JBoss Enterprise Application Platform 7.3 Update 6 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.3 Update 05
Download This content is not included.JBoss Enterprise Application Platform 7.3 Update 6
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2021-20220 | Undertow | wildfly-undertow: undertow: Possible regression in fix for CVE-2020-10687 |
| CVE-2021-20250 | EJB | jboss-ejb-client: wildfly: Information disclosure due to publicly accessible privileged actions in JBoss EJB Client |
| CVE-2020-35510 | EJB | jboss-remoting: Threads hold up forever in the EJB server by suppressing the ack from an EJB client |
| CVE-2020-28052 | Management | bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible |
| CVE-2020-8908 | Server | guava: local information disclosure via temporary directory created with unsafe permissions |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-21017 | EJBCLIENT-400 Put all system properties being used into one location | |
| Content from issues.jboss.org is not included.JBEAP-20822 | WEJBHTTP-51 - Http Naming Client does not get root cause of failure of remote bind operation | |
| Content from issues.jboss.org is not included.JBEAP-20684 | WFGP-189 - Throw an exception instead of logging a warning when artifacts cannot be resolved in module.xml | |
| Content from issues.jboss.org is not included.JBEAP-20882 | WFNC-60 - Remote Naming Client does not check NamingException wrapped in the response on bind | |
| Content from issues.jboss.org is not included.JBEAP-21224 | XP 1.0.5 release | |
| Content from issues.jboss.org is not included.JBEAP-20874 | [JBTM-3407/JBTM-3406] InboundBridge should recover only local tx | |
| Content from issues.jboss.org is not included.JBEAP-20763 | ActiveMQ | ARTEMIS-3037 JournalImpl#checkKnownRecordID() implementation can leave a thread hanging in WAITING state |
| Content from issues.jboss.org is not included.JBEAP-20393 | ActiveMQ | ARTEMIS-2954 RA doesn't use the RA specified prefix when setting up a destination |
| Content from issues.jboss.org is not included.JBEAP-20801 | EJB | EJBCLIENT-396 EJB communication hangs after interrupts of long running ejb calls |
| Content from issues.jboss.org is not included.JBEAP-20912 | EJB | EJB timer not executed on Postgres due to timestamp comparison [details] |
| Content from issues.jboss.org is not included.JBEAP-20666 | EJB | EJBCLIENT-398 org.jboss.ejb.client.discovery.additional-node-timeout works only for the first invocation |
| Content from issues.jboss.org is not included.JBEAP-20872 | EJB | NullPointerException when ejb timers services fails during loading timer from database upon activation |
| Content from issues.jboss.org is not included.JBEAP-20759 | IO | WEJBHTTP-50 Sporadic (often but not always) unmarshalling errors when doing EJB-over-HTTP (HTTP2) with large payload |
| Content from issues.jboss.org is not included.JBEAP-20990 | JCA | Invoke Connection.beginRequest() / Connection.endRequest() to notify connection provider of use scope [details] |
| Content from issues.jboss.org is not included.JBEAP-20520 | JCA | JBJCA-1413: TxConnectionListener: Don't throw any exception if recordEnlist==false [details] |
| Content from issues.jboss.org is not included.JBEAP-20996 | JMS | ARTEMIS-3120 Artemis keeps logging XA recovery warnings |
| Content from issues.jboss.org is not included.JBEAP-20766 | Logging | LOGMGR-283 TCCL should be set to logging custom-handler module |
| Content from issues.jboss.org is not included.JBEAP-20878 | Naming | javax.naming.OperationNotSupportedException should be thrown when read-only remote naming operations failed |
| Content from issues.jboss.org is not included.JBEAP-19476 | Naming | Remote Naming bind / rebind / unbind / rename / createSubcontext / destroySubcontext does not throw exception back to client |
| Content from issues.jboss.org is not included.JBEAP-19879 | OpenShift | WFCORE-5216 EAP Pod fails to start when env JBOSS_MODULEPATH=${JBOSS_HOME}/modules:${HOME} is set |
| Content from issues.jboss.org is not included.JBEAP-20484 | Remoting | WFCORE-4516 - Documentation says server-identities expressions should resolve to Base64 values, but only resolving to plain text works. |
| Content from issues.jboss.org is not included.JBEAP-20374 | Security | Incoming RunAsPrincipal is not being propagated to an unsecured EJB |
| Content from issues.jboss.org is not included.JBEAP-20656 | Security | [ELY-1976] Elytron provider not being used with credential store and SASL authentication on the Client Side |
| Content from issues.jboss.org is not included.JBEAP-20676 | Server | WFCORE-5220 - IBM JDK jsse2 classes missing in ibm.jdk |
| Content from issues.jboss.org is not included.JBEAP-20448 | Server | WFCORE-5252 - Log WARN if wildfly.config.url is set on the server. |
| Content from issues.jboss.org is not included.JBEAP-20431 | Transactions | JBTM-3383 - Improve ARJUNA016009: Caught:: java.lang.NullPointerException log message [details] |
| Content from issues.jboss.org is not included.JBEAP-20722 | Undertow | UNDERTOW-1827 InMemorySessionManager must bump session timeout on requestStarted |
| Content from issues.jboss.org is not included.JBEAP-20706 | Undertow | UNDERTOW-1828 NullPointerException occurred if a servlet calls HttpServletRequest#getContextPath() while EAP was shutting down |
| Content from issues.jboss.org is not included.JBEAP-20551 | Web Console | HAL-1708 - runtime datasource TEST/FLUSH unavailble alternately on members of Server Group |
| Content from issues.jboss.org is not included.JBEAP-20495 | Web Console | HAL-1716 - HAL doesn't permit creation of working XA datasource |
| Content from issues.jboss.org is not included.JBEAP-20494 | Web Console | HAL-1715 - HAL creates datasource with incorrect default validation settings [details] |
| Content from issues.jboss.org is not included.JBEAP-20496 | Web Console | HAL-1717 - HAL Oracle XA datasource URL sample is anomalous |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.3.6-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.3.6-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.3 Patching And Upgrading Guide
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
Category
Components
Article Type