Releases: payara/Payara
Payara Platform Community 6.2023.4
Release notes - Payara Platform Community 6.2023.4
Supported APIs and Applications
- Jakarta EE 10
- Jakarta EE 10 Applications
- MicroProfile 6.0
Improvement
- [FISH-6908] Configure SameSite Cookie Attribute in Application Deployment Descriptor
Bug Fix
- [FISH-7202] Payara 6 deployment error with JDK17 and records
Component Upgrades
Payara Platform Community 6.2023.3
Release notes - Payara Platform Community 6.2023.3
Supported APIs and Applications
- Jakarta EE 10
- Jakarta EE 10 Applications
- MicroProfile 6.0
Known Issues
ASM Warning
- When deploying an application that contains a Java Record, there is a warning logged in the server logs about Records not being supported. No worries. Your application will deploy and work. This is a known issue that is being looked into.
Breaking Change
Minimum Required JDK
- The minimum required JDK to run this and subsequent releases of this stream is 11.0.12
- As this release comes with MicroProfile 6, you might want to peruse its release announcement to keep on top of any possible breaking changes
Improvements
- [FISH-7206] Update the REST SSL Alias Extension for Payara 6
- [FISH-1366] Upgrade cacerts.jks and keystore.jks to pkcs12
- [FISH-6634] Make Notifiers Payara 6 Compatible
- [FISH-6907] Configure SameSite Cookie Attribute Globally for an HTTP Network Listener
Bug Fixes
- [FISH-6479] SLF4J API fails to load an implementation
- [FISH-7016] Server Instances Zombie When Port Conflicts Are Detected During Startup
- [FISH-7063] Publish Jakarta Platform 10 in the BOM
- [FISH-7076] Malformed SQL when using SecondaryTable & PrimaryKeyJoinColumn annotations
- [FISH-7077] Deploy and redeploy using local packaged file not working
- [FISH-5981] 'java.lang.LinkageError' when using Apache Santuario and SLF4J/Logback
Component Upgrades
Payara Platform Community 6.2023.2
Release notes - Payara Platform Community 6.2023.2
Supported APIs and Applications
- Jakarta EE 10
- Jakarta EE 10 Applications
- MicroProfile 5.0
Breaking Change
MicroProfile OpenAPI property renamed
The MicroProfile OpenAPI config property was renamed from "mp.openapi.scan.lib" to "mp.openapi.extensions.scan.lib". If you are currently using this property and upgrading to Payara Community 6.2023.2 and later versions, please remember to change to this new one, otherwise your values may not be picked up.
Improvements
- [FISH-6927] Rename MicroProfile OpenAPI from "mp.openapi.scan.lib" to "mp.openapi.extensions.scan.lib" property (breaking change)
- [FISH-6963] [Community Contribution - pzygielo] Log Alias of Expired Certificate
- [FISH-7024] [Community Contribution - ctabin] Migration to Jakarta Persistence 3.0 namespace for EJB Timer services
Bug Fixes
- [FISH-6432] Applications Take Longer To Deploy on JDK 11 and 17
- [FISH-6815] Asadmin CLI Utility Commands [start/stop/restart-deployment-group] times out
- [FISH-6947] Command asadmin --detach list-instances is not working any more starting 5.45.0
- [FISH-6962] [Community Contribution - pzygielo] Incorrect MBeanMetadataConfig Class Name
- [FISH-6983] Revert Removal of JobManager
Payara Platform Community 6.2023.1
== Supported APIs and Applications
- Jakarta EE 10
- Jakarta EE 10 Applications
- MicroProfile 5.0
- FISH-1413 Allow using environment variables in the create-connector-connection-pool command
