JBoss Enterprise Application Platform 8.0 Update 3 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 8 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
This update includes all fixes and changes from JBoss Enterprise Application Platform 8.0 Update 2.1
Download This content is not included.JBoss Enterprise Application Platform 8.0 Update 3
This update includes fixes for the following security related issues:
| ID | Component | Impact | Summary |
|---|---|---|---|
| CVE-2024-30172 | Moderate | org.bouncycastle:bcprov-jdk18on: Infinite loop in ED25519 verification in the ScalarUtil class | |
| CVE-2024-30171 | Security | Moderate | org.bouncycastle-bcprov-jdk18on: BouncyCastle vulnerable to a timing variant of Bleichenbacher (Marvin Attack) |
| CVE-2024-29857 | Server | Moderate | org.bouncycastle:bcprov-jdk18on: org.bouncycastle: Importing an EC certificate with crafted F2m parameters may lead to Denial of Service |
| CVE-2024-28752 | Web Services | Important | cxf-core: Apache CXF SSRF Vulnerability using the Aegis databinding |
| CVE-2024-29025 | JMS | Moderate | netty-codec-http: Allocation of Resources Without Limits or Throttling |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.JBEAP-23159 | ActiveMQ | This content is not included.WFLY-16013 - Discovery Group can't change from Socket binding to Jgroups cluster. |
| This content is not included.JBEAP-26822 | BOM | Port artifacts between Runtime and EE BOMs |
| This content is not included.JBEAP-25795 | Batch | This content is not included.WFLY-16653 - org.jboss.as.test.integration.batch.suspend.SuspendBatchletTestCase#testSuspendResume failure |
| This content is not included.JBEAP-27618 | Clustering | java.lang.NullPointerException 'because "v" is null' when node leaves the cluster |
| This content is not included.JBEAP-27091 | EAP Maven Plugin | Revisit eap-maven-plugin dependencies, maven runtime ones should be scope=provided |
| This content is not included.JBEAP-25218 | EJB | This content is not included.WFLY-6282 - Exceptions in 2-clusters EJB invocation graceful shutdown tests |
| This content is not included.JBEAP-26719 | EJB | WFDISC-54 - EJB discovery: when LDAP dir-context is used in cluster only deployments from one node are being discovered |
| This content is not included.JBEAP-26880 | EJB | This content is not included.WFLY-18536 - LocalUserClient missing from jboss-client.jar [details] |
| This content is not included.JBEAP-27255 | Installer | jboss-eap-installation-manager.bat doesn't return correct exit code |
| This content is not included.JBEAP-27356 | Installer | Applying update fails when JBoss EAP installation directory (JBOSS_HOME) is symbolic link [details] |
| This content is not included.JBEAP-26826 | JCA | This content is not included.WFLY-19167 - war containing JDBC drivers deploys an extra driver |
| This content is not included.JBEAP-26002 | JSF | This content is not included.WFLY-18708 - Disable counter-productive "distributable" behavior in Mojarra [details] |
| This content is not included.JBEAP-26777 | JSF | This content is not included.WFLY-18174 - Change the default jakarta.faces.FACELETS_BUFFER_SIZE size to -1 |
| This content is not included.JBEAP-26615 | JSF | JSF jfwid parameter leaks session ID |
| This content is not included.JBEAP-26948 | JSF | JSF token generation hangs EAP 7.4 Update 15 start up in low entropy environments [details] |
| This content is not included.JBEAP-26019 | JSF | JSF: Do not override application-specified "com.sun.faces.enableDistributable" value |
| This content is not included.JBEAP-26315 | Management | Log installation provisioning information at boot |
| This content is not included.JBEAP-27106 | Migration | This content is not included.CMTOOL-370 - Don't migrate to elytron if there are no legacy security resources |
| This content is not included.JBEAP-26765 | Migration | This content is not included.CMTOOL-364 - EAP 8.0 Migration Tool Exception: WFLYCTL0367 |
| This content is not included.JBEAP-27087 | Migration | This content is not included.CMTOOL-368 - EAP 8.0.0 Migration tool fails with "WFLYHC0164 ... Overriding subsystems is not supported" |
| This content is not included.JBEAP-27195 | Migration | This content is not included.CMTOOL-372 - Force exclude migration of internal modules |
| This content is not included.JBEAP-26295 | Packaging and Installing | [installation-manager] The file URL passed as --repositories argument is not validated correctly |
| This content is not included.JBEAP-26882 | Packaging and Installing | jboss-eap-installation-manager] Channel name null is accepted by remove command |
| This content is not included.JBEAP-26790 | Packaging and Installing | Include the update number in the version.txt file |
| This content is not included.JBEAP-27261 | Packaging and Installing | Update 8.0.2 applied via CLI fails on windows [details] |
| This content is not included.JBEAP-26879 | Packaging and Installing | This content is not included.WFCORE-6772 - bin/installation-manager.sh: 5: [: x: unexpected operator |
| This content is not included.JBEAP-26296 | Packaging and Installing | [installation-manager] Allow specifying --repositories without IDs and using local paths |
| This content is not included.JBEAP-27028 | Security | Add documentation for the new wildfly.elytron.oidc.allow.query.params system property |
| This content is not included.JBEAP-26323 | Security | This content is not included.ELY-2340 - While using elytron-oidc-client - client application query params are lost when redirected to RH-SSO |
| This content is not included.JBEAP-26977 | Security | This content is not included.ELY-2752 - Elytron OIDC client subsystem “principal-attribute” mapping |
| This content is not included.JBEAP-26714 | Web Console | This content is not included.HAL-1970 - Exception when viewing datasources in Management Console |
| This content is not included.JBEAP-25223 | mod_cluster | This content is not included.MODCLUSTER-754 - Modcluster: Contexts not registered on proxy when server started in suspend mode |
Installation
Archive / zip / installer based installations
Note: This update zip should only be applied to installer or zip-based installations.
See the documentation: JBoss EAP 8.0 update methods
RPM installations
See the documentation: Updating an RPM installation
OpenShift Container installations
Update the containers to use the This content is not included.latest tag., to be current on OpenJDK and RHEL fixes.
Notes
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- Red Hat Insights is available for JBoss EAP 8 and accessible on the This content is not included.Red Hat Hybrid Cloud Console, see more details.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 8
Category
Components
Article Type