JBoss Enterprise Application Platform 7.3 Update 8 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.3 Update 07
Download This content is not included.JBoss Enterprise Application Platform 7.3 Update 8
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2021-21409 | JMS | netty: Request smuggling via content-length header |
| CVE-2021-3536 | Web Console | XSS via admin console when creating roles in domain mode |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-21581 | REM3-377 - Use safeClose() in ClientServiceHandle.close() | |
| Content from issues.jboss.org is not included.JBEAP-21588 | ELY-2118 - Elytron tool command execution fails with java.lang.UnsupportedOperationException on AIX OS. | |
| Content from issues.jboss.org is not included.JBEAP-21805 | Batch | WFLY-14619 - Stop batch job execution from a different node |
| Content from issues.jboss.org is not included.JBEAP-21507 | Batch | ConcurrentModificationException in WildFlyJobXmlResolver |
| Content from issues.jboss.org is not included.JBEAP-21126 | Batch | JBERET-509 - Restart batch job execution from a different node |
| Content from issues.jboss.org is not included.JBEAP-21992 | Batch | WFLY-14275 - Large job repository is blocking deployment |
| Content from issues.jboss.org is not included.JBEAP-19856 | CDI / Weld | WFLY-14546 - NameNotFoundException: java:comp/TransactionSynchronizationRegistry when firing and observing CDI events asynchronously |
| Content from issues.jboss.org is not included.JBEAP-20264 | Clustering | ISPN-12787 - Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation [details] |
| Content from issues.jboss.org is not included.JBEAP-21391 | EJB | WEJBHTTP-57 - Use error code and initCause of XAException |
| Content from issues.jboss.org is not included.JBEAP-21418 | EJB | WEJBHTTP-58 - Wildfly Http Client HttpServerHelper should log initial exception |
| Content from issues.jboss.org is not included.JBEAP-21307 | EJB | WFLY-14690 - CLI ...service=timer-service/timer=* throws NullPointerException |
| Content from issues.jboss.org is not included.JBEAP-21399 | Hibernate | HHH-14537 - EntityNotFoundException thrown when non-existing association with @NotFound(IGNORE) mapped has proxy in PersistenceContext [details] |
| Content from issues.jboss.org is not included.JBEAP-20962 | JCA | WFLY-14388 - Resource adapters subsystem does not accept expression for transaction-support attribute |
| Content from issues.jboss.org is not included.JBEAP-20963 | JCA | WFLY-14389 - Resource adapters subsystem does not accept expression for security-application attribute |
| Content from issues.jboss.org is not included.JBEAP-21392 | JCA | JBJCA-1410 - Fix performance regression in Ironjacamar JCA. |
| Content from issues.jboss.org is not included.JBEAP-21012 | JCA | JBJCA-1422 - MaxWaitCount will be counted one less than waiting requests |
| Content from issues.jboss.org is not included.JBEAP-21563 | JCA | JBJCA-1423 - Pool prefill setting silently ignored for multi-user pool configurations This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-21830 | JCA | JBJCA-1425 - Datasource clearStatistics operation clears things it shouldn't |
| Content from issues.jboss.org is not included.JBEAP-21400 | JMX | Invocations of ServiceMBeanSupport startService are not in dependency order |
| Content from issues.jboss.org is not included.JBEAP-21498 | JSF | Caching of managed beans in WebInjectionContainer can cause memory leaks in distributed JSF applications following session timeout |
| Content from issues.jboss.org is not included.JBEAP-21744 | MP Metrics | Undefined metrics when RBAC enabled floods log with errors |
| Content from issues.jboss.org is not included.JBEAP-21845 | Management | WFCORE-5368 - Populating the boot error collector does not distinguish between problems that happen as part of boot vs those that happen during boot [details] |
| Content from issues.jboss.org is not included.JBEAP-18322 | Remoting | EJBCLIENT-347 / REM3-350 - Remoting outbound channels are not closed |
| Content from issues.jboss.org is not included.JBEAP-21377 | Security | ELY-2111 - JwkManager uses incorrect non url-safe Base64 to load the jwks endpoint |
| Content from issues.jboss.org is not included.JBEAP-21737 | Security | ELYWEB-133 - SecurityContextImpl.login incorrectly assumes authenticate would be called first. |
| Content from issues.jboss.org is not included.JBEAP-20503 | Security | WFCORE-5185 - Update ProviderDefinition to use optimised service loading API |
| Content from issues.jboss.org is not included.JBEAP-21191 | Transactions | WFLY-14762 - Concurrency issue with "ISPN000482: Cannot create remote transaction GlobalTx:xx:xx, already completed" |
| Content from issues.jboss.org is not included.JBEAP-20907 | Undertow | UNDERTOW-1837 - ServletRequest#getLocalPort(), getLocalAddr() and getLocalName() can return wrong information when proxy-address-forwarding="true" is enabled |
| Content from issues.jboss.org is not included.JBEAP-21190 | Undertow | UNDERTOW-1864 - EAP returns 403 even after adding the welcome file to unmanaged exploded deploy |
| Content from issues.jboss.org is not included.JBEAP-21589 | Undertow | UNDERTOW-1886 - Undertow ignores two-dot segments in relative path URI when its canonicalized path is outside servlet context |
| Content from issues.jboss.org is not included.JBEAP-21565 | Web Console | HAL-1742 / HAL-1749 - Messaging default server is not shown after changing the server profile |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.3.8-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.3.8-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.3 Patching And Upgrading Guide
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
Category
Components
Article Type