== Security Fix
- FISH-6644 Upgrade OpenSSL to v 1.1.1q or higher in Payara Server Docker Images
== Component Upgrades
- FISH-6720 Upgrade Jersey to 3.1.0-M8
- FISH-6721 Upgrade DBSchema to 6.7
- FISH-6722 Upgrade Schema2Beans to 6.7
- FISH-6820 Update Woodstox to 6.4.0
- FISH-6848 Upgrade Maven Install Plugin to 3.1.0
- FISH-6849 Upgrade Felix ConfigAdmin to 1.9.26
- FISH-6850 Upgrade Apache BCEL to 6.7.0
- FISH-6854 Upgrade Jackson to 2.14.1
Payara Platform Community 6.2022.2
Release notes - Payara Platform Community 6.2022.2
Supported APIs and Applications
- Jakarta EE 10
- Jakarta EE 10 Applications
- MicroProfile 5
Improvements
-
[FISH-1175] Fix Typo in
@Clusteredannotation attribute (Public API) -
[FISH-5809] Include jdk.internal.reflect packages in OSGi boot delegation configuration settings
-
[FISH-6495] Hazelcast File Configuration in Payara Embedded
-
[FISH-6588] Define Start-up, Post-Boot, Deployment, and Post-Start-up Phases
Security Fixes
-
[FISH-6715] Upgrade Apache BCEL to 6.6.1
-
[FISH-6775] Authorization Constraints Ignored When Using Path Traversal Penetration Using Default Virtual Module
Bug Fixes
-
[FISH-5778] The OpenApi
@Schema"name" Property does not Rename Annotated Class Attribute -
[FISH-5798] OpenAPI annotation
@Parameter(... explode # Explode.TRUE)gives stacktrace -
[FISH-5808] JAX-RS Subresources don't Appear in OpenAPI Document
-
[FISH-6066] Invalid property 'default-web-xml' on instance start-up
-
[FISH-6484] Docker Node Instance is Unable to Resolve Hostname for DAS on Docker
-
[FISH-6567] LDAP Realm Breaks with Java 11.0.15
-
[FISH-6596] Support jakarta.* request properties
-
[FISH-6729] Cannot Load Payara Deployment Transformer
Component Upgrades
-
[FISH-6578] [Community Contribution - [Lenny Primak] Update JNA in order to work with Apple Silicon
-
[FISH-6669] Upgrade JDK Versions in Docker Images to 8u352, 11.0.17, and 17.0.5
-
[FISH-6675] Upgrade Jackson to 2.13.4
-
[FISH-6676] Upgrade Snakeyaml to 1.33
-
[FISH-6700] Upgrade JLine to 3.21.0
-
[FISH-6701] Upgrade Javassist to 3.29.2-GA
-
[FISH-6702] Upgrade metainf-services to 1.9
-
[FISH-6704] Upgrade Felix Config Admin to 1.9.24
-
[FISH-6705] Upgrade Felix Event Admin to 1.6.4
-
[FISH-6706] Upgrade Felix File Install to 3.7.4.payara-p1
-
[FISH-6707] Upgrade Felix Gogo Runtime to 1.1.6
-
[FISH-6708] Upgrade Felix to 7.0.5
-
[FISH-6709] Upgrade Felix SCR to 2.1.30
-
[FISH-6710] Upgrade Felix Web Console to 4.8.4
-
[FISH-6711] Upgrade OSGi Util Function to 1.2.0
-
[FISH-6712] Upgrade OSGi Util Promise to 1.2.0
-
[FISH-6714] Upgrade Management API to 3.2.3
-
[FISH-6718] Upgrade Build and Test Plugins
-
[FISH-6724] Upgrade Payara Deployment Transformer API to 1.1.1
-
[FISH-6726] Upgrade Eclipse Payara Transformer to 0.2.9
Payara Platform Community 5.2022.5
Release Notes - Payara Platform Community 5.2022.5
Supported APIs and Applications
- Jakarta EE 8
- Jakarta EE 8 Applications
- Jakarta EE 9
- MicroProfile 4.1
Notes
Payara 5.2022.5 is the final release of Payara 5 Community. Payara 5 Community will receive no more bug fixes, updates or improvements. Payara 5 Community is now replaced by Payara 6 Community, to be used with Jakarta EE 10. If you want to keep using earlier Java EE/Jakarta EE versions, we encourage you to move to Payara 5 Enterprise.
