github payara/Payara payara-server-6.2022.1
Payara Platform Community 6.2022.1
on GitHub

latest releases: payara-server-6.2024.5, payara-server-6.2024.5.RC1, payara-core-6.15.0...
18 months ago

Release notes - Payara Platform Community 6.2022.1

Supported APIs and Applications

  • Jakarta EE 10
  • Jakarta EE 10 Applications
  • MicroProfile 5

Security Vulnerability

We have been made aware of a 0-day vulnerability. This vulnerability exploit opens up to attackers a way to explore the contents of the WEB-INF and META-INF folders if an application is deployed to the root context. This vulnerability is similar to another 0-day vulnerability (CVE-2022-37422) we recently had. We would like to thank Michael Baer, Luc Créti and Jean-Michel Lenotte, all working for Atos, for alerting us to this vulnerability. You must upgrade to this latest version of Payara 6 Community to avoid the security issue.

Improvements

  • [FISH-372] Provide option to disable clustering functionality of Hazelcast on Payara Micro
  • [FISH-1336] Properly Shutdown Payara Micro on Ctrl+C
  • [FISH-5827] Stuck Thread count as MicroProfile Metric Gauge
  • [FISH-5828] Connection Pool Metrics Exposed as MicroProfile Metrics
  • [FISH-6434] Support OpenID Connect token issuer field in ADFS

Security Fix

  • [FISH-6603] 0-Day Vulnerability Exploit Using ROOT Context Deployments

Bug Fixes

  • [FISH-1418] JMX Service doesn't start on JDK 8u292 and 11.0.11
  • [FISH-5806] Remove JobManager from Payara Server
  • [FISH-6238] Microprofile Interceptors @Fallback @CircuitBreaker are not getting invoked if the EJB is a @Stateless Bean
  • [FISH-6347] Fix Admin Console (Post Mojarra Upgrade)
  • [FISH-6430] TransactionScopedCDIEventHelperImpl Injection Error
  • [FISH-6435] Dynamic Proxy is not Used when Injecting Context Types into Singleton EJB
  • [FISH-6470] GCM Cipher Suites Not Being Recognized
  • [FISH-6481] CORBA Incorrectly opening an additional TCP socket on Windows systems
  • [FISH-6500] hazelcast-configuration-file Domain Property Ignored
  • [FISH-6501] Commands in Postboot File Fail
  • [FISH-6506] Environment Variable Replacement in Payara Micro Logging Properties File Does Not Work
  • [FISH-6566] Unable to Restart Instance with Application containing JSON File
  • [FISH-6576] Jakarta EE 10 DDs schema definition file missing in Payara 6.x

Component Upgrades

Check out latest releases or
releases around payara/Payara payara-server-6.2022.1

Don't miss a new Payara release

NewReleases is sending notifications on new releases.

Get notifications