JBoss Enterprise Application Platform 8.0 Update 5 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 8 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
This update includes all fixes and changes from JBoss Enterprise Application Platform 8.0 Update 4.1
Download This content is not included.JBoss Enterprise Application Platform 8.0 Update 5
This update includes fixes for the following security related issues:
| ID | Component | Impact | Summary |
|---|---|---|---|
| CVE-2024-8447 | Server | Major | org.jboss.narayana-narayana-all: deadlock via multiple join requests sent to LRA Coordinator [eap-8.0.z] |
| CVE-2024-4109 | Undertow | Moderate | undertow information leakage via HTTP/2 request header reuse |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.JBEAP-28385 | BootableJar | [Bootable JAR] Maven Plugin broken due to missing wildfly-cli:client shaded jar |
| This content is not included.JBEAP-27664 | Classloading | This content is not included.WFLY-19339 - Failed to instantiate InitialContextFactory com.sun.jndi.dns.DnsContextFactory |
| This content is not included.JBEAP-28156 | DataSource Galleon Pack | Wrong default value for oracle driver artifactId |
| This content is not included.JBEAP-28241 | EJB | This content is not included.EJBCLIENT-536 - EJB discovery results in Java-level deadlock |
| This content is not included.JBEAP-28148 | EJB | This content is not included.EJBCLIENT-539 - JBossEJBProperties failing to set appropriate security context |
| This content is not included.JBEAP-28051 | EJB | This content is not included.WFLY-19681 - DatabaseTimerPersistence$RefreshTask can delay other threads' timer additions or removals when detecting many Timer removals from the database |
| This content is not included.JBEAP-28213 | EJB | This content is not included.WFLY-19843 - Cloning a profile twice results in failed outcome |
| This content is not included.JBEAP-28131 | Hibernate | Content from hibernate.atlassian.net is not included.HHH-16772 - Generated bytecode for HibernateAccessOptimizer class is invalid and causes operand stack overflow issue |
| This content is not included.JBEAP-26165 | Installer | [GUI Installer] Exploded combobox items detached from combobox button on scrolling |
| This content is not included.JBEAP-28027 | Installer | GUI Installer can hung when installing MyFaces feature pack |
| This content is not included.JBEAP-27587 | Installer | [GUI installer] The generated installer-channels.yaml doesn't use a channel name from installation-manager's profiles. |
| This content is not included.JBEAP-27128 | Installer | Installer window title should not be tied to micro version |
| This content is not included.JBEAP-27739 | JMS | This content is not included.WFLY-19519 - Intermittent failures in JMSQueueManagementTestCase.removeJMSQueueRemovesAllMessages |
| This content is not included.JBEAP-27250 | JPA/Hibernate | JPA/Hibernate: cannot write to a JSONB column |
| This content is not included.JBEAP-28087 | MP Health | This content is not included.WFLY-18176 - WildFly Readiness probe should check the suspended state of the server |
| This content is not included.JBEAP-27782 | Management | This content is not included.WFCORE-6963 - AbstractModelResource$DefaultResourceProvider.hasChildren inefficiency degrades with child count |
| This content is not included.JBEAP-25219 | Maven Repository | Artifact jakarta.batch:jakarta.batch-api:2.1.1.redhat-00001 has incorrect Implementation-Version in MANIFEST.MF |
| This content is not included.JBEAP-22608 | Maven Repository | EAP 8.0 Maven repository contains poms with repository definitions |
| This content is not included.JBEAP-27347 | Packaging and Installing | Change the "name" field in the EAP 8.0 manifest to have only the version |
| This content is not included.JBEAP-27267 | Packaging and Installing | [jboss-eap-installation-manager] .installation/licenses/xp.txt not present when XP is installed on top of existing EAP installation |
| This content is not included.JBEAP-27367 | Packaging and Installing | [jboss-eap-installation-manager] Installation-manager should attempt to rollback changes if apply phase fails |
| This content is not included.JBEAP-27438 | Packaging and Installing | [jboss-eap-installation-manager] Non existing local file:// URL is treated as invalid by Prospero |
| This content is not included.JBEAP-27264 | Packaging and Installing | [jboss-eap-installation-manager] Order of the lines in installation/.cache/artifacts.txt is inconsistent |
| This content is not included.JBEAP-27429 | Packaging and Installing | [jboss-eap-installation-manager] Prevent making changes when conflicts in an update are rejected |
| This content is not included.JBEAP-26308 | Packaging and Installing | [jboss-eap-installation-manager] Reverting to the tip should be a no op |
| This content is not included.JBEAP-27450 | Packaging and Installing | [jboss-eap-installation-manager] URLs are not displayed uniformly when channel list command is used |
| This content is not included.JBEAP-27451 | Packaging and Installing | This content is not included.GAL-365 - Ignore non-readable folders in an installation folder when performing an update |
| This content is not included.JBEAP-27452 | Packaging and Installing | [jboss-eap-installation-manager] Ignore non-readable folders in an installation folder when performing an update |
| This content is not included.JBEAP-27328 | Packaging and Installing | Content in .galleon/hashes/.installation/.cache/hashes is inconsistent |
| This content is not included.JBEAP-27011 | REST | This content is not included.RESTEASY-3496 - RESTEasy 4.x+ missing the resteasy.disable.providers context parameter support |
| This content is not included.JBEAP-28377 | REST | This content is not included.RESTEASY-3502 - The Jackson Provider should add the Jackson Jdk8Module and JavaTimeModule by default |