Improvements
-
[FISH-5809] Include jdk.internal.reflect packages in OSGi boot delegation configuration settings
-
[FISH-6495] Hazelcast File Configuration in Payara Embedded
Security Fixes
-
[FISH-6715] Upgrade Apache BCEL to 6.6.1
-
[FISH-6775] Authorization Constraints Ignored When Using Path Traversal Penetration Using Default Virtual Module
Bug Fixes
-
[FISH-5778] The OpenApi
@Schema"name" Property does not Rename Annotated Class Attribute -
[FISH-5798] OpenAPI annotation
@Parameter(... explode # Explode.TRUE)gives stacktrace -
[FISH-5808] JAX-RS Subresources don't Appear in OpenAPI Document
-
[FISH-6022] MicroProfile JWT Token verified on unauthorized endpoints
-
[FISH-6047] Single-Sign-On logout action not working correctly when used with Jakarta EE Security features
-
[FISH-6066] Invalid property 'default-web-xml' on instance start-up
-
[FISH-6299] Expired/Invalid JWT-Token and CORS-errors
-
[FISH-6499] NullPointerException When Deploying An Application
-
[FISH-6567] LDAP Realm Breaks with Java 11.0.15
-
[FISH-6598] Fix Authentication Mechanism Lookup for Per-Module Auth Configuration in EAR
-
[FISH-6606] Empty Zip File Error When Deploying via Admin Console
Component Upgrades
-
[FISH-6669] Upgrade JDK Versions in Docker Images to 8u352, 11.0.17, and 17.0.5
-
[FISH-6670] Upgrade Jersey to 2.37
-
[FISH-6671] Upgrade Servlet-API to 4.0.4
-
[FISH-6672] Upgrade Hibernate Validator to 6.2.5.Final
-
[FISH-6673] Upgrade Jakarta EL to 3.0.4
-
[FISH-6674] Upgrade Mail to 1.6.7
-
[FISH-6675] Upgrade Jackson to 2.13.4
-
[FISH-6676] Upgrade Snakeyaml to 1.33
-
[FISH-6677] Upgrade Hazelcast to 4.2.5
-
[FISH-6678] Upgrade JAXB-API to 2.3.3
-
[FISH-6679] Upgrade JAXB-OSGi to 2.3.7
-
[FISH-6681] Upgrade Tyrus to 1.20
-
[FISH-6682] Upgrade Yasson to 1.0.11
-
[FISH-6683] Upgrade EclipseLink to 2.7.11
-
[FISH-6684] Upgrade Jakarta Inject to 1.0.5
-
[FISH-6685] Upgrade Weld to 3.1.9.Final
-
[FISH-6686] Upgrade ASM to 9.4
-
[FISH-6687] Upgrade Concurrency to 1.1
-
[FISH-6688] Upgrade Istack Commons to 3.0.12
-
[FISH-6689] Upgrade Activation to 1.2.2
-
[FISH-6690] Upgrade JAX-WS to 2.3.3
-
[FISH-6691] Upgrade JMS to 2.0.3
-
[FISH-6692] Upgrade MicroProfile Config to 2.0.1
-
[FISH-6693] Upgrade MicroProfile JWT-Auth to 1.2.2
-
[FISH-6694] Upgrade MicroProfile Metrics to 3.0.1
-
[FISH-6695] Upgrade MicroProfile OpenAPI to 2.0.1
-
[FISH-6696] Upgrade OSGi DTO to 1.1.1
-
[FISH-6698] Upgrade Woodstox to 5.4.0
-
[FISH-6699] Upgrade HA API to 3.1.13
-
[FISH-6700] Upgrade JLine to 3.21.0
-
[FISH-6701] Upgrade Javassist to 3.29.2-GA
-
[FISH-6702] Upgrade metainf-services to 1.9
-
[FISH-6703] Upgrade Mimepull to 1.9.15
-
[FISH-6704] Upgrade Felix Config Admin to 1.9.24
-
[FISH-6705] Upgrade Felix Event Admin to 1.6.4
-
[FISH-6706] Upgrade Felix File Install to 3.7.4.payara-p1
-
[FISH-6707] Upgrade Felix Gogo Runtime to 1.1.6
-
[FISH-6708] Upgrade Felix to 7.0.5
-
[FISH-6709] Upgrade Felix SCR to 2.1.30
-
[FISH-6710] Upgrade Felix Web Console to 4.8.4
-
[FISH-6711] Upgrade OSGi Util Function to 1.2.0
-
[FISH-6712] Upgrade OSGi Util Promise to 1.2.0
-
[FISH-6714] Upgrade Management API to 3.2.3
-
