JBoss Enterprise Application Platform 7.4 Update 14 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 13
Download This content is not included.JBoss Enterprise Application Platform 7.4 Update 14
This update includes fixes for the following security related issues:
| ID | Component | Summary |
|---|---|---|
| CVE-2023-2976 | Server | guava: insecure temporary directory creation |
| CVE-2023-39410 | Server | avro: apache-avro: Apache Avro Java SDK: Memory when deserializing untrusted data in Avro Java SDK] |
| CVE-2023-44487 | Undertow | netty-codec-http2: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) |
| CVE-2023-4503 | Server | eap-galleon: custom provisioning creates unsecured http-invoker |
| CVE-2023-35887 | Server | sshd-common: apache-mina-sshd: information exposure in SFTP server implementations |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.JBEAP-25844 | ActiveMQ | Configuration applied on ServerAdd shouldn't apply runtime changes on boot for the sub resources |
| This content is not included.JBEAP-26039 | Batch | Not possible to add new thread factory to batch-jberet subsystem |
| This content is not included.JBEAP-25715 | CDI / Weld | This content is not included.WELD-2755 - Avoid creating duplicate thread groups |
| This content is not included.JBEAP-26032 | Clustering | org.infinispan.commons.CacheException: java.lang.IllegalArgumentException: Only byte[] instances are supported currently! |
| This content is not included.JBEAP-25743 | Clustering | HotRod-based session manager requires too many remote operations for ATTRIBUTE granularity sessions |
| This content is not included.JBEAP-26034 | Clustering | Hotrod : Cache inconsistency |
| This content is not included.JBEAP-25740 | Clustering | Hotrod-based session manager unnecessary receives server events when near cache is disabled |
| This content is not included.JBEAP-25617 | Clustering | This content is not included.ISPN-15147 - DefaultExecutorFactory can create multiple ThreadGroups |
| This content is not included.JBEAP-25504 | Clustering | |
| This content is not included.JBEAP-25683 | Clustering | Excessive network usage in RHDG during session expiration processing in HSM |
| This content is not included.JBEAP-26267 | Clustering | JGRP-2713 - jgroups RouterStubManager race condition that cause one or more gossip router never get reconnected |
| This content is not included.JBEAP-3583 | EJB | This content is not included.WFLY-6282 - Exceptions in 2-clusters EJB invocation graceful shutdown tests |
| This content is not included.JBEAP-25450 | EJB | This content is not included.JBMAR-254 - JVM crash when passing record to local EJB via remote interface |
| This content is not included.JBEAP-14932 | EJB | NoSuchObjectException: WFLYEJB0056 ... ConnectException: Connection refused: no further information |
| This content is not included.JBEAP-25800 | JCA | Resource adapters - duplicate resource between attribute and children definitions |
| This content is not included.JBEAP-25464 | JMS | Migration tool cannot add default module on JMS bridge on EAP 6.4 to EAP 7.4 migration |
| This content is not included.JBEAP-25906 | JMS | WARN message from Artemis when starting EAP |
| This content is not included.JBEAP-25595 | JMS | Content from issues.apache.org is not included.ARTEMIS-4427 - MDB reusing Thread is using wrong transactionTimeout |
| This content is not included.JBEAP-25824 | JMS | This content is not included.UNDERTOW-2305 - Messaging clients are not load-balanced using Undertow loadbalancer |
| This content is not included.JBEAP-25746 | Logging | Align log message IDs in ControllerLogger with upstream |
| This content is not included.JBEAP-25573 | MP Metrics | Memory leak on app redeploy |
| This content is not included.JBEAP-25586 | MP Metrics | Memory leak in MetricCollector |
| This content is not included.JBEAP-25729 | Management | Invalid YAML configuration fails silently |
| This content is not included.JBEAP-25730 | Management | Possible NPE in YAMLExtension for some resource without an add operation |
| This content is not included.JBEAP-25820 | Management | This content is not included.WFCORE-6505 - Avoid creating duplicate thread groups on server reload |
| This content is not included.JBEAP-25679 | Management | YAML: A resource name can't match an attribute name of this resource |
| This content is not included.JBEAP-25728 | Management | YAML: MapAttributeDefinition not properly processed for existing resources |
| This content is not included.JBEAP-23744 | MicroProfile | Allow admin-only servers to boot with a config that includes the MicroProfile subsystems removed in base EAP 7.4 [details] |
| This content is not included.JBEAP-25452 | REST | fix resteasy / yasson issue with JDK17 record |
| This content is not included.JBEAP-24111 | Remoting | XNIO NotifierState can cause StackOverflowException when the chain of notifier states becomes problematically big |
| This content is not included.JBEAP-25559 | Scripts | AppClientScriptTestCase fails with grep >= 3.8 |
| This content is not included.JBEAP-25828 | Scripts | This content is not included.WFCORE-6552 - Windows: WARNING: package com.sun.net.internal.ssl not in java.base |
| This content is not included.JBEAP-18717 | Security | This content is not included.WFCORE-4296 - Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions [details] |
| This content is not included.JBEAP-25718 | Server | Avoid creating duplicate thread groups on server reload |
| This content is not included.JBEAP-25680 | Server | This content is not included.JANDEX-50 - AnnotationInstance hash collissions degrade indexing processing time |
| This content is not included.JBEAP-25720 | Transactions | WFTC-136 Memory leak :reload operation in transaction client |
| This content is not included.JBEAP-25557 | Undertow | Undertow SSO invalidation fails with UnsupportedOperationException |
| This content is not included.JBEAP-25833 | Undertow | This content is not included.UNDERTOW-2316 - Unify InMemorySessionManager getSession() method behavior with DistributableSessionManager |
| This content is not included.JBEAP-25455 | Undertow | This content is not included.UNDERTOW-2296 - Wrong type in INCLUDE_MAPPING request attribute |
| This content is not included.JBEAP-25582 | Undertow | This content is not included.UNDERTOW-2307 - ScopedAttributeELResolver performance improvement |
| This content is not included.JBEAP-25735 | Undertow | This content is not included.UNDERTOW-2313 - NPE occurs in session invalidation if a session creation attempt hits This content is not included.UNDERTOW-1971 |
| This content is not included.JBEAP-25565 | Web Console | This content is not included.HAL-1884 - EAP Management console does not show credential store and alias in the datasource configuration |
| This content is not included.JBEAP-25692 | Web Console | This content is not included.HAL-1908 - "remove" option is seen in "Deployments --> ServerGroups" instead of "undeploy" |
| This content is not included.JBEAP-25738 | Web Services | This content is not included.JBWS-4389 - Wrong assumption about the Identity's password are all clearpassword |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.14-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.14-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
Notes
- JBoss EAP 7.4 Update 13+ contains some bug fixes that did not make it into EAP 8.0 GA, it is recommended you wait for EAP 8.0 Update 1 before upgrading to EAP 8.0
- Red Hat Insights is available for JBoss EAP 7.4 Update 11+, see more details
- Helm Chart for EAP 7.4 Updates
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- The Helm Chart for JBoss EAP 7.4 / JBoss EAP XP 3 allows to build and deploy applications on OpenShift using Helm package manager
- The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
- Hibernate Search 5 APIs Deprecated in JBoss EAP 7.4 that will be changed in EAP 8 / Hibernate 6
- The RHSSO Galleon Layer is deprecated in JBoss EAP 7.4, see more details.
- JBoss EAP 7.4 Update 8+ now supports OpenJDK 17 / Oracle JDK 17, see configuration changes needed here.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 7
- jndi-name has been required for admin-object definitions as per the schema, the server will require it to be specified or will result in an error, see more details here
Category
Components
Article Type