JBoss Enterprise Application Platform 7.3 Update 4 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.3 Update 03
Download This content is not included.JBoss Enterprise Application Platform 7.3 Update 4
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2020-25644 | Security | wildfly-openssl: memory leak per HTTP session creation in WildFly OpenSSL - WFSSL-51 - Memory leak with mutual authentication and OpenSSL |
| CVE-2020-25638 | JPA / Hibernate | hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used |
| CVE-2020-25649 | REST | jackson-databind: FasterXML DOMDeserializer insecure entity expansion is vulnerable to XML external entity (XXE) |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-19933 | A-MQ RA | ENTMQBR-3692 / ARTEMIS-2848 - MDB Durable Subscriber error in AMQ 7 |
| Content from issues.jboss.org is not included.JBEAP-20134 | ActiveMQ | ENTMQBR-3817 - The createSession() method throws java.lang.NullPointerException |
| Content from issues.jboss.org is not included.JBEAP-19992 | ActiveMQ | Non-durable subscribers may stop receiving after failover |
| Content from issues.jboss.org is not included.JBEAP-20093 | BOM | org.jboss.bom:jboss-eap-jakartaee8 should list jackson-datatype-* [details] |
| Content from issues.jboss.org is not included.JBEAP-19556 | Batch | WFLY-11808 - Unable to do jndi lookup when starting batch job from web console |
| Content from issues.jboss.org is not included.JBEAP-19713 | Clustering | EAP cannot connect to a RHDG 8.1 cluster requiring authentication |
| Content from issues.jboss.org is not included.JBEAP-19999 | Clustering | Hibernate/JPA custom 2LC regions generate wrong service names when region names contain a dot. |
| Content from issues.jboss.org is not included.JBEAP-20101 | Clustering | SFSB expiration does not trigger activation listener prior to removal |
| Content from issues.jboss.org is not included.JBEAP-20102 | Clustering | SFSB passivated count does not decrement when a SFSB expires |
| Content from issues.jboss.org is not included.JBEAP-20277 | EJB | UNDERTOW-1782 - "Contains non-LDH ASCII" characters during remote EJB SSL call in IPV6 network |
| Content from issues.jboss.org is not included.JBEAP-19435 | EJB | WFTC registry records may not be removed during the OpenShift scale down processing when transaction recovery commits |
| Content from issues.jboss.org is not included.JBEAP-20118 | EJB | REM3-370 - ClientConnectionOpenListener can throw BufferOverflowException when sending sasl response |
| Content from issues.jboss.org is not included.JBEAP-20181 | Embedded | WFCORE-4922 - The embedded host and server handlers hang on start |
| Content from issues.jboss.org is not included.JBEAP-20179 | Embedded | WFCORE-5030 - EmbeddedServer can't interact with version <12 |
| Content from issues.jboss.org is not included.JBEAP-20238 | Hibernate | HV-1657 - Make the “propertyPath” available via the “HibernateMessageInterpolatorContext” |
| Content from issues.jboss.org is not included.JBEAP-20445 | JMS | Incorrect license entries for Artemis AIO native library |
| Content from issues.jboss.org is not included.JBEAP-19824 | JMS | ENTMQBR-3728 - ARTEMIS-2835 - Fix new connection establishment after failure during failover / Adding proper log message to SharedNothingLiveActivation.isNodeIdUsed |
| Content from issues.jboss.org is not included.JBEAP-20450 | MP Health | Follow up of JBEAP-19987 - Integrate server probes in MP Health readiness check |
| Content from issues.jboss.org is not included.JBEAP-19987 | MP Health | Integrate server probes in MP Health readiness check |
| Content from issues.jboss.org is not included.JBEAP-20411 | MP Health | MP Health returns UP when empty-readiness-checks-status=DOWN |
| Content from issues.jboss.org is not included.JBEAP-20329 | MP OpenTracing | TracerDynamicFeature provider is registered twice |
| Content from issues.jboss.org is not included.JBEAP-20146 | MP OpenTracing | Header response has changed and missing fields |
