JBoss Enterprise Application Platform 7.4 Update 15 Release Notes
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 14
Download This content is not included.JBoss Enterprise Application Platform 7.4 Update 15
This update includes fixes for the following security related issues:
| ID | Component | Impact | Summary |
|---|---|---|---|
| CVE-2023-44483 | Web Services | Moderate | santuario: Private Key disclosure in debug-log output |
| CVE-2023-4759 | Management | Moderate | jgit: arbitrary file overwrite |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.JBEAP-24417 | A-MQ RA | JBoss throws UnknownHostExceptions and XARecovery fails when Connected to an AMQ Cluster in OpenShift |
| This content is not included.JBEAP-26223 | Clustering | ThreadGroups leaking in the clustering subsystem |
| This content is not included.JBEAP-26100 | Clustering | This content is not included.IPROTO-208 - Primitive types in proto files should not be case insensitive |
| This content is not included.JBEAP-26264 | EJB | This content is not included.WFTC-138 - Add access checking API to TxnNamingContextFactory |
| This content is not included.JBEAP-22637 | EJB | This content is not included.WFLY-14769 - Lookup of txn:LocalUserTransaction makes it possible to illegally use UserTransaction in a CMT context [details] |
| This content is not included.JBEAP-26156 | Hibernate | Content from hibernate.atlassian.net is not included.HHH-13179 - Unionsubclass 2nd level caching no longer works for XML mappings in 5.3 and 5.4 |
| This content is not included.JBEAP-25339 | JCA | JCA: allow for empty username and password in recovery configuration |
| This content is not included.JBEAP-26217 | JCA | This content is not included.WFLY-18703 - Misleading error message for XA DataSource class |
| This content is not included.JBEAP-25937 | JMX | Thread's context classloader for ServiceMBeanSupport startService is not application module [details] |
| This content is not included.JBEAP-26020 | JSF | JSF: Do not override application-specified "com.sun.faces.enableDistributable" value |
| This content is not included.JBEAP-25900 | Logging | MDC is ignored when using Log4J 2 API |
| This content is not included.JBEAP-25933 | MP Metrics | This content is not included.WFLY-14697 - Microprofile Metrics throws NullPointerException when prefix attribute is not set or is blank |
| This content is not included.JBEAP-25589 | Management | Memory leak on :reload operation |
| This content is not included.JBEAP-25771 | Security | This content is not included.WFCORE-6533 Memory leak in ElytronDefinition / DelegatingAuthConfigFactory |
| This content is not included.JBEAP-26013 | Security | This content is not included.ELY-2312 - Update the --encrypt action of the credential-store command to support existing entries. |
| This content is not included.JBEAP-26139 | Server | Memory leaks to be checked |
| This content is not included.JBEAP-25725 | Server | Use Process Controller log file to capture Host Controller and Managed Servers standard error |
| This content is not included.JBEAP-25881 | VFS | Do not duplicate managed deployment in content repository in tmp/vfs/temp directory |
| This content is not included.JBEAP-25677 | VFS | managed deployment in content repository duplicated in tmp/vfs/temp directory |
Installation
Note: This update should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.15-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.15-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
This content is not included.Known Issues
Notes
- Note: A regression This content is not included.JBEAP-26824 was found in JSF which can cause startup to hang with Update 15 and 16, see more details.
- JBoss EAP 7.4 Update 13+ contains some bug fixes that did not make it into EAP 8.0 GA, it is recommended you wait for EAP 8.0 Update 1 before upgrading to EAP 8.0
- Red Hat Insights is available for JBoss EAP 7.4 Update 11+, see more details
- Helm Chart for EAP 7.4 Updates
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- The Helm Chart for JBoss EAP 7.4 / JBoss EAP XP 3 allows to build and deploy applications on OpenShift using Helm package manager
- The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
- Hibernate Search 5 APIs Deprecated in JBoss EAP 7.4 that will be changed in EAP 8 / Hibernate 6
- The RHSSO Galleon Layer is deprecated in JBoss EAP 7.4, see more details.
- JBoss EAP 7.4 Update 8+ now supports OpenJDK 17 / Oracle JDK 17, see configuration changes needed here.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 7
- jndi-name has been required for admin-object definitions as per the schema, the server will require it to be specified or will result in an error, see more details here