[FISH-6717] Upgrade JBoss Logging to 3.4.3.Final
-
[FISH-6718] Upgrade Build and Test Plugins
-
[FISH-6726] Upgrade Eclipse Payara Transformer to 0.2.9
Payara Platform Community 6.2022.1
Release notes - Payara Platform Community 6.2022.1
Supported APIs and Applications
- Jakarta EE 10
- Jakarta EE 10 Applications
- MicroProfile 5
Security Vulnerability
We have been made aware of a 0-day vulnerability. This vulnerability exploit opens up to attackers a way to explore the contents of the WEB-INF and META-INF folders if an application is deployed to the root context. This vulnerability is similar to another 0-day vulnerability (CVE-2022-37422) we recently had. We would like to thank Michael Baer, Luc Créti and Jean-Michel Lenotte, all working for Atos, for alerting us to this vulnerability. You must upgrade to this latest version of Payara 6 Community to avoid the security issue.
Improvements
- [FISH-372] Provide option to disable clustering functionality of Hazelcast on Payara Micro
- [FISH-1336] Properly Shutdown Payara Micro on Ctrl+C
- [FISH-5827] Stuck Thread count as MicroProfile Metric Gauge
- [FISH-5828] Connection Pool Metrics Exposed as MicroProfile Metrics
- [FISH-6434] Support OpenID Connect token issuer field in ADFS
Security Fix
- [FISH-6603] 0-Day Vulnerability Exploit Using ROOT Context Deployments
Bug Fixes
- [FISH-1418] JMX Service doesn't start on JDK 8u292 and 11.0.11
- [FISH-5806] Remove JobManager from Payara Server
- [FISH-6238] Microprofile Interceptors
@Fallback@CircuitBreakerare not getting invoked if the EJB is a@StatelessBean - [FISH-6347] Fix Admin Console (Post Mojarra Upgrade)
- [FISH-6430] TransactionScopedCDIEventHelperImpl Injection Error
- [FISH-6435] Dynamic Proxy is not Used when Injecting Context Types into Singleton EJB
- [FISH-6470] GCM Cipher Suites Not Being Recognized
- [FISH-6481] CORBA Incorrectly opening an additional TCP socket on Windows systems
- [FISH-6500]
hazelcast-configuration-fileDomain Property Ignored - [FISH-6501] Commands in Postboot File Fail
- [FISH-6506] Environment Variable Replacement in Payara Micro Logging Properties File Does Not Work
- [FISH-6566] Unable to Restart Instance with Application containing JSON File
- [FISH-6576] Jakarta EE 10 DDs schema definition file missing in Payara 6.x
Component Upgrades
- [FISH-6357] Ensure No Longer Using Jakarta Milestone Components
- [FISH-6543] Update JAXB Impl to 4.0.1
Payara Platform Community 5.2022.4
Release notes - Payara Platform Community 5.2022.4
Supported APIs and Applications
- Jakarta EE 8
- Jakarta EE 8 Applications
- Jakarta EE 9
- MicroProfile 4.1
Security Vulnerability
We have been made aware of a 0-day vulnerability. This vulnerability exploit opens up to attackers a way to explore the contents of the WEB-INF and META-INF folders if an application is deployed to the root context. This vulnerability is similar to another 0-day vulnerability (CVE-2022-37422) we recently had. We would like to thank Michael Baer, Luc Créti and Jean-Michel Lenotte, all working for Atos, for alerting us to this vulnerability. You must upgrade to this latest version of Payara 5 Community to avoid the security issue.
