JBoss Enterprise Application Platform 7.3 Update 9 Release Notes
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.3 Update 08
Download This content is not included.JBoss Enterprise Application Platform 7.3 Update 9
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2021-29425 | JDR | apache-commons-io: Limited path traversal in Apache Commons IO 2.2 to 2.6 |
| CVE-2021-3644 | Management | Invalid Sensitivity Classification of Vault Expression |
| CVE-2021-28170 | EE | jakarta-el: ELParserTokenManager enables invalid EL expressions to be evaluate |
| CVE-2021-3690 | Server | undertow: buffer leak on incoming websocket PONG message may lead to DoS |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-22205 | Batch | JBERET-506 - Support retrieving job executions by job name |
| Content from issues.jboss.org is not included.JBEAP-22201 | Batch | WFLY-14946 - More efficient way of getting batch job executions by job name |
| Content from issues.jboss.org is not included.JBEAP-22032 | Clustering | WFLY-14853 - Concurrent invalidation requests can cause preventing creation of a new session and repeats throwing "IllegalStateException: WFLYCLWEBUT0001: Session |
| Content from issues.jboss.org is not included.JBEAP-22080 | Clustering | WFLY-14861 - Session objects left in memory after non-coordinator member left a cluster |
| Content from issues.jboss.org is not included.JBEAP-22066 | Clustering | WFLY-14877 - Do not allow application to create a new session or change the identifier of a session after response is committed |
| Content from issues.jboss.org is not included.JBEAP-22010 | EJB | WEJBHTTP-59 - EJB over HTTP getting java.lang.ClassNotFoundException to Unchecked Exception |
| Content from issues.jboss.org is not included.JBEAP-22076 | EJB | WFTC-93 - When CancellationException is thrown, throw XaException.XAER_RMFAIL This content is not included.[details] |
| Content from issues.jboss.org is not included.JBEAP-21937 | Hibernate | HHH-14608 - Merge causes StackOverflow when JPA proxy compliance is enabled [details] |
| Content from issues.jboss.org is not included.JBEAP-21938 | Hibernate | HHH-14616 - Optimistic Lock throws "could not retrieve version" exception [details] |
| Content from issues.jboss.org is not included.JBEAP-22117 | JCA | JBJCA-1426 - OAUTH marshaling failure when connecting to Oracle database using Kerberos authentication |
| Content from issues.jboss.org is not included.JBEAP-22068 | JCA | JBJCA-1410 - Fix hook call failures in Ironjacamar JCA |
| Content from issues.jboss.org is not included.JBEAP-22150 | Management | WFCORE-1934 - Make number of thread size for ServerService Thread Pool configurable [details] |
| Content from issues.jboss.org is not included.JBEAP-22097 | OpenShift | WFLY-14495 - ISPN000280: Caught exception [java.lang.IllegalArgumentException] while invoking method [public java.util.concurrent.CompletionStage |
| Content from issues.jboss.org is not included.JBEAP-21760 | OpenShift | readinessProbe script does not work on JDK11 images |
| Content from issues.jboss.org is not included.JBEAP-21939 | Scripts | "servicepass" is not correctly passed to the parameter to run prunsrv.exe in service.bat |
| Content from issues.jboss.org is not included.JBEAP-21985 | Scripts | EAP 7 cannot be installed as Windows Service if installation path contains a whitespace in service.bat |
| Content from issues.jboss.org is not included.JBEAP-22054 | Security | WFNAM00007 exception when group name contains a colon |
| Content from issues.jboss.org is not included.JBEAP-22081 | Transactions | JBTM-3496 - Transaction JDBC object store does not start when using latest JDBC driver for PostgreSQL Plus 13.1 |
| Content from issues.jboss.org is not included.JBEAP-22064 | Undertow | WFLY-14868 - Sessions do not expire in cluster after coordinator is killed |
| Content from issues.jboss.org is not included.JBEAP-20814 | Undertow | UNDERTOW-1856 - Undertow read-timeout can cause closing a connection for long running request even if the request processing is not reading any request data |
| Content from issues.jboss.org is not included.JBEAP-21946 | Web Console | HAL-1750 - Web Console returning WFLYCTL0030: No resource definition is registered for address |
| Content from issues.jboss.org is not included.JBEAP-22003 | Web Console | HAL-1753 - The Locations table is not updated after changing the profile in breadcrumb navigation |
| Content from issues.jboss.org is not included.JBEAP-20377 | mod_cluster | WFLY-14130 - proxy-list attribute ignored in modcluster subsystem [details] |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.3.9-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.3.9-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.3 Patching And Upgrading Guide
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.