JBoss Enterprise Application Platform expansion pack (EAP XP) 5.0 Update 2 Release Notes
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
This update includes all fixes and changes from JBoss Enterprise Application Platform Expansion Pack (XP) 5.0 Update 1
Download This content is not included.JBoss Enterprise Application Platform Expansion Pack (XP) 5.0 Update 2
This update includes fixes for the following security related issues:
| ID | Component | Impact | Summary |
|---|---|---|---|
| CVE-2024-7254 | Server | Important | com.google.protobuf/protobuf-java: StackOverflow vulnerability in Protocol Buffers |
| CVE-2024-8447 | Transactions | Moderate | org.jboss.narayana-narayana-all: deadlock via multiple join requests sent to LRA Coordinator |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.JBEAP-26539 | Internationalization | [ALL LANG] Missing mark '*' next to Name in Config Source and Attributes pages of Add Config Source dialog. |
Installation
Archive / zip / installer based installations
Note: This update zip should only be applied to installer or zip-based installations.
See the documentation: This content is not included.JBoss EAP 8.0 update methods
OpenShift Container installations
Update the containers to use the This content is not included.latest tag., to be current on OpenJDK and RHEL fixes.