JBoss Enterprise Application Platform 7.4 Update 1 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
Download This content is not included.JBoss Enterprise Application Platform 7.4 Update 1
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2021-3642 | Server | wildfly-elytron: possible timing attack in ScramServer |
| CVE-2021-21409 | JMS | netty: Request smuggling via content-length header |
| CVE-2021-3597 | Undertow | undertow: HTTP2SourceChannel fails to write final frame under some circumstances may lead to DoS |
| CVE-2021-3536 | Web Console | wildfly: XSS via admin console when creating roles in domain mode |
| CVE-2020-13936 | Web Services | velocity: arbitrary code execution when attacker is able to modify templates |
| CVE-2021-3644 | Management | wildfly-core: Invalid Sensitivity Classification of Vault Expression |
| CVE-2021-28170 | EE | jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate |
| CVE-2021-3690 | Undertow | undertow: buffer leak on incoming websocket PONG message may lead to DoS |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-21302 | ActiveMQ | WFLY-10725 / ENTMQBR-3702 / ARTEMIS-2176 - Repeating WARN log message "Notified of connection failure" after every xa recovery when read-timeout is configure with a smaller value than default client-failure-check-period (30 seconds) |
| Content from issues.jboss.org is not included.JBEAP-22203 | Batch | JBERET-506 Support retrieving job executions by job name |
| Content from issues.jboss.org is not included.JBEAP-22172 | Batch | More efficient way of getting batch job executions by job name |
| Content from issues.jboss.org is not included.JBEAP-21442 | Batch | JBERET-508 - Restart batch job execution from a different node |
| Content from issues.jboss.org is not included.JBEAP-21993 | Batch | WFLY-14275 - Large job repository is blocking deployment |
| Content from issues.jboss.org is not included.JBEAP-21804 | Batch | WFLY-14619 - Stop batch job execution from a different node |
| Content from issues.jboss.org is not included.JBEAP-21772 | Batch | WFLY-14750 - Batch task not restarted after server resumed from suspended state |
| Content from issues.jboss.org is not included.JBEAP-21284 | CDI / Weld | WFLY-14546 - NameNotFoundException: java:comp/TransactionSynchronizationRegistry when firing and observing CDI events asynchronously |
| Content from issues.jboss.org is not included.JBEAP-21929 | Clustering | org.infinispan.client.hotrod module is missing a dependency on org.infinispan.protostream |
| Content from issues.jboss.org is not included.JBEAP-22065 | Clustering | Do not allow application to create a new session or change the identifier of a session after response is committed |
| Content from issues.jboss.org is not included.JBEAP-21276 | Clustering | ISPN-12787 - Non Transactional Cache needs to be invalidated after commit on JPQL update/delete operation |
| Content from issues.jboss.org is not included.JBEAP-21258 | Clustering | ISPN-12807 - Simple cache does not update eviction statistics |
| Content from issues.jboss.org is not included.JBEAP-22185 | Clustering | Session objects left in memory after non-coordinator member left a cluster |
| Content from issues.jboss.org is not included.JBEAP-21362 | Clustering | ISPN-12930 - Clustering: JDBC store using DB2 DB2 v11.1.1.1 doesn't work anymore |
| Content from issues.jboss.org is not included.JBEAP-21265 | EE | WFLY-14561 - Incorrect deserialization using getValue method |
| Content from issues.jboss.org is not included.JBEAP-22170 | EJB | Wrong error code in EjbLogger.connectorNotConfiguredForEJBClientInvocations compared to upstream |
| Content from issues.jboss.org is not included.JBEAP-21323 | EJB | CLI ...service=timer-service/timer=* throws NullPointerException |
| Content from issues.jboss.org is not included.JBEAP-21260 | EJB | WEJBHTTP-56 - UT000065: SSL must be specified to connect to a https URL when using ejb over https when 2nd --> 3rd remote ejb call |
| Content from issues.jboss.org is not included.JBEAP-21433 | EJB | WEJBHTTP-57 - Use error code and initCause of XAException |
| Content from issues.jboss.org is not included.JBEAP-21960 | EJB | WEJBHTTP-58 - Wildfly Http Client HttpServerHelper should log initial exception |
| Content from issues.jboss.org is not included.JBEAP-22011 | EJB | WEJBHTTP-59 - EJB over HTTP getting java.lang.ClassNotFoundException to Unchecked Exception |
