JBoss Enterprise Application Platform 7.4 Update 2 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 01
Download This content is not included.JBoss Enterprise Application Platform 7.4 Update 2
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2021-37714 | Bean Validation | jsoup: Crafted input may cause the jsoup HTML and XML parser to get stuck |
| CVE-2021-40690 | Security | xmlsec: xml-security: XPath Transform abuse allows for information disclosure |
| CVE-2021-3717 | Security | wildfly: incorrect JBOSS_LOCAL_USER challenge location may lead to giving access to all the local users |
| CVE-2021-3629 | Undertow | undertow: potential security issue in flow control over HTTP/2 may lead to DOS |
| CVE-2021-20289 | REST | resteasy: Error message exposes endpoint class information |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-22495 | WFCORE-5523 - WFCORE-5465 - Git tests fail if git init.defaultBranch is not master | |
| Content from issues.jboss.org is not included.JBEAP-22152 | EJBCLIENT-408 - Racecondition in RemotingEJBDiscoveryProvider is causing a NullPointerException | |
| Content from issues.jboss.org is not included.JBEAP-22244 | A-MQ7 | WFLY-15039 - Cluster Intermittently Fails to Reestablish After a Node is Restarted |
| Content from issues.jboss.org is not included.JBEAP-22486 | ActiveMQ | ENTMQBR-5471 - Broker does not auto create a queue when deploying a MDB |
| Content from issues.jboss.org is not included.JBEAP-22110 | ActiveMQ | ENTMQBR-5385 - Different number of large messages between queues when using bridge |
| Content from issues.jboss.org is not included.JBEAP-22303 | Bean Validation | WFLY-11566 - Follow-up fixes for WFLY-11566 |
| Content from issues.jboss.org is not included.JBEAP-22175 | Clustering | WFLY-7115 - KeyAffinityService blocks Infinispan's topology change thread |
| Content from issues.jboss.org is not included.JBEAP-22516 | Hibernate | Hibernate ORM JDK 17 Support |
| Content from issues.jboss.org is not included.JBEAP-22496 | Hibernate | HHH-14796 - Cannot replace an existing JPQL NamedQuery with a native NamedQuery |
| Content from issues.jboss.org is not included.JBEAP-22075 | Hibernate | HHH-14840 - IBM Db2 11.1 fails on TransientOverride test cases |
| Content from issues.jboss.org is not included.JBEAP-22304 | JCA | JBJCA-1421 - Use Connection.isValid() in org.jboss.jca.adapters.jdbc.extensions.oracle.OracleValidConnectionChecker |
| Content from issues.jboss.org is not included.JBEAP-22442 | JCA | WFLY-15189 - JCA: Disable logging for failed connections found during validation |
| Content from issues.jboss.org is not included.JBEAP-22286 | JCA | JBJCA-1427 - not possible to bypass GSSCredentials using Datasource.getConnection(username,password) |
| Content from issues.jboss.org is not included.JBEAP-21536 | JSF | WFLY-14698 - Caching of managed beans in WebInjectionContainer can cause memory leaks in distributed JSF applications following session timeout |
| Content from issues.jboss.org is not included.JBEAP-22056 | Migration | CMTOOL-304 - CMTOOL: Java EE references should be replaced by Jakarta EE |
| Content from issues.jboss.org is not included.JBEAP-12319 | Migration | CMTOOL-308 - Server Migration Tool scripts do not have .ps1 version |
| Content from issues.jboss.org is not included.JBEAP-22428 | Modules | MODULES-406 - ModuleLoader fails when iterating over an absent module |
| Content from issues.jboss.org is not included.JBEAP-22013 | REST | RESTEASY-2914 - ResteasyViolationException#toString concurrency generate a java.util.ConcurrentModificationException |
| Content from issues.jboss.org is not included.JBEAP-22336 | Scripts | WFCORE-5546 - "JAVA_OPTS" is not correctly set in standalone.bat |
| Content from issues.jboss.org is not included.JBEAP-15433 | Scripts | WFCORE-4008 - Unify "-server" option in windows standalone scripts (ps1, bat) |
| Content from issues.jboss.org is not included.JBEAP-22063 | Scripts | WFCORE-5499 - domain.ps1 doesn't add --add-exports JVM options as expected for JDK > 9 |
| Content from issues.jboss.org is not included.JBEAP-22338 | Security | ELY-2194 - JWK implementation in JwkManager does not work properly on key rotation |
| Content from issues.jboss.org is not included.JBEAP-22371 | Server | WFCORE-5543 - Operation-scoped caching of static module Jandex indices |
| Content from issues.jboss.org is not included.JBEAP-21927 | Server | WFLY-14436 - Improve error for incorrect class for xa-datasource-class, etc. |
| Content from issues.jboss.org is not included.JBEAP-22511 | Undertow | UNDERTOW-1972 - InMemorySessionManager can mistake PLACE_HOLDER_SESSION with a real session |
| Content from issues.jboss.org is not included.JBEAP-22176 | Undertow | UNDERTOW-1869 - InMemorySessionManager Session Creation Not Thread Safe |
| Content from issues.jboss.org is not included.JBEAP-22454 | Web Console | Missing metadata: [resource description] @ {selected.profile}/subsystem=infinispan/cache-container=/distributed-cache=/memory=binary |
| Content from issues.jboss.org is not included.JBEAP-22497 | Web Services | CXF-8596 - Fix infinite loop in WebFaultOutInterceptor |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.2-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.2-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
Notes
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- The Helm Chart for JBoss EAP 7.4 / JBoss EAP XP 3 allows to build and deploy applications on OpenShift using Helm package manager
- The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
Category
Components
Article Type