling) |
| Content from issues.jboss.org is not included.JBEAP-19576 | Clustering | JBDC_PING has a possibility not to discover other members and create singleton clusters (split-brain issue) when restarting a coordinator node [details] |
| Content from issues.jboss.org is not included.JBEAP-19958 | EE | ee global-modules should not allow duplicates |
| Content from issues.jboss.org is not included.JBEAP-19688 | EJB | jndi-view doen't show values for EJB in java:jboss/exported |
| Content from issues.jboss.org is not included.JBEAP-20063 | EJB | Deployment is not failing as expected and according to the specification if a @Singleton @Startup @PostConstruct initialization failed |
| Content from issues.jboss.org is not included.JBEAP-20065 | EJB | Error deploying EJB in WildFly when using @EJB [details] |
| Content from issues.jboss.org is not included.JBEAP-19870 | EJB | WFCORE-5037 - EJB Stats MBeans do not return method stats via JMX, but does via CLI |
| Content from issues.jboss.org is not included.JBEAP-19702 | EJB | WFLY-13132 - (ejb-client) Expose remoting connection associated with a ClusterTopologyListener |
| Content from issues.jboss.org is not included.JBEAP-19447 | EJB | WFLY-13515 - Application does not fail when @Singleton @PostConstruct throws exception |
| Content from issues.jboss.org is not included.JBEAP-20007 | EJB | WFLY-13651 - EJB Stats MBeans do not return method stats via JMX, but does via CLI |
| Content from issues.jboss.org is not included.JBEAP-19906 | Hibernate | HHH-12268 - LazyInitializationException thrown from lazy collection when batch fetching enabled and owning entity refreshed with lock This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-19995 | Hibernate | HHH-13110 - @PreUpdate method on a Embeddable null on the parent caused NullPointerException [details] |
| Content from issues.jboss.org is not included.JBEAP-19508 | Hibernate | HHH-13936: No auto transaction joining from SessionImpl.doFlush [details] |
| Content from issues.jboss.org is not included.JBEAP-20031 | JDR | JDR zip directories are files on Windows |
| Content from issues.jboss.org is not included.JBEAP-20196 | JMS | Artemis AIO native library loading is broken |
| Content from issues.jboss.org is not included.JBEAP-18689 | JMX | TCCL not set to application classloader when MBean Notification is invoked |
| Content from issues.jboss.org is not included.JBEAP-20205 | JMX | NPE in ModelControllerMBeanHelper |
| Content from issues.jboss.org is not included.JBEAP-18803 | JPA / Hibernate | Datasource resolution fails for application layer alias when using Hibernate bytecode enhancement [details] |
| Content from issues.jboss.org is not included.JBEAP-19161 | JSF | JSF trying to load DTD over the network [details] |
| Content from issues.jboss.org is not included.JBEAP-19764 | Logging | LOGMGR-279 - The configuration API removes handler references before the handler is removed from a logger/handler |
| Content from issues.jboss.org is not included.JBEAP-19747 | Logging | LOGMGR-276 - NPE is triggered if an previous error occur in rollOver [details] |
| Content from issues.jboss.org is not included.JBEAP-19670 | Logging | Log files truncated when jboss.as.management.blocking.timeout error happens on startup |
| Content from issues.jboss.org is not included.JBEAP-19588 | MP Fault Tolerance | MP FT: Incorrect delay compare in RetryConfig validate method |
| Content from issues.jboss.org is not included.JBEAP-19826 | MP Metrics | Exception while exporting metrics during WildFly initialization |
| Content from issues.jboss.org is not included.JBEAP-19599 | MP OpenAPI | Smallrye OpenAPI annotation scanner throws StackOverflowError when processing JAX-RS resource classes which implement a locator that will return the class itself |
| Content from issues.jboss.org is not included.JBEAP-19661 | MP OpenAPI | Smallrye OpenAPI throws java.lang.NullPointerException because of null parameter schema |
