Release notes - Payara Platform Development - Version 5.2021.3

Notes

Metro (JAX-WS implementation) remote code vulnerability

We have fixed a remote code vulnerability in the Metro framework. If you have an application deployed on the Payara Server that makes use of the JAX-WS features, please update your environment.

Release Notes

New Feature

• [FISH-1021] - Add Support for Setting the HSTS Header

Improvement

• [FISH-1311] - (Community Contribution - AngelTG2) asadmin create-password-alias is very slow when there are many aliases created
• [FISH-1304] - (Community Contribution - avpinchuk) Basic Auth support for the remote GAV retrieval during uber jar creation for Payara Micro
• [FISH-1295] - Code cleanup in security-core module
• [FISH-1287] - Admin console responds very slowly when remote instances are slow to respond
• [FISH-1286] - Add missing JDK 11 packages to OSGI
• [FISH-987] - Add option to disable evaluating Class references in EL in JSPs

Bug Fixes

• [FISH-1297] - Payara fails to start in certain network configurations
• [FISH-1293] - Disassociate ClusteredStore from tenants
• [FISH-1289] - Race condition in Payara Micro initialization
• [FISH-1214] - Fix ConfigParser Throws Exception when Parsing Domain.xml From CLICommand.
• [FISH-84] - ELResolver cannot handle a null base Object with identifier in EAR

Component Upgrade

• [FISH-858] - Upgrade Hazelcast 4.1 > 4.2 with Tenant Control

Security

• [FISH-1274] - Vulnerability in Metro's WSDL Code Importing/Parsing - Remote Code Execution