| Content from issues.jboss.org is not included.JBEAP-20322 | Management | WFCORE-4923 - read-resource operation does not resolve expressions recursively |
| Content from issues.jboss.org is not included.JBEAP-20128 | Management | WFCORE-5105 - ProtocolConnectionUtils may leak connection objects whose future takes too long to complete (partial fix) |
| Content from issues.jboss.org is not included.JBEAP-20145 | Management | WFCORE-5118 - Cannot get resources from ContextClassLoader with Server Lifecycle Events |
| Content from issues.jboss.org is not included.JBEAP-18795 | REST | @Valid annotation on parameter doesn't get picked up by subclass |
| Content from issues.jboss.org is not included.JBEAP-19187 | REST | RestEasy - java.lang.NoClassDefFoundError handling PATCH request |
| Content from issues.jboss.org is not included.JBEAP-20245 | Remoting | Cannot cast java.util.TreeMap to java.util.Date , if Collections.emptySortedMap(); and Date field name sorts after Map [details] |
| Content from issues.jboss.org is not included.JBEAP-20243 | Remoting | XNIO-380 - SSL connection with START_TLS where TLS is not started leaks direct buffers [details] |
| Content from issues.jboss.org is not included.JBEAP-20004 | Security | Identity is not propagated to EJB when using MicroProfile JWT |
| Content from issues.jboss.org is not included.JBEAP-20212 | Security | Identity is not propagated to EJB when using MicroProfile JWT |
| Content from issues.jboss.org is not included.JBEAP-20006 | Security | JACC not available without the legacy security subsystem |
| Content from issues.jboss.org is not included.JBEAP-17209 | Security | ELY-1851 - Elytron ldaps realm fails if a referral is returned inside a search |
| Content from issues.jboss.org is not included.JBEAP-18333 | Security | WFLY-12765 - Webservice deployment fails |
| Content from issues.jboss.org is not included.JBEAP-19990 | Server | WFCORE-5121 - Unable to add a new server in a server-group of older EAP 7 host controller that is managed by a newer EAP 7 Domain Controller [details] |
| Content from issues.jboss.org is not included.JBEAP-19893 | Transactions | Concurrent deployments containing CMRs may overwrite each others config |
| Content from issues.jboss.org is not included.JBEAP-19911 | Transactions | Undeployed CMR resource JNDI names are not deregisted as needing to be treated as CMR |
| Content from issues.jboss.org is not included.JBEAP-20178 | Web (Undertow) | plain text j_password appears in the legacy audit log |
| Content from issues.jboss.org is not included.JBEAP-19655 | Web (Undertow) | UNDERTOW-1722 - Memory leak involving request attributes |
| Content from issues.jboss.org is not included.JBEAP-20055 | Web (Undertow) | UNDERTOW-1763 - DefaultAccessLogReceiver may throw "IOException: Stream closed" or NullPointerException due to a concurrency issue on shutdown. |
| Content from issues.jboss.org is not included.JBEAP-20116 | Web (Undertow) | UNDERTOW-1773 - SessionListeners skips notification if a listener throws an exception |
| Content from issues.jboss.org is not included.JBEAP-20236 | Web (Undertow) | UNDERTOW-1788 - %r and %U in access log still output forwarded URL if forwarded URL is then dispatched to error page |
| Content from issues.jboss.org is not included.JBEAP-20356 | Web (Undertow) | WFLY-13976 - Undertow subsystem |
| Content from issues.jboss.org is not included.JBEAP-20284 | Web Console | HAL-1711 - ModclusterBalancerNodeColumn doesn't detect current path correctly |
| Content from issues.jboss.org is not included.JBEAP-19682 | Web Services | Bug in detecting the org.apache.cxf module |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.3.4-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.3.4-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.3 Patching And Upgrading Guide
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
Category
Components
Article Type