| Content from issues.jboss.org is not included.JBEAP-22082 | EJB | WFTC-93 - When CancellationException is thrown, throw XaException.XAER_RMFAIL |
| Content from issues.jboss.org is not included.JBEAP-21275 | Hibernate | HHH-12320 HHH-12436 HHH-12842 HHH-13875 IdentifierGenerationException: null id generated for:class ... |
| Content from issues.jboss.org is not included.JBEAP-21419 | Hibernate | HHH-14537 EntityNotFoundException thrown when non-existing association with @NotFound(IGNORE) mapped has proxy in PersistenceContext |
| Content from issues.jboss.org is not included.JBEAP-22235 | Hibernate | HHH-14608 Merge causes StackOverflow when JPA proxy compliance is enabled [details] |
| Content from issues.jboss.org is not included.JBEAP-21975 | Hibernate | HHH-14616 Optimistic Lock throws "could not retrieve version" exception [details] |
| Content from issues.jboss.org is not included.JBEAP-21373 | JCA | JBJCA-1426 - OAUTH marshaling failure when connecting to Oracle database using Kerberos authentication |
| Content from issues.jboss.org is not included.JBEAP-22077 | JCA | JBJCA-1410 - Fix hook call failures in Ironjacamar JCA |
| Content from issues.jboss.org is not included.JBEAP-21432 | JCA | JBJCA-1410 - Fix performance regression in Ironjacamar JCA. |
| Content from issues.jboss.org is not included.JBEAP-21315 | JCA | JBJCA-1418 - IllegalStateException can be thrown when cached connection manager stack is initialized in Servlet and then used in txn EJB method |
| Content from issues.jboss.org is not included.JBEAP-21295 | JCA | JBJCA-1422 -MaxWaitCount will be counted one less than waiting requests |
| Content from issues.jboss.org is not included.JBEAP-21832 | JCA | JBJCA-1423 - Pool prefill setting silently ignored for multi-user pool configurations |
| Content from issues.jboss.org is not included.JBEAP-21838 | JCA | JBJCA-1425 - Datasource clearStatistics operation clears things it shouldn't |
| Content from issues.jboss.org is not included.JBEAP-22165 | JMS | JmsXA connection factory not binding to java:jboss/DefaultJMSConnectionFactory |
| Content from issues.jboss.org is not included.JBEAP-21431 | JMX | WFLY-14655 - Invocations of ServiceMBeanSupport startService are not in dependency order |
| Content from issues.jboss.org is not included.JBEAP-21575 | MP OpenTracing | Remove leftover dependencies of MP Opentracing from EAP |
| Content from issues.jboss.org is not included.JBEAP-21204 | Management | WFCORE-5334 - Deleting Configuration Data when Git connection is failed |
| Content from issues.jboss.org is not included.JBEAP-21482 | Management | WFCORE-5370 - Metrics Subsystem(s) are not honoring user's role |
| Content from issues.jboss.org is not included.JBEAP-22151 | Management | WFCORE-1934 - Make number of thread size for ServerService Thread Pool configurable [details] |
| Content from issues.jboss.org is not included.JBEAP-21839 | Management | WFCORE-5368 Populating the boot error collector does not distinguish between problems that happen as part of boot vs those that happen during boot [details] |
| Content from issues.jboss.org is not included.JBEAP-21002 | OpenShift | ISPN000280: Caught exception [java.lang.IllegalArgumentException] while invoking method [public java.util.concurrent.CompletionStage |
| Content from issues.jboss.org is not included.JBEAP-21230 | OpenShift | kubernetes.KUBE_PING can repeat WARN "failed getting JSON response from Kubernetes Client" |
| Content from issues.jboss.org is not included.JBEAP-22439 | OpenShift | Wrong environment variable S2I_FP_VERSION in 7.4.1.GA-CR1 OpenShift image |
| Content from issues.jboss.org is not included.JBEAP-21285 | Remoting | EJBCLIENT-347 / REM3-350 - Remoting outbound channels are not closed |
| Content from issues.jboss.org is not included.JBEAP-21580 | Remoting | REM3-377 - Use safeClose() in ClientServiceHandle.close() |
| Content from issues.jboss.org is not included.JBEAP-21999 | Scripts | "servicepass" is not correctly passed to the parameter to run prunsrv.exe in service.bat |
| Content from issues.jboss.org is not included.JBEAP-21989 | Scripts | EAP 7 cannot be installed as Windows Service if installation path contains a whitespace in service.bat |
| Content from issues.jboss.org is not included.JBEAP-21852 | Security | ELY-2120 - Avoid an NPE in ServerAuthenticationContext when the peer's IP address is not known |
