Release notes - Payara Platform Community 6.2022.2

Supported APIs and Applications

• Jakarta EE 10
• Jakarta EE 10 Applications
• MicroProfile 5

Improvements

• [FISH-1175] Fix Typo in @Clustered annotation attribute (Public API)

• [FISH-5809] Include jdk.internal.reflect packages in OSGi boot delegation configuration settings

• [FISH-6495] Hazelcast File Configuration in Payara Embedded

• [FISH-6588] Define Start-up, Post-Boot, Deployment, and Post-Start-up Phases

Security Fixes

• [FISH-6715] Upgrade Apache BCEL to 6.6.1

• [FISH-6775] Authorization Constraints Ignored When Using Path Traversal Penetration Using Default Virtual Module

Bug Fixes

• [FISH-5778] The OpenApi @Schema "name" Property does not Rename Annotated Class Attribute

• [FISH-5798] OpenAPI annotation @Parameter(... explode # Explode.TRUE) gives stacktrace

• [FISH-5808] JAX-RS Subresources don't Appear in OpenAPI Document

• [FISH-6066] Invalid property 'default-web-xml' on instance start-up

• [FISH-6484] Docker Node Instance is Unable to Resolve Hostname for DAS on Docker

• [FISH-6567] LDAP Realm Breaks with Java 11.0.15

• [FISH-6596] Support jakarta.* request properties

• [FISH-6729] Cannot Load Payara Deployment Transformer

Component Upgrades

• [FISH-6578] [Community Contribution - [Lenny Primak] Update JNA in order to work with Apple Silicon

• [FISH-6669] Upgrade JDK Versions in Docker Images to 8u352, 11.0.17, and 17.0.5

• [FISH-6675] Upgrade Jackson to 2.13.4

• [FISH-6676] Upgrade Snakeyaml to 1.33

• [FISH-6700] Upgrade JLine to 3.21.0

• [FISH-6701] Upgrade Javassist to 3.29.2-GA

• [FISH-6702] Upgrade metainf-services to 1.9

• [FISH-6704] Upgrade Felix Config Admin to 1.9.24

• [FISH-6705] Upgrade Felix Event Admin to 1.6.4

• [FISH-6706] Upgrade Felix File Install to 3.7.4.payara-p1

• [FISH-6707] Upgrade Felix Gogo Runtime to 1.1.6

• [FISH-6708] Upgrade Felix to 7.0.5

• [FISH-6709] Upgrade Felix SCR to 2.1.30

• [FISH-6710] Upgrade Felix Web Console to 4.8.4

• [FISH-6711] Upgrade OSGi Util Function to 1.2.0

• [FISH-6712] Upgrade OSGi Util Promise to 1.2.0

• [FISH-6714] Upgrade Management API to 3.2.3

• [FISH-6718] Upgrade Build and Test Plugins

• [FISH-6724] Upgrade Payara Deployment Transformer API to 1.1.1

• [FISH-6726] Upgrade Eclipse Payara Transformer to 0.2.9

Release Notes - Payara Platform Community 5.2022.5

Supported APIs and Applications

• Jakarta EE 8
• Jakarta EE 8 Applications
• Jakarta EE 9
• MicroProfile 4.1

Notes

Payara 5.2022.5 is the final release of Payara 5 Community. Payara 5 Community will receive no more bug fixes, updates or improvements. Payara 5 Community is now replaced by Payara 6 Community, to be used with Jakarta EE 10. If you want to keep using earlier Java EE/Jakarta EE versions, we encourage you to move to Payara 5 Enterprise.