Improvements
- [FISH-6434] Support OpenID Connect token issuer field in ADFS
- [FISH-5828] Connection Pool Metrics Exposed as MicroProfile Metrics
- [FISH-5827] Stuck Thread count as MicroProfile Metric Gauge
- [FISH-372] Provide option to disable clustering functionality of Hazelcast on Payara Micro
Security Fixes
- [FISH-6603] 0-Day Vulnerability Exploit Using ROOT Context Deployments
- [FISH-6522] FIX CVE-2021-31684/Gihub Advisory - GHSA-fg2v-w576-w4v3 in Payara Platform
- [FISH-6391] Fix sonatype-2014-0173 commons-fileupload : commons-fileupload : 1.3.3
Bug Fixes
- [FISH-5980] Add Option to use ForkJoinPool for Managed Executor Services
- [FISH-6566] Unable to Restart Instance with Application containing JSON File
- [FISH-6506] Environment Variable Replacement in Payara Micro Logging Properties File Does Not Work
- [FISH-6501] Commands in Postboot File Fail
- [FISH-6500]
hazelcast-configuration-fileDomain Property Ignored - [FISH-6481] CORBA Incorrectly opening an additional TCP socket on Windows systems
- [FISH-6477] [Community Contribution - Piotrek Żygieło] Wrong License in Payara Zip Distribution
- [FISH-6470] GCM Cipher Suites Not Being Recognized
- [FISH-6435] Dynamic Proxy is not Used when Injecting Context Types into Singleton EJB
- [FISH-6430] TransactionScopedCDIEventHelperImpl Injection Error
- [FISH-6415] Unexpected error when starting instance hosted in remote SSH nodes on Windows OS system via Cygwin
- [FISH-6238] Microprofile Interceptors
@Fallback@CircuitBreakerare not getting invoked if the EJB is a@StatelessBean - [FISH-5806] Remove JobManager from Payara Server
- [FISH-5723] WebAppClassloader instances are memory leaked
Component Upgrade
- [FISH-6285] Upgrade Jersey to 2.36
Payara Platform Community 6.2022.1.Alpha4
Milestone release that is intended for certification against Jakarta EE 10 Platform.
Known issues include the MicroProfile integration being broken by the CDI upgrade.
Improvements
- [FISH-6336] [Community Contribution - Tenariel] Bouncy Castle FIPS Integration for HTTPS Connection
- [FISH-6034] Rework Eclipse Transformer into an Extension
- [FISH-5980] Add Option to use ForkJoinPool for Managed Executor Services
Security Fixes
- [FISH-6459] 0-day vulnerability exploit using ROOT context root deployments
- [FISH-6214] Upgrade Jackson to 2.13.3 & SnakeYaml to 1.30
Bug Fixes
- [FISH-6362] The dropdown option to select SSH User Authentication method is broken
- [FISH-6355] Disabled TRACE HTTP Method Still Shows as Enabled
- [FISH-6352] File locks prevent undeployment on Windows
- [FISH-6308] Can't select a different instances when viewing Raw Log
- [FISH-6307] Can't collect domain logs from the Admin Console
- [FISH-6301] The "Enable Asadmin Recorder" button is not visible in the header of the Admin Console
- [FISH-6276] The Healthcheck Service for Hogging threads throws ArithmeticException
- [FISH-6243] On changing the log level in batch results internal server error in the Admin Console
- [FISH-6072] WebSocket Redeployment Fails
- [FISH-1515] Connection Closes Prematurely On HTTP/2 HTTPS Connections When Request Takes Long To Complete
- [FISH-6103] SimplePolicyProvider cannot be used for JACC Per Application
- [FISH-6298] OpenAPI document doesn't take into account multiple applications deployment
- [FISH-6392] Improve memory management of ALPN negotiator maps in Grizzly NPN NegotiationSupport class
- [FISH-6415] Unexpected error when starting instance hosted in remote SSH nodes on Windows OS system via Cygwin
