JBoss Enterprise Application Platform 8.0 Update 12 Release Notes
Updated
In order to better meet customer expectations, micro releases for JBoss EAP 8 have been discontinued and replaced with updates delivered on a repeating schedule.
Each new update will contain a number of bug fixes for customer reported issues and potentially a number of security fixes. We expect that the updates will substantially reduce the number of individual patches that we produce and that customers must manage to keep their installations up to date.
This update includes all fixes and changes from JBoss Enterprise Application Platform 8.0 Update 11
Download This content is not included.JBoss Enterprise Application Platform 8.0 Update 12
This update includes fixes for the following security related issues:
| ID | Component | Impact | Summary |
|---|---|---|---|
| This content is not included.JBEAP-30801 | Undertow | Important | [Minor Incident] CVE-2025-9784 undertow-core: Undertow MadeYouReset HTTP/2 DDoS Vulnerability |
| This content is not included.JBEAP-26958 | Undertow | Moderate | This content is not included.CVE-2024-3884 undertow: OutOfMemory when parsing form data encoding with application/x-www-form-urlencoded |
| This content is not included.JBEAP-31388 | Undertow | Important | This content is not included.CVE-2025-12543 undertow-core: Undertow HTTP Server Fails to Reject Malformed Host Headers Leading to Potential Cache Poisoning and SSRF |
This update includes the following bug fixes or changes:
| ID | Component | Summary |
|---|---|---|
| This content is not included.JBEAP-30981 | ActiveMQ | This content is not included.ENTMQBR-9922 - Compressed large messages overflow consumer credits. |
| This content is not included.JBEAP-28093 | CDI / Weld | - CombinedHierarchyTest fails on JDK 21 |
| This content is not included.JBEAP-31592 | EE | Yasson: Annotation-based serializers not applied to Object-typed properties with specific runtime types (#689) |
| This content is not included.JBEAP-31598 | EE | Yasson: JsonbException after fix of This content is not included.JBEAP-31299 (#685) |
| This content is not included.JBEAP-30791 | Hibernate | Content from hibernate.atlassian.net is not included.HHH-19739 - Exceptions during load of entity with different persistent fields with same name |
| This content is not included.JBEAP-31678 | Installer | This content is not included.WFCORE-7401 - [installation-manager] Handle patch archives created using zip -D option |
| This content is not included.JBEAP-30966 | Migration | Issue with EAP 8 migration tool regarding utf-8 compliant characters on Windows server |
| This content is not included.JBEAP-31432 | REST | This content is not included.RESTEASY-3600 - SseBroadcaster.broadcast(...) may block indefinitely due to uncompleted CompletionStage after session invalidation and undetected wrapped exception |
| This content is not included.JBEAP-31444 | REST | This content is not included.RESTEASY-3670 - Commons IO NIO File use can lead to larger memory use in EAP 8.0.0+ |
| This content is not included.JBEAP-30900 | Security | This content is not included.ELY-2946 - Add TRACE message warning if authenticationComplete called before |
| This content is not included.JBEAP-31401 | Security | This content is not included.ELY-2958 - elytron-oidc-client adapter-state-cookie-path does not change cookie path |
| This content is not included.JBEAP-28372 | Security | JBoss EAP installation manager fails to install keycloak-saml-adapter “Unexpected element '{urn:jboss:galleon:layer-spec:2.0}layer-spec” |
| This content is not included.JBEAP-31272 | Security | Provider URL of OIDC client does not work with relative URL nor with forwarded headers |
| This content is not included.JBEAP-31798 | Undertow | UT005108: Configuration option is no longer supported: REQUIRE_HOST_HTTP11 warning for every request |
| This content is not included.JBEAP-28683 | Undertow | This content is not included.UNDERTOW-2534 - ClassLoader of deployed websockets application leaks to XnioWorker |
| This content is not included.JBEAP-30606 | Undertow | This content is not included.UNDERTOW-2547 Perform gathering write in HttpRequestConduit to decrease latency |
| This content is not included.JBEAP-30605 | Undertow | This content is not included.UNDERTOW-2555 - AJP Redirect with unescaped characters in URL is not encoded |
| This content is not included.JBEAP-30535 | Undertow | This content is not included.UNDERTOW-2576 - ProxyHandler can throw NullPointerException if the source address SocketAddress has no ip address |
| This content is not included.JBEAP-30615 | Undertow | This content is not included.UNDERTOW-2588 - Undertow response can still break in case of Java 17 TLSv1.3 NewSessionTicket |
| This content is not included.JBEAP-30934 | Undertow | This content is not included.UNDERTOW-2605 - FixedLengthStreamSourceConduit does not clean up ReadTimeoutStreamSourceConduit after an exact Content-Length read |
| This content is not included.JBEAP-30946 | Undertow | This content is not included.UNDERTOW-2609 - Previous fixes in the handling of decoded characters in query requests reflect in getQueryString of APIs |
| This content is not included.JBEAP-32003 | Undertow | This content is not included.UNDERTOW-2663 - Unclear Error Message When Max Session Limit is Exceeded |
| This content is not included.JBEAP-31824 | Undertow | This content is not included.UNDERTOW-2677 - MultipartParserDefinition overrides max entity size already set and configured from other sources |
| This content is not included.JBEAP-25784 | Undertow | This content is not included.WFLY-18587 - ImportELResolver performance improvement |
| This content is not included.JBEAP-27324 | Web Services | This content is not included.JBWS-4424 - Heavy load in CXF Service.getPort calls from a servlet causes performance issue |
| This content is not included.JBEAP-31343 | Web Services | Content from issues.apache.org is not included.CXF-9171 - DelayedCachedOutputStreamCleaner thread accumulation after CVE-2025-23184 fix |
| This content is not included.JBEAP-25852 | JSF | JSF - UT015005 UnsupportedOperationException invoking method requestDestroyed |
Installation
Archive / zip / installer based installations
Note: This update zip should only be applied to installer or zip-based installations.
See the documentation: JBoss EAP 8.0 update methods
RPM installations
See the documentation: Updating an RPM installation
OpenShift Container installations
Update the containers to use the latest tag., to be current on OpenJDK and RHEL fixes.
Notes
- JBoss EAP 8.0 Update 4+ now supports OpenJDK 21 / Oracle JDK 21 / Adoptium JDK 21, see Supported Configurations.
- The EAP natives for s390x platform (IBM zSeries) are only supported in the OpenShift environment on IBM zSeries, i.e bare metal installations on IBM zSeries are not supported.
- Some JBoss EAP image templates depend on other products that may not have a s390x build, see here for more details
- Red Hat Insights is available for JBoss EAP 8 and accessible on the This content is not included.Red Hat Hybrid Cloud Console, see more details.
- Deprecated in Red Hat Enterprise Application Platform (EAP) 8
Category
Components
Article Type