JBoss Enterprise Application Platform 7.4 Update 7 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 06
Download This content is not included.JBoss Enterprise Application Platform 7.4 Update 7
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2022-25857 | REST | snakeyaml: Denial of Service due missing to nested depth limitation for collections. |
| CVE-2022-2053 | Undertow | undertow: Large AJP request may cause DoS |
| CVE-2022-1259 | Server | undertow: potential security issue in flow control over HTTP/2 may lead to DOS (incomplete fix for CVE-2021-3629) |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| Content from issues.jboss.org is not included.JBEAP-19742 | SIGSEGV in libaio when running RHEL 7.8 | |
| Content from issues.jboss.org is not included.JBEAP-9505 | ActiveMQ | Artemis is not fully-JTA 1.2 compliant XAResource |
| Content from issues.jboss.org is not included.JBEAP-23783 | EJB | EJBCLIENT-424 - EJB remote invocation response payload contain ContextData not part of 'jboss.returned.keys' |
| Content from issues.jboss.org is not included.JBEAP-23804 | EJB | EJBCLIENT-425 - EJB client API does not delete ContextData that has been removed on the server side |
| Content from issues.jboss.org is not included.JBEAP-23842 | EJB | WEJBHTTP-83 - WF Http EJB Client does not delete ContextData that has been removed on the server side |
| Content from issues.jboss.org is not included.JBEAP-23784 | EJB | WFLY-16567 - EJB response contain ContextData that has been removed on the server side |
| Content from issues.jboss.org is not included.JBEAP-23818 | EJB | WFLY-16607 - Application deployment fails with EJB components in EAP 7.4 Update 5 and works fine with Update 1 |
| Content from issues.jboss.org is not included.JBEAP-23836 | EJB | WFLY-16666 - Do not use component class as superclass for local home interface proxy |
| Content from issues.jboss.org is not included.JBEAP-23880 | Hibernate | HHH-15425 - org.hibernate.QueryException: could not resolve property is thrown when Hibernate criteria tries to select the id of an association annotated with @NotFound |
| Content from issues.jboss.org is not included.JBEAP-23909 | JCA | Reset autocommit during cleanup part 2 - use property to disable [details] |
| Content from issues.jboss.org is not included.JBEAP-22461 | JMS | Change the default value of verifyHost parameter in connectors |
| Content from issues.jboss.org is not included.JBEAP-23771 | JSF | JSF AttachedObjectListHolder IndexOutOfBounds fix #4260 |
| Content from issues.jboss.org is not included.JBEAP-23825 | Management | WFCORE-5970 - Server does not start when configuration file is a soft link to a file outside of the server configuration directory |
| Content from issues.jboss.org is not included.JBEAP-21340 | Management | WFCORE-5527 - WFLYDR0010: Couldn't delete content .../domain/data/content/ed: java.nio.file.DirectoryNotEmptyException:... |
| Content from issues.jboss.org is not included.JBEAP-23781 | Management | WFCORE-5960 - relative-to="jboss.domain.base.dir" is not set correctly |
| Content from issues.jboss.org is not included.JBEAP-23789 | REST | RESTEASY-3155 - Resteasy concurrency issue with JDK 17 |
| Content from issues.jboss.org is not included.JBEAP-12458 | Remoting | WFCORE-5958 - The warning message when changing worker of remoting endpoint is not fully correct |
| Content from issues.jboss.org is not included.JBEAP-22979 | Scripts | Failed to start JBoss EAP using with jbcs-jsvc-1.2.4-SP10-win6-x86_64 |
| Content from issues.jboss.org is not included.JBEAP-23684 | Security | SNICombinedWithALPNTestCase fails with security manager on OpenJDK 17 |
| Content from issues.jboss.org is not included.JBEAP-23793 | Security | ELY-2358 - Option extract-rdn selects the rightmost matching RDN instead of the leftmost one |
| Content from issues.jboss.org is not included.JBEAP-23616 | Server | WFCORE-5927 - Misleading message for embedded server configuration file |
| Content from issues.jboss.org is not included.JBEAP-23729 | Undertow | UNDERTOW-2104 - JSP compilation error when using inner classes |
| Content from issues.jboss.org is not included.JBEAP-23873 | Undertow | UNDERTOW-2124 - ProgramaticLazyEndpointTest and BinaryEndpointTest failures with JDK-17 |
| Content from issues.jboss.org is not included.JBEAP-23732 | Undertow | WFLY-16464 - SSO not require restart |
| Content from issues.jboss.org is not included.JBEAP-23868 | VFS | WFLY-16322 - ClassCastException VirtualJarInputStream cannot be cast to VirtualFile due to "JDK-8273655 content-types.properties files are missing some common types" |
| Content from issues.jboss.org is not included.JBEAP-23617 | Web Console | HAL-1793 - Console shows "Statistics Disabled" but "wildfly.statistics-enabled" is set |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.7-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.7-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
Notes
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- The Helm Chart for JBoss EAP 7.4 / JBoss EAP XP 3 allows to build and deploy applications on OpenShift using Helm package manager
- The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
- Hibernate Search 5 APIs Deprecated in JBoss EAP 7.4 that will be changed in EAP 8 / Hibernate 6
- The RHSSO Galleon Layer is deprecated in JBoss EAP 7.4, see more details.
- JBoss EAP 7.4 Update 7+ now supports OpenJDK 17, Oracle JDK17 is in technical preview, see configuration changes needed here.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 7
Category
Components
Article Type