JBoss Enterprise Application Platform 7.3 Update 5 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.3 Update 04
Download This content is not included.JBoss Enterprise Application Platform 7.3 Update 5
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2020-25640 | Generic JMS RA | wildfly: resource adapter logs plaintext JMS password at warning level on connection error |
| CVE-2020-25689 | Management | wildfly-core: memory leak in WildFly host-controller in domain mode while not able to reconnect to domain-controller |
| CVE-2020-25633 | REST | resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling |
| CVE-2020-13956 | Management | httpclient: apache-httpclient: incorrect handling of malformed authority component in request URIs |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-20386 | A-MQ7 | ARTEMIS-2915 - Temporary Queue Leak With OpenWire Request-Reply Clients |
| Content from issues.jboss.org is not included.JBEAP-20481 | ActiveMQ | ARTEMIS-2912 - Server start exception before activation can cause a zombie broker |
| Content from issues.jboss.org is not included.JBEAP-20507 | CDI / Weld | WFLY-14055 - Performance degradation for massive deployments in Weld subsystem |
| Content from issues.jboss.org is not included.JBEAP-20401 | Class Loading | Unable query logging of H2 database |
| Content from issues.jboss.org is not included.JBEAP-20396 | Clustering | Many SessionAttributeKey objects remain in org.infinispan.container.impl.DefaultDataContainer even after session invalidation or expiration |
| Content from issues.jboss.org is not included.JBEAP-20434 | EE | Unable to remove the default datasource binding from the ee subsystem |
| Content from issues.jboss.org is not included.JBEAP-20632 | EJB | WEJBHTTP-48 - Close the connection when authentication failed |
| Content from issues.jboss.org is not included.JBEAP-20583 | EJB | EJBCLIENT-349 ServiceURLs not constructed correctly when using EJB client 4 application with EAP 7 server [details] |
| Content from issues.jboss.org is not included.JBEAP-18321 | EJB | EJBCLIENT-356 - EJB client API blocks invocation until all configured connections are established/discovered [details] |
| Content from issues.jboss.org is not included.JBEAP-20340 | EJB | EJBCLIENT-386 - discovery.blacklist.timeout getBlacklist check is incorrect [details] |
| Content from issues.jboss.org is not included.JBEAP-20559 | EJB | EJBCLIENT-389 - DiscoveryEJBClientInterceptor does not prefer local node if available |
| Content from issues.jboss.org is not included.JBEAP-17663 | EJB | Improve EJB remote+https logging [details] |
| Content from issues.jboss.org is not included.JBEAP-20581 | EJB | Return hostname instead of IP address when generating default client mapping |
| Content from issues.jboss.org is not included.JBEAP-19511 | EJB | WEJBHTTP-47 - UT000065: SSL must be specified to connect to a https URL when using ejb over https |
| Content from issues.jboss.org is not included.JBEAP-20199 | EJB | WFLY-13871 - Fix suspend/resume behaviour for EJB client |
| Content from issues.jboss.org is not included.JBEAP-20367 | Hibernate | HHH-14257 - NullPointerException deploying persistence unit with a map collection indexed using an Embeddable with an association to the entity which owns the map [details] |
| Content from issues.jboss.org is not included.JBEAP-20154 | IO | WARN if user tries to set unrealistic io subsystem stack-size [details] |
| Content from issues.jboss.org is not included.JBEAP-19829 | JCA | Class loader leaks when JDBC driver as jar deployment is undeloyed |
| Content from issues.jboss.org is not included.JBEAP-19981 | JSF | JSF deployment failure due to UnsupportedOperationException when javax.faces.FACELETS_VIEW_MAPPINGS is defined |
| Content from issues.jboss.org is not included.JBEAP-19759 | JSF | NullPointerException due to JSFDependencyProcessor adding null ModuleIdentifer [details] |
| Content from issues.jboss.org is not included.JBEAP-20468 | Management | WFCORE-5181 - Expression properties with trailing whitespaces are resolved to a trimmed value |
