JBoss Enterprise Application Platform 8.0 Update 2 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 8 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
This update includes all fixes and changes from JBoss Enterprise Application Platform 8.0 Update 1.1
Download This content is not included.JBoss Enterprise Application Platform 8.0 Update 2
This update includes fixes for the following security related issues:
| ID | Component | Impact | Summary |
|---|---|---|---|
| CVE-2024-1233 | Security | Moderate | eap: JBoss EAP: wildfly-elytron has a SSRF security issue |
| CVE-2024-1102 | Server | Moderate | jberet-core: jberet: jberet-core logging database credentials |
| CVE-2023-4503 | Server | Moderate | eap-galleon: custom provisioning creates unsecured http-invoker |
| CVE-2023-6236 | Security | Moderate | eap: JBoss EAP: OIDC app attempting to access the second tenant, the user should be prompted to log |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.JBEAP-25239 | A-MQ RA | JBoss throws UnknownHostExceptions and XARecovery fails when Connected to an AMQ Cluster in OpenShift |
| This content is not included.JBEAP-25252 | A-MQ7 | This content is not included.ENTMQBR-8489 - Unhandled NullPointerException in JournalTransaction::forget |
| This content is not included.JBEAP-25230 | ActiveMQ | AMQ212051: Invalid concurrent session usage. |
| This content is not included.JBEAP-25489 | ActiveMQ | Artemis is logging warnings during clean shutdown of server in cluster |
| This content is not included.JBEAP-26036 | Batch | This content is not included.WFCORE-6592 - Not possible to add new thread factory to batch-jberet subsystem |
| This content is not included.JBEAP-26691 | BootableJar | Bootable JAR deployments cannot use the System.Logger |
| This content is not included.JBEAP-26953 | BootableJar | Bootable jar app on Operator: No deployment content with hash yyy |
| This content is not included.JBEAP-26846 | BootableJar | org.wildfly.core:wildfly-jar-boot artifact is missing from the EAP8 manifest |
| This content is not included.JBEAP-25588 | CDI / Weld | Memory leak on :reload operation |
| This content is not included.JBEAP-26042 | Clustering | Hotrod : Cache inconsistency |
| This content is not included.JBEAP-26017 | Clustering | This content is not included.ISPN-15310 - Duplicated classes in infinispan-objectfilter-14.0.17.Final-redhat-00002.jar and jackson-core-2.15.2.redhat-00001.jar |
| This content is not included.JBEAP-26212 | Clustering | This content is not included.ISPN-15368 - Eliminate repeatedly created ThreadGroups |
| This content is not included.JBEAP-26658 | Clustering | Regression due to SSLHandshakeException affecting HotRod client when connecting to remote Infinispan |
| This content is not included.JBEAP-25488 | Clustering | This content is not included.WFLY-18384 - [CLUSTERING] File containing session data is never shrunk or deleted |
| This content is not included.JBEAP-26114 | Clustering | Client fail rate degradation in tests with Oracle database |
| This content is not included.JBEAP-26112 | Clustering | : java.io.InvalidClassException with ORACLE Data store |
| This content is not included.JBEAP-26404 | Clustering | Shared distributed session manager triggers duplicate expiration listeners |
| This content is not included.JBEAP-26325 | Clustering | max-active-sessions=-1 causes ISPN000424 error for distributable webapp |
| This content is not included.JBEAP-25790 | EJB | HotRod calls to remote caches use outdated topology information |
| This content is not included.JBEAP-26390 | EJB | This content is not included.EJBCLIENT-531 - Discovery: take static blocklist into account during cluster discovery |
| This content is not included.JBEAP-25221 | EJB | This content is not included.WFLY-14769 - Lookup of txn:LocalUserTransaction makes it possible to illegally use UserTransaction in a CMT context |
| This content is not included.JBEAP-25215 | Insights | MWTELE-90 - Insights artifacts don't comply with EAP rules for MANIFEST.MF content |
| This content is not included.JBEAP-26508 | Insights | Use Bearer token auth instead of Basic token auth |
| This content is not included.JBEAP-26331 | Installer | All page warnings should be displayed in the validation |
| This content is not included.JBEAP-26066 | Installer | Duplicated mnemonic key on Security domain screen, Property file option |