| This content is not included.JBEAP-27317 | REST | This content is not included.RESTEASY-3510 - Default ExceptionMapper cannot be disabled by setting "dev.resteasy.exception.mapper" to false through |
| This content is not included.JBEAP-28346 | Remoting | Allow serialization of records of with non-primitive types |
| This content is not included.JBEAP-27612 | Remoting | This content is not included.REM3-417 - Typo in jboss-remoting_5_2.xsd |
| This content is not included.JBEAP-28065 | Remoting | This content is not included.REM3-419 - IntIndexHashMap tuning |
| This content is not included.JBEAP-28033 | Security | This content is not included.ELY-2813 - OIDC Adapter doesn't encode URL-parameters correctly |
| This content is not included.JBEAP-25232 | Server | This content is not included.UNDERTOW-2312 - Unescaped characters in URL from client does not work correctly when allowed for HTTP and HTTPS listeners |
| This content is not included.JBEAP-28296 | Undertow | This content is not included.UNDERTOW-2033 - secure predicate unreliable with HTTP/2 |
| This content is not included.JBEAP-28298 | Undertow | This content is not included.UNDERTOW-2046 - ProxyHandler passes hostname not IP in X-Forwarded-For |
| This content is not included.JBEAP-28300 | Undertow | This content is not included.UNDERTOW-2256 - Resource predicate presentation differs depending on how it is set up |
| This content is not included.JBEAP-28281 | Undertow | This content is not included.UNDERTOW-2333 - Undertow read/write timeout should not apply to WebSockets or SSE |
| This content is not included.JBEAP-28294 | Undertow | This content is not included.UNDERTOW-2343 - Zero-Byte Response and Empty Response Code on Page Refresh with Wildfly 30 and Firefox |
| This content is not included.JBEAP-28291 | Undertow | This content is not included.UNDERTOW-2381 - Invalid/benevolent hpack decoding of huffman-encoded string literal with EOS symbol |
| This content is not included.JBEAP-28283 | Undertow | This content is not included.UNDERTOW-2412 - Read stored json with default UTF-8 encoding |
| This content is not included.JBEAP-28285 | Undertow | This content is not included.UNDERTOW-2422 - Response Status Line protocol is hard-coded to "HTTP/1.1" |
| This content is not included.JBEAP-28302 | Undertow | This content is not included.UNDERTOW-2424 - Undertow produces malformed Http/1.1 responses under heavy concurrent load |
| This content is not included.JBEAP-28245 | Undertow | This content is not included.UNDERTOW-2448 - Broken responses after This content is not included.UNDERTOW-2425 |
| This content is not included.JBEAP-28287 | Undertow | This content is not included.UNDERTOW-2457 - Bytes may get lost across ProxyProtocolReadListener parsing invocations for v1 |
| This content is not included.JBEAP-27116 | Undertow | This content is not included.WFLY-19327 - UndertowDeploymentProcessor uses the virtual domain associated with the top level deployment |
| This content is not included.JBEAP-27278 | Undertow | This content is not included.UNDERTOW-2397 - Handle Huffman encoding properly |
| This content is not included.JBEAP-27299 | Undertow | This content is not included.UNDERTOW-2401 - Tags leak in WebInjectionContainer after exception |
| This content is not included.JBEAP-27330 | Undertow | This content is not included.UNDERTOW-2409 - Adjust properly session timeout also in case when GET requests with custom auth mechanisms are used |
| This content is not included.JBEAP-27369 | Undertow | This content is not included.UNDERTOW-2418 - Adjust properly session timeout also in case when FORM is combined with other mechanisms |
| This content is not included.JBEAP-27703 | Undertow | This content is not included.UNDERTOW-2425 - io.undertow.servlet.spec.ServletPrintWriter.close() high CPU when encoding characters on previously errored writer |
| This content is not included.JBEAP-27971 | Undertow | This content is not included.UNDERTOW-2436 - Race condition for HttpServerExchange state allows missed FLAG_REQUEST_TERMINATED flag with async requests and subsequent connection stall |
| This content is not included.JBEAP-28063 | Undertow | This content is not included.UNDERTOW-2446 - HttpServletRequestImpl.getParts may throw exception after already loading parts |
| This content is not included.JBEAP-27981 | Undertow | This content is not included.UNDERTOW-2444 - Undertow HTTP2 breaks protocol specification in RST_STREAM scenarios |
| This content is not included.JBEAP-28352 | Web Console | This content is not included.HAL-1987 - HAL - changing profile has no effect when configuring JDBC Realm "Security Realm" on domain mode |
| This content is not included.JBEAP-28319 | Web Console | This content is not included.HAL-1989 - Blank screen in domain mode with a hung host |
| This content is not included.JBEAP-28212 | Web Services | This content is not included.JBWS-4429 - NPE when SOAP request with mismatched targetNameSpace is received |
| This content is not included.JBEAP-28310 | Web Services | This content is not included.JBWS-4430 - Sever throws IllegalStateException when call a handler with the CDI bean invocation in EAP 8.0.3 or later [details] |
Installation
Archive / zip / installer based installations
Note: This update zip should only be applied to installer or zip-based installations.
See the documentation: JBoss EAP 8.0 update methods
RPM installations
See the documentation: Updating an RPM installation
OpenShift Container installations
Update the containers to use the latest tag., to be current on OpenJDK and RHEL fixes.
Notes
- JBoss EAP 8.0 Update 4+ now supports OpenJDK 21 / Oracle JDK 21 / Adoptium JDK 21, see Supported Configurations.
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- Red Hat Insights is available for JBoss EAP 8 and accessible on the This content is not included.Red Hat Hybrid Cloud Console, see more details.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 8
Category
Components
Article Type