JBoss Enterprise Application Platform 8.0 Update 4 Release Notes
In order to better meet customer expectations, micro releases for JBoss EAP 8 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
This update includes all fixes and changes from JBoss Enterprise Application Platform 8.0 Update 3.1
Download This content is not included.JBoss Enterprise Application Platform 8.0 Update 4
This update includes fixes for the following security related issues:
| ID | Component | Impact | Summary |
|---|---|---|---|
| CVE-2024-4029 | Management | Low | wildfly-domain-http: wildfly: No timeout for EAP management interface may lead to Denial of Service (DoS) |
| CVE-2023-52428 | Security | Important | com.nimbusds/nimbus-jose-jwt: large JWE p2c header value causes Denial of Service |
| CVE-2024-8698 | Security | Important | org.keycloak/keycloak-saml-core-public: Improper Verification of SAML Responses Leading to Privilege Escalation in Keycloak |
| CVE-2022-34169 | Server | Important | xalan: OpenJDK: integer truncation issue in Xalan-J (JAXP, 8285407) |
| CVE-2024-41172 | Web Services | Moderate | org.apache.cxf/cxf-rt-transports-http: unrestricted memory consumption in CXF HTTP clients |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.JBEAP-26433 | ActiveMQ | JTS - MDB inbound tx branch not rolled back |
| This content is not included.JBEAP-27615 | Application Client | This content is not included.WFLY-18557 - appclient -secmgr should be allowed under Java 21 |
| This content is not included.JBEAP-26062 | Clustering | Hotrod: can't create distributed session for externalization to Infinispan |
| This content is not included.JBEAP-26658 | Clustering | Regression due to SSLHandshakeException affecting HotRod client when connecting to remote Infinispan |
| This content is not included.JBEAP-27254 | Deployment Framework | In Domain mode applications are distributed twice to the domain's servers |
| This content is not included.JBEAP-26877 | EJB | This content is not included.WFLY-19303 - EJB remote service requiring cluster instead of using distributable-ejb |
| This content is not included.JBEAP-27376 | Hibernate | Content from hibernate.atlassian.net is not included.HHH-17344 - DB2zDialect NullPointerException |
| This content is not included.JBEAP-27750 | Hibernate | Content from hibernate.atlassian.net is not included.HHH-18506 - Flush performance degradation due to itable stubs |
| This content is not included.JBEAP-27239 | Insights | MWTELE-266 - Don't create file upload dir if opted out |
| This content is not included.JBEAP-27709 | JMS | Fixing AddressSettings default values |
| This content is not included.JBEAP-27541 | Logging | Excessive DEBUG logging on server startup |
| This content is not included.JBEAP-27383 | Maven Repository | Runtime maven repository not in sync with the final manifest for 2.1 |
| This content is not included.JBEAP-25057 | Migration | Legacy security domain migration does not cover datasources, iiop-openjdk, resource-adapters subsystems |
| This content is not included.JBEAP-27205 | Packaging and Installing | Installer: channel versions shows empty output |
| This content is not included.JBEAP-27361 | Packaging and Installing | Apply server candidate phase logs are not saved in log files when using Management CLI |
| This content is not included.JBEAP-27370 | Packaging and Installing | Do not allow server apply phase if Management CLI client sessions are still opened |
| This content is not included.JBEAP-26126 | REST | Record is not serialized to JSON |
| This content is not included.JBEAP-27081 | Security | This content is not included.WFCORE-6834 - wildfly-elytron-integration jar duplicated in server modules |
| This content is not included.JBEAP-27742 | Server | This content is not included.WFCORE-6956 - Wrong endpoint-name if the JBoss server name and 'jboss.node.name' are both provided to the server |
Installation
Archive / zip / installer based installations
Note: This update zip should only be applied to installer or zip-based installations.
See the documentation: JBoss EAP 8.0 update methods
RPM installations
See the documentation: Updating an RPM installation
OpenShift Container installations
Update the containers to use the latest tag., to be current on OpenJDK and RHEL fixes.
Notes
- JBoss EAP 8.0 Update 4+ now supports OpenJDK 21 / Oracle JDK 21 / Adoptium JDK 21, see Supported Configurations.
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- Red Hat Insights is available for JBoss EAP 8 and accessible on the This content is not included.Red Hat Hybrid Cloud Console, see more details.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 8