| This content is not included.JBEAP-26206 | Installer | GUI installer throws NPE on Windows when trying to enter path on non-existing drive for settings.xml |
| This content is not included.JBEAP-26207 | Installer | GUI installer throws NPE on Windows when trying to enter invalid path to settings.xml |
| This content is not included.JBEAP-26274 | Installer | jboss eap installation manager does not handle a zip file |
| This content is not included.JBEAP-25925 | Installer | [GUI Installer] Add ability for translations to reference other translations |
| This content is not included.JBEAP-26161 | Installer | [GUI Installer] Certificate security configuration creates unnecessary configuration |
| This content is not included.JBEAP-26784 | JCA | JCA: make sure WorkManager doesn't relate on jboss-threads executor's blocking API |
| This content is not included.JBEAP-26751 | JCA | Connector: restore application security configuration |
| This content is not included.JBEAP-25266 | JCA | This content is not included.JBJCA-1471 - Prefill pool after returned connection has been destroyed |
| This content is not included.JBEAP-26220 | JCA | This content is not included.WFLY-18703 - Misleading error message for XA DataSource class |
| This content is not included.JBEAP-26507 | JDR | JDR not collecting server manifest.yaml |
| This content is not included.JBEAP-26490 | JMS | "AMQ229014: Did not receive data from invm:0 within the -1ms connection TTL" occurs due to a race condition |
| This content is not included.JBEAP-25596 | JMS | This content is not included.ENTMQBR-8367 - MDB reusing Thread is using wrong transactionTimeout |
| This content is not included.JBEAP-25942 | JMX | Thread's context classloader for ServiceMBeanSupport startService is not application module |
| This content is not included.JBEAP-26687 | JPA/Hibernate | JakartaEE application client: module "org.hibernate" is not added to classpath |
| This content is not included.JBEAP-25284 | Logging | This content is not included.MODULES-439 - Create a delegating LoggerFinder |
| This content is not included.JBEAP-26026 | Logging | This content is not included.WFCORE-6589 - MDC is ignored when using Log4J 2 API |
| This content is not included.JBEAP-25513 | MP Metrics | Memory leak on app redeploy |
| This content is not included.JBEAP-26661 | Migration | Configuration migration to EAP 8 fails if jgroup authentication is configured in EAP 7.4.x configuration files. |
| This content is not included.JBEAP-26832 | Migration | Server Migration Tool cannot recognize EAP 8 Update X |
| This content is not included.JBEAP-26194 | Modules | This content is not included.WFCORE-6697- list-resource-loader-paths fails with MalformedURLException |
| This content is not included.JBEAP-25694 | OpenShift | EAP8 env properties overwriting |
| This content is not included.JBEAP-26694 | Packaging and Installing | Feature pack is installed even if operation is cancelled |
| This content is not included.JBEAP-26750 | Packaging and Installing | Manifest file - include some version string in the name field |
| This content is not included.JBEAP-26290 | Packaging and Installing | Reverting an update doesn't use the cache. |
| This content is not included.JBEAP-26449 | Packaging and Installing | Unnecessary fields in .installation/manifest.yaml file of installation manager |
| This content is not included.JBEAP-24913 | Packaging and Installing | This content is not included.WFCORE-6559 - PowerShell support for Prospero integration |
| This content is not included.JBEAP-26324 | Packaging and Installing | This content is not included.WFCORE-6653 - Missing maven-repo-files description on the help of management CLI installer command |
| This content is not included.JBEAP-25939 | Packaging and Installing | [jboss-eap-installation-manager] Some use cases don't work with the current channel blocklist implementation. |
| This content is not included.JBEAP-26805 | Packaging and Installing | installer-channels.yaml file created by jboss-eap-installation-manager uses wrong property name noStreamStrategy |
| This content is not included.JBEAP-26022 | Packaging and Installing | license.xml has different line endings when provisioned on Windows |
| This content is not included.JBEAP-26785 | Packaging and Installing | Add ability to modify provisioning configuration when installing certain feature packs |
