github payara/Payara payara-server-5.2021.3
Payara Server Community Edition 5.2021.3

Release notes - Payara Platform Development - Version 5.2021.3


Metro (JAX-WS implementation) remote code vulnerability

We have fixed a remote code vulnerability in the Metro framework. If you have an application deployed on the Payara Server that makes use of the JAX-WS features, please update your environment.

Release Notes

New Feature

  • [FISH-1021] - Add Support for Setting the HSTS Header


  • [FISH-1311] - (Community Contribution - AngelTG2) asadmin create-password-alias is very slow when there are many aliases created
  • [FISH-1304] - (Community Contribution - avpinchuk) Basic Auth support for the remote GAV retrieval during uber jar creation for Payara Micro
  • [FISH-1295] - Code cleanup in security-core module
  • [FISH-1287] - Admin console responds very slowly when remote instances are slow to respond
  • [FISH-1286] - Add missing JDK 11 packages to OSGI
  • [FISH-987] - Add option to disable evaluating Class references in EL in JSPs

Bug Fixes

  • [FISH-1297] - Payara fails to start in certain network configurations
  • [FISH-1293] - Disassociate ClusteredStore from tenants
  • [FISH-1289] - Race condition in Payara Micro initialization
  • [FISH-1214] - Fix ConfigParser Throws Exception when Parsing Domain.xml From CLICommand.
  • [FISH-84] - ELResolver cannot handle a null base Object with identifier in EAR

Component Upgrade

  • [FISH-858] - Upgrade Hazelcast 4.1 > 4.2 with Tenant Control


  • [FISH-1274] - Vulnerability in Metro's WSDL Code Importing/Parsing - Remote Code Execution
latest releases: payara-server-5.2021.7, payara-server-5.2021.7.RC2, payara-server-5.2021.7.RC1...
4 months ago