JBoss Enterprise Application Platform 7.4 Update 20 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 7 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
For more information see the following Red Hat Knowledgebase articles: Maintenance Release Changes in EAP 6.2+ and Updated Patch Management with EAP 6.2+
This update includes all fixes and changes from JBoss Enterprise Application Platform 7.4 Update 19
Download This content is not included.JBoss Enterprise Application Platform 7.4 Update 20
This update includes fixes for the following security related issues:
| ID | Component | Impact | Summary |
|---|---|---|---|
| CVE-2024-4109 | Undertow | Minor | undertow: information leakage via HTTP/2 request header reuse [eap-7.4.z] |
| CVE-2024-47561 | Server | Major | org.apache.avro/avro: Schema parsing may trigger Remote Code Execution (RCE) |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.JBEAP-27758 | This content is not included.WEJBHTTP-144 - Allow additional TCP configurations like TCP_NODELAY | |
| This content is not included.JBEAP-26435 | ActiveMQ | JTS - MDB inbound tx branch not rolled back |
| This content is not included.JBEAP-27888 | Clustering | Expired session remains in the cache when session expiration conflicts with a continuation request to the backup cache |
| This content is not included.JBEAP-28149 | EJB | This content is not included.EJBCLIENT-539 - JBossEJBProperties failing to set appropriate security context |
| This content is not included.JBEAP-27774 | EJB | This content is not included.WFLY-19681 - DatabaseTimerPersistence$RefreshTask can delay other threads' timer additions or removals when detecting many Timer removals from the database |
| This content is not included.JBEAP-27772 | Management | This content is not included.WFCORE-6963 - AbstractModelResource$DefaultResourceProvider.hasChildren inefficiency degrades with child count |
| This content is not included.JBEAP-27818 | REST | RestEasy doesn't support multiple media types in Accept header |
| This content is not included.JBEAP-27645 | Remoting | - This content is not included.REM3-417 Typo in jboss-remoting_5_2.xsd |
| This content is not included.JBEAP-28064 | Remoting | This content is not included.REM3-419 - IntIndexHashMap tuning |
| This content is not included.JBEAP-28269 | Security | org.picketlink.identity.federation.bindings.wildfly.sp.UndertowRedirectionHandler sets bad Content-Encoding |
| This content is not included.JBEAP-21293 | Undertow | This content is not included.UNDERTOW-2312 - Unescaped characters in URL from client does not work correctly when allowed for HTTP and HTTPS listeners |
| This content is not included.JBEAP-28295 | Undertow | This content is not included.UNDERTOW-2033 - secure predicate unreliable with HTTP/2 |
| This content is not included.JBEAP-28297 | Undertow | This content is not included.UNDERTOW-2046 - ProxyHandler passes hostname not IP in X-Forwarded-For |
| This content is not included.JBEAP-28299 | Undertow | This content is not included.UNDERTOW-2256 - Resource predicate presentation differs depending on how it is set up |
| This content is not included.JBEAP-28280 | Undertow | This content is not included.UNDERTOW-2333 - Undertow read/write timeout should not apply to WebSockets or SSE |
| This content is not included.JBEAP-28293 | Undertow | This content is not included.UNDERTOW-2343 - Zero-Byte Response and Empty Response Code on Page Refresh with Wildfly 30 and Firefox |
| This content is not included.JBEAP-28290 | Undertow | This content is not included.UNDERTOW-2381 - Invalid/benevolent hpack decoding of huffman-encoded string literal with EOS symbol |
| This content is not included.JBEAP-28282 | Undertow | This content is not included.UNDERTOW-2412 - Read stored json with default UTF-8 encoding |
| This content is not included.JBEAP-28284 | Undertow | This content is not included.UNDERTOW-2422 - Response Status Line protocol is hard-coded to "HTTP/1.1" |
| This content is not included.JBEAP-28301 | Undertow | This content is not included.UNDERTOW-2424 - Undertow produces malformed Http/1.1 responses under heavy concurrent load |
| This content is not included.JBEAP-28246 | Undertow | This content is not included.UNDERTOW-2448 - Broken responses after This content is not included.UNDERTOW-2425 |
| This content is not included.JBEAP-28286 | Undertow | This content is not included.UNDERTOW-2457 - Bytes may get lost across ProxyProtocolReadListener parsing invocations for v1 |
| This content is not included.JBEAP-27277 | Undertow | This content is not included.UNDERTOW-2397 - Handle Huffman encoding properly |
| This content is not included.JBEAP-27368 | Undertow | This content is not included.UNDERTOW-2418 - Adjust properly session timeout also in case when FORM is combined with other mechanisms |
| This content is not included.JBEAP-27599 | Undertow | This content is not included.UNDERTOW-2425 - io.undertow.servlet.spec.ServletPrintWriter.close() high CPU when encoding characters on previously errored writer |
| This content is not included.JBEAP-27970 | Undertow | This content is not included.UNDERTOW-2436 - Race condition for HttpServerExchange state allows missed FLAG_REQUEST_TERMINATED flag with async requests and subsequent connection stall |
| This content is not included.JBEAP-28124 | Undertow | This content is not included.UNDERTOW-2446 - HttpServletRequestImpl.getParts may throw exception after already loading parts |
| This content is not included.JBEAP-27982 | Undertow | This content is not included.UNDERTOW-2444 - Undertow HTTP2 breaks protocol specification in RST_STREAM scenarios |
| This content is not included.JBEAP-27722 | Web Services | This content is not included.JBWS-4429 - NPE when SOAP request with mismatched targetNameSpace is received |
Installation
Archive / zip / installer based installations
Note: This update zip should only be applied to installer or zip-based installations.
To apply this update using the CLI on Unix-based systems, run the following command from JBOSS_HOME:
bin/jboss-cli.sh "patch apply path/to/jboss-eap-7.4.20-patch.zip"
To apply this update using the CLI on Windows-based systems, run the following command from JBOSS_HOME:
bin\jboss-cli.bat "patch apply path\to\jboss-eap-7.4.20-patch.zip"
These commands will apply the update to the installation that contains the CLI script. Other scenarios and use of the management console are covered in the JBoss EAP 7.4 Patching And Upgrading Guide
RPM installations
See the documentation: Updating an RPM installation
OpenShift Container installations
Update the containers to use the This content is not included.latest tag, to be current on JBoss EAP bug fixes as well as OpenJDK and RHEL fixes.
This content is not included.Known Issues
Notes
- JBoss EAP 7.4 Update 13+ contains some bug fixes that did not make it into EAP 8.0 GA, it is recommended you move to EAP 8.0 latest Update
- Red Hat Insights is available for JBoss EAP 7.4 Update 11+ and accessible on the This content is not included.Red Hat Hybrid Cloud Console, see more details.
- Helm Chart for EAP 7.4 Updates
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- The Helm Chart for JBoss EAP 7.4 / JBoss EAP XP 3 allows to build and deploy applications on OpenShift using Helm package manager
- The IBM WebSphere MQ broker was updated to 9.2 for integration testing, see the Red Hat JBoss Enterprise Application Platform (EAP) 7 Tested Integrations for more details.
- Hibernate Search 5 APIs Deprecated in JBoss EAP 7.4 that will be changed in EAP 8 / Hibernate 6
- The RHSSO Galleon Layer is deprecated in JBoss EAP 7.4, see more details.
- JBoss EAP 7.4 Update 8+ now supports OpenJDK 17 / Oracle JDK 17, see configuration changes needed here.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 7
- jndi-name has been required for admin-object definitions as per the schema, the server will require it to be specified or will result in an error, see more details here
Category
Article Type