| Content from issues.jboss.org is not included.JBEAP-20506 | Modules | MODULES-401 - Make ModuleLoader.installMBeanServer public |
| Content from issues.jboss.org is not included.JBEAP-20501 | Modules | MODULES-402 - Introduce utility method like |
| Content from issues.jboss.org is not included.JBEAP-20400 | REST | Memory leak caused by org.eclipse.yasson.internal.JsonBinding |
| Content from issues.jboss.org is not included.JBEAP-20404 | Remoting | XNIO-381 - IOException: Broken pipe errors when START_TLS is used |
| Content from issues.jboss.org is not included.JBEAP-20390 | Security | ELY-2026 - UnsupportedOperationException in SSLEngine using jdk 251+ |
| Content from issues.jboss.org is not included.JBEAP-20426 | Security | ELY-2031 - NullPointerException when using CachingSecurityRealm with SCRAM algorithms |
| Content from issues.jboss.org is not included.JBEAP-20425 | Security | ELY-2036 - DigestSaslServer doesn't return negotiated QOP and STRENGTH properties |
| Content from issues.jboss.org is not included.JBEAP-20131 | Security | Elytron is unable to use legacy realms in admin-only mode |
| Content from issues.jboss.org is not included.JBEAP-20313 | Security | WFLY-13924 - HTTP2 is not working with Oracle JDK8 u261 This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-20194 | Security | ELY-2023 - Elytron ClientCertAuthenticationMechanism does not work when using a web proxy |
| Content from issues.jboss.org is not included.JBEAP-20658 | Security | Password Vault does not work with JBoss EAP 7.3 CP4 [details] |
| Content from issues.jboss.org is not included.JBEAP-20309 | Transactions | JBTM-3361 - recovery for non-unique xids |
| Content from issues.jboss.org is not included.JBEAP-20664 | Web (Undertow) | UNDERTOW-1743 - Request attributes are lost when a client closes a connection while response is being written |
| Content from issues.jboss.org is not included.JBEAP-20633 | Web (Undertow) | UNDERTOW-1787 - Issues when undertow is setup behind apache proxy |
| Content from issues.jboss.org is not included.JBEAP-20391 | Web (Undertow) | UNDERTOW-1796 - Change the default value of the io.undertow.protocols.alpn.jdk8 to true |
| Content from issues.jboss.org is not included.JBEAP-20392 | Web (Undertow) | UNDERTOW-1800 - Change the order of the ALPN providers to prefer the JDK provider |
| Content from issues.jboss.org is not included.JBEAP-20663 | Web (Undertow) | UNDERTOW-1813 - Undertow i.u.s.h.r.PathResourceManager catches SecurityException |
| Content from issues.jboss.org is not included.JBEAP-19816 | Web (Undertow) | UNDERTOW-1745 - Undertow access-log does not work for HTTP/2 POST request on HTTP Upgrade based connection |
| Content from issues.jboss.org is not included.JBEAP-20289 | Web (Undertow) | UNDERTOW-1792 - ServletPrintWriter.println should use CRLF |
| Content from issues.jboss.org is not included.JBEAP-20362 | Web (Undertow) | UNDERTOW-1802 - Garbled characters happen when raw multibytes characters exist in POST request data with application/x-www-form-urlencoded content-type |
| Content from issues.jboss.org is not included.JBEAP-20407 | Web (Undertow) | UNDERTOW-1806 - HTTP/2 close behaviour is problematic on unclean close |
| Content from issues.jboss.org is not included.JBEAP-20398 | Web (Undertow) | UNDERTOW-1816 - HTTPS connection abruptly closed by HttpServerConnection |
| Content from issues.jboss.org is not included.JBEAP-20477 | Web Console | HAL-1714 - Patching tab is no longer displayed at domain mode [details] |
| Content from issues.jboss.org is not included.JBEAP-20592 | Web Console | HAL-1723 - Default connection url for Microsoft SQLServer on datasource creation wizard is old |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.3.5-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.3.5-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.3 Patching And Upgrading Guide
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
Category
Components
Article Type