- [FISH-6477] [Community Contribution - pzygielo] Wrong License in Payara Zip Distribution
Component Upgrades
- [FISH-6471] Upgrade Docker Image JDK Versions to 8u345, 11.0.16, 17.0.4
- [FISH-6439] Upgrade Jersey to 3.1.0-M7
- [FISH-6369] Use Grizzly 4.0.0
- [FISH-6110] Upgrade to latest H2 version
- [FISH-6077] Upgrade Jakarta Messaging 3.1 and integrate latest OpenMQ
- [FISH-5747] Upgrade Glassfish Corba to 4.2.4.payara-p1
- [FISH-6512] Upgrade Jakarta Annotations to 2.1.1
Payara Platform Community 5.2022.3
Release notes - Payara Platform Community 5.2022.3
Supported APIs and Applications
- Jakarta EE 8
- Jakarta EE 8 Applications
- Jakarta EE 9
- MicroProfile 4.1
Improvements
- https://github.com/payara/Payara/pull/5839[[FISH-6429]] Add Option to Skip Building JDK17 Docker Images
- https://github.com/payara/Payara/pull/5873[[FISH-6336]] https://github.com/Tenariel[[Community Contribution]] Bouncy Castle FIPS Integration for HTTPS Connection
- https://github.com/payara/Payara/pull/5862[[FISH-5980]] Add Option to use ForkJoinPool for Managed Executor Services
- https://github.com/payara/Payara/pull/5755[[FISH-5955]] Support lib/ext libraries on JDK 11+
- https://github.com/payara/Payara/pull/5720[[FISH-5893]] Allow to Specify the Timeout Options for Starting an Instance with Admin Console.
- https://github.com/payara/Payara/pull/5814[[FISH-5722]] Allow Managed Executors to be Defined in 'payara-resources.xml'
- https://github.com/payara/Payara/pull/5827[[FISH-1336]] Properly Shutdown Payara Micro on Ctrl+C
Security Fixes
- https://github.com/payara/Payara/pull/5886[[FISH-6459]] 0-day vulnerability exploit using ROOT context root deployments
Bug Fixes
- https://github.com/payara/Payara/pull/5845[[FISH-6392]] Improve memory management of ALPN negotiator maps in Grizzly NPN NegotiationSupport class
- https://github.com/payara/Payara/pull/5858[[FISH-6389]] Update Woodstox-core to 5.3.0
- https://github.com/payara/Payara/pull/5830[[FISH-6355]] Disabled TRACE HTTP Method Still Shows as Enabled
- https://github.com/payara/Payara/pull/5874[[FISH-6298]] OpenAPI document doesn't take into account multiple applications deployment
- https://github.com/payara/Payara/pull/5864[[FISH-6276]] The Healthcheck Service for Hogging threads throws ArithmeticException
- https://github.com/payara/Payara/pull/5749[[FISH-6260]] Looking Up An MDB using AppClient Causes 'java.lang.NoSuchFieldException: parent' on JDK 17
- https://github.com/payara/Payara/pull/5785[[FISH-6259]] Looking Up A Remote EJB Using AppClient Gets A NPE on JNDI Lookup on JDK 17.
- https://github.com/payara/Payara/pull/5866[[FISH-6072]] WebSocket Redeployment Fails
- https://github.com/payara/Payara/pull/5804[[FISH-6041]] Microprofile Config getOptionalValue Method throws NoSuchElementException if the environment value does not exist
- https://github.com/payara/Payara/pull/5847[[FISH-1515]] Connection Closes Prematurely On HTTP/2 HTTPS Connections When Request Takes Long To Complete
Component Upgrades
- https://github.com/payara/Payara/pull/5890[[FISH-6471]] Upgrade Docker Image JDK Versions to 8u345, 11.0.16, 17.0.4
- https://github.com/payara/Payara/pull/5836[[FISH-6398]] Update Docker Image Java Versions to 11.0.15, 17.0.3, and 8u332
- https://github.com/payara/Payara/pull/5815[[FISH-6331]]https://github.com/flowlogix[[Community Contribution]] Upgrade to ASM 9.3
- https://github.com/payara/Payara/pull/5743[[FISH-6275]] Hazelcast 4.2.4
- https://github.com/payara/Notifiers/pull/23[[FISH-6263]] Smack 4.3.4
- https://github.com/payara/Payara/pull/5734[[FISH-6262]] Json-smart 2.4.8