| Content from issues.jboss.org is not included.JBEAP-19600 | MP OpenAPI | Smallrye OpenAPI throws java.lang.NullPointerException when processing JAX-RS resources which define methods accepting a SortedSet type parameter |
| Content from issues.jboss.org is not included.JBEAP-19957 | MP REST Client | Rest-client can't be used without opentracing subsystem present in config |
| Content from issues.jboss.org is not included.JBEAP-19531 | Management | WFCORE-4976 - Where ModelControllerClient is initialised in process with CBH AuthenticationConfiguration takes priority. |
| Content from issues.jboss.org is not included.JBEAP-19915 | Management | WFCORE-5029 - server group deployment resource doesn't include correct "mananged" value |
| Content from issues.jboss.org is not included.JBEAP-19808 | Management | WFCORE-5028 - Client with credentials defined in wildfly-config still prompts the user to provide them |
| Content from issues.jboss.org is not included.JBEAP-19768 | Management | HAL-1688 - Unmanaged deploys in a domain show as "managed" under server-groups |
| Content from issues.jboss.org is not included.JBEAP-19526 | Migration | CMTOOL-276 - Symbolic links in the path to configuration files, such as is in the RPM installation, cause the migration tool to fail |
| Content from issues.jboss.org is not included.JBEAP-19596 | Migration | CMTOOL-277 - Migration from EAP 6.4 Update 22 to EAP 7.3 create a misspelled 'Application Realm' |
| Content from issues.jboss.org is not included.JBEAP-19615 | Security | ELY-1968 - Update error message returned by AcmeClientSpi#getLocation |
| Content from issues.jboss.org is not included.JBEAP-19984 | Security | Incorrect use of KeyManagerFactory.getDefaultAlgorithm instead of TrustManagerFactory |
| Content from issues.jboss.org is not included.JBEAP-20014 | Security | Thread stuck at future.get when using picketlink |
| Content from issues.jboss.org is not included.JBEAP-19813 | Server | Annotation processing error sun.reflect.annotation.TypeNotPresentExceptionProxy does not indicate issue [details] |
| Content from issues.jboss.org is not included.JBEAP-19520 | Server | JBINV-9 - Illegal reflective access by org.jboss.invocation.proxy.AbstractProxyFactory |
| Content from issues.jboss.org is not included.JBEAP-19626 | Transactions | JBERET-471 - Skip items causing Transaction cannot proceed: STATUS_MARKED_ROLLBACK [details] |
| Content from issues.jboss.org is not included.JBEAP-19690 | Transactions | JBTM-3337 - IllegalArgumentException: key can't be empty from jbossts-properties.xml |
| Content from issues.jboss.org is not included.JBEAP-20033 | Transactions | WFTC-86 - Transactions containing remote enlistments may be accumulated in memory for long time [details] |
| Content from issues.jboss.org is not included.JBEAP-19988 | Web (Undertow) | UNDERTOW-1755 - remove doubled definition of constants |
| Content from issues.jboss.org is not included.JBEAP-20008 | Web (Undertow) | UNDERTOW-1762 - Error page for custom exception-type is not displayed in jsp development mode |
| Content from issues.jboss.org is not included.JBEAP-19883 | Web Console | HAL-1698 - IE browser : Unable to add new server-group via management console |
| Content from issues.jboss.org is not included.JBEAP-17484 | Web Console | HAL-1702 - Remove the Patching tab from management console for an RPM installation [details] |
| Content from issues.jboss.org is not included.JBEAP-19753 | Web Console | Tab display does not switch in the Data Source Configuration screen in zh_Hans or ja locale [details] |
| Content from issues.jboss.org is not included.JBEAP-19485 | Web Services | CXF over JMS: Connections leak after broker connection recovery [details] |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.3.3-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.3.3-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.3 Patching And Upgrading Guide
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
Category
Components
Article Type