| This content is not included.JBEAP-27003 | Packaging and Installing | Different manifest content in EAP 8.0.2.GA-CR1 and Maven repository ZIP bit |
| This content is not included.JBEAP-25770 | Packaging and Installing | Different metadata after Prospero installation on Windows |
| This content is not included.JBEAP-26480 | Packaging and Installing | Prospero - add a flag to print debug statements in console |
| This content is not included.JBEAP-26451 | Packaging and Installing | Prospero revert operation doesn't change the installation-channels.yaml file |
| This content is not included.JBEAP-26402 | Packaging and Installing | [jboss-eap-installation-manager] .installation/.cache/artifacts.txt with non-expected content breaks Prospero |
| This content is not included.JBEAP-26951 | Packaging and Installing | [jboss-eap-installation-manager] Revert on fresh EAP install brings unexpected changes |
| This content is not included.JBEAP-26881 | Packaging and Installing | [jboss-eap-installation-manager] When adding feature pack, message about conflicts mentions "update" |
| This content is not included.JBEAP-26938 | Packaging and Installing | [jboss-eap-installation-manager] When installing XP 5 on top of existing EAP, XP lifecycle notice is not presented to user |
| This content is not included.JBEAP-26127 | REST | Predicates not applied correctly to gzip filters |
| This content is not included.JBEAP-25293 | REST | RESTEasy StringTextStar provider can produce not-valid output |
| This content is not included.JBEAP-26037 | Scripts | This content is not included.WFCORE-4296 - Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions when started by ps1 script |
| This content is not included.JBEAP-26625 | Scripts | This content is not included.WFCORE-6531 - standalone.sh and possibly other scripts usage of eval |
| This content is not included.JBEAP-26354 | Security | This content is not included.ELY-2538 - Provide a possibility for a caching realm to authenticate users with underlying realm when credential verification with cached credential fails |
| This content is not included.JBEAP-26646 | Security | ELYWEB-222 - Add a test for single sign on across two apps |
| This content is not included.JBEAP-26258 | Security | This content is not included.ELY-2589 - Elytron SSO does not expire other application sessions for session invalidation like Undertow SSO promptly following sessionid change |
| This content is not included.JBEAP-26263 | Server | EAP core sources contains RH internal certificate installation information |
| This content is not included.JBEAP-25724 | Server | GSS (8.0.z) This content is not included.WFCORE-6579 - Use Process Controller log file to capture Host Controller and Managed Servers standard error |
| This content is not included.JBEAP-26221 | Server | This content is not included.WFLY-18765 - Missing Locale parameter while calling toUpperCase and toLowerCase methods |
| This content is not included.JBEAP-26364 | Transactions | This content is not included.WFTC-141 - Wildfly-transaction-client doesn't log that the transaction timeout wasn't set, when the driver returns false. |
| This content is not included.JBEAP-26648 | Transactions | Remove the unsupported compensations API |
| This content is not included.JBEAP-25237 | Transactions | This content is not included.WFLY-15609 - There is no cleanup of thread bound transaction timeout override on threads used to run servlets [details] |
| This content is not included.JBEAP-25880 | VFS | This content is not included.WFCORE-6524 - Do not duplicate managed deployment in content repository in tmp/vfs/temp directory |
| This content is not included.JBEAP-25879 | VFS | managed deployment in content repository duplicated in tmp/vfs/temp directory |
Installation
Archive / zip / installer based installations
Note: This update zip should only be applied to installer or zip-based installations.
See the documentation: JBoss EAP 8.0 update methods
RPM installations
See the documentation: Updating an RPM installation
OpenShift Container installations
Update the containers to use the This content is not included.latest tag., to be current on OpenJDK and RHEL fixes.
Notes
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- Red Hat Insights is available for JBoss EAP 8 and accessible on the This content is not included.Red Hat Hybrid Cloud Console, see more details.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 8
Category
Components
Article Type