| Content from issues.jboss.org is not included.JBEAP-21329 | Security | WFCORE-4827 - Errors Missing on Invalid Configuration |
| Content from issues.jboss.org is not included.JBEAP-21288 | Security | WFCORE-5272 - Setting jacc provider to Elytron throws exceptions |
| Content from issues.jboss.org is not included.JBEAP-21363 | Security | WFLY-14423 - Force restart when legacy security initialize-jacc setting is changed |
| Content from issues.jboss.org is not included.JBEAP-21378 | Security | ELY-2111 - JwkManager uses incorrect non url-safe Base64 to load the jwks endpoint |
| Content from issues.jboss.org is not included.JBEAP-21587 | Security | ELY-2118 - Elytron tool command execution fails with java.lang.UnsupportedOperationException on AIX OS. |
| Content from issues.jboss.org is not included.JBEAP-21738 | Security | ELYWEB-113 - SecurityContextImpl.login incorrectly assumes authenticate would be called first. |
| Content from issues.jboss.org is not included.JBEAP-21781 | Security | WFCORE-5185 - Update ProviderDefinition to use optimised service loading API |
| Content from issues.jboss.org is not included.JBEAP-22053 | Security | WFNAM00007 exception when group name contains a colon |
| Content from issues.jboss.org is not included.JBEAP-21957 | Security | WFCORE-5219 - OpenSSL tests should be running on JDK 11 |
| Content from issues.jboss.org is not included.JBEAP-20799 | Security Manager | WFCORE-5243 - NullPointerException when invalid |
| Content from issues.jboss.org is not included.JBEAP-21813 | Transactions | WFLY-14762 - Concurrency issue with "ISPN000482: Cannot create remote transaction GlobalTx:xx:xx, already completed" |
| Content from issues.jboss.org is not included.JBEAP-22033 | Undertow | Sessions do not expire in cluster after coordinator is killed |
| Content from issues.jboss.org is not included.JBEAP-21267 | Undertow | UNDERTOW-1837 - ServletRequest#getLocalPort(), getLocalAddr() and getLocalName() can return wrong information when proxy-address-forwarding="true" is enabled |
| Content from issues.jboss.org is not included.JBEAP-21269 | Undertow | UNDERTOW-1849 - NPE happens at StoredResponseStreamSinkConduit.terminateWrites when StoredResponseHandler (store-response) is enabled |
| Content from issues.jboss.org is not included.JBEAP-21266 | Undertow | UNDERTOW-1856 UNDERTOW-1858 - Undertow read-timeout can cause closing a connection for long running request even if the request processing is not reading any request data |
| Content from issues.jboss.org is not included.JBEAP-21440 | Undertow | UNDERTOW-1864 - EAP returns 403 even after adding the welcome file to unmanaged exploded deploy |
| Content from issues.jboss.org is not included.JBEAP-21387 | Undertow | UNDERTOW-1873 - JSP file does not recompile when forwarding a request path is not canonicalized in exploded deployment |
| Content from issues.jboss.org is not included.JBEAP-21749 | Undertow | UNDERTOW-1886 - Undertow ignores two-dot segments in relative path URI when its canonicalized path is outside servlet context |
| Content from issues.jboss.org is not included.JBEAP-22026 | Undertow | UNDERTOW-1898 - DefaultServlet will not serve content from any directories starting with WEB-INF or META-INF [details] |
| Content from issues.jboss.org is not included.JBEAP-21568 | Web Console | HAL-1742 - HAL-1749 - Messaging default server is not shown after changing the server profile |
| Content from issues.jboss.org is not included.JBEAP-21945 | Web Console | HAL-1750 Web Console returning WFLYCTL0030: No resource definition is registered for address |
| Content from issues.jboss.org is not included.JBEAP-22009 | Web Console | HAL-1753 - The Locations table is not updated after changing the profile in breadcrumb navigation |
| Content from issues.jboss.org is not included.JBEAP-21280 | XML Frameworks | Xalan XML to stream transformation produces wrong encoding |
| Content from issues.jboss.org is not included.JBEAP-21381 | mod_cluster | WFLY-14130 proxy-list attribute ignored in modcluster subsystem |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.1-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.1-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
Notes
-
Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
-
The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
-
The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
-
Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
Category
Components
Article Type