Improvements

• [FISH-5809] Include jdk.internal.reflect packages in OSGi boot delegation configuration settings

• [FISH-6495] Hazelcast File Configuration in Payara Embedded

Security Fixes

• [FISH-6715] Upgrade Apache BCEL to 6.6.1

• [FISH-6775] Authorization Constraints Ignored When Using Path Traversal Penetration Using Default Virtual Module

Bug Fixes

• [FISH-5778] The OpenApi @Schema "name" Property does not Rename Annotated Class Attribute

• [FISH-5798] OpenAPI annotation @Parameter(... explode # Explode.TRUE) gives stacktrace

• [FISH-5808] JAX-RS Subresources don't Appear in OpenAPI Document

• [FISH-6022] MicroProfile JWT Token verified on unauthorized endpoints

• [FISH-6047] Single-Sign-On logout action not working correctly when used with Jakarta EE Security features

• [FISH-6066] Invalid property 'default-web-xml' on instance start-up

• [FISH-6299] Expired/Invalid JWT-Token and CORS-errors

• [FISH-6484] Docker Node Instance is Unable to Resolve Hostname for DAS on Docker

• [FISH-6499] NullPointerException When Deploying An Application

• [FISH-6567] LDAP Realm Breaks with Java 11.0.15

• [FISH-6598] Fix Authentication Mechanism Lookup for Per-Module Auth Configuration in EAR

• [FISH-6606] Empty Zip File Error When Deploying via Admin Console

Component Upgrades

• [FISH-6669] Upgrade JDK Versions in Docker Images to 8u352, 11.0.17, and 17.0.5

• [FISH-6670] Upgrade Jersey to 2.37

• [FISH-6671] Upgrade Servlet-API to 4.0.4

• [FISH-6672] Upgrade Hibernate Validator to 6.2.5.Final

• [FISH-6673] Upgrade Jakarta EL to 3.0.4

• [FISH-6674] Upgrade Mail to 1.6.7

• [FISH-6675] Upgrade Jackson to 2.13.4

• [FISH-6676] Upgrade Snakeyaml to 1.33

• [FISH-6677] Upgrade Hazelcast to 4.2.5

• [FISH-6678] Upgrade JAXB-API to 2.3.3

• [FISH-6679] Upgrade JAXB-OSGi to 2.3.7

• [FISH-6681] Upgrade Tyrus to 1.20

• [FISH-6682] Upgrade Yasson to 1.0.11

• [FISH-6683] Upgrade EclipseLink to 2.7.11

• [FISH-6684] Upgrade Jakarta Inject to 1.0.5

• [FISH-6685] Upgrade Weld to 3.1.9.Final

• [FISH-6686] Upgrade ASM to 9.4

• [FISH-6687] Upgrade Concurrency to 1.1

• [FISH-6688] Upgrade Istack Commons to 3.0.12

• [FISH-6689] Upgrade Activation to 1.2.2

• [FISH-6690] Upgrade JAX-WS to 2.3.3

• [FISH-6691] Upgrade JMS to 2.0.3

• [FISH-6692] Upgrade MicroProfile Config to 2.0.1

• [FISH-6693] Upgrade MicroProfile JWT-Auth to 1.2.2

• [FISH-6694] Upgrade MicroProfile Metrics to 3.0.1

• [FISH-6695] Upgrade MicroProfile OpenAPI to 2.0.1

• [FISH-6696] Upgrade OSGi DTO to 1.1.1

• [FISH-6698] Upgrade Woodstox to 5.4.0

• [FISH-6699] Upgrade HA API to 3.1.13

• [FISH-6700] Upgrade JLine to 3.21.0

• [FISH-6701] Upgrade Javassist to 3.29.2-GA

• [FISH-6702] Upgrade metainf-services to 1.9

• [FISH-6703] Upgrade Mimepull to 1.9.15

• [FISH-6704] Upgrade Felix Config Admin to 1.9.24

• [FISH-6705] Upgrade Felix Event Admin to 1.6.4

• [FISH-6706] Upgrade Felix File Install to 3.7.4.payara-p1

• [FISH-6707] Upgrade Felix Gogo Runtime to 1.1.6

• [FISH-6708] Upgrade Felix to 7.0.5

• [FISH-6709] Upgrade Felix SCR to 2.1.30

• [FISH-6710] Upgrade Felix Web Console to 4.8.4

• [FISH-6711] Upgrade OSGi Util Function to 1.2.0

• [FISH-6712] Upgrade OSGi Util Promise to 1.2.0

• [FISH-6714] Upgrade Management API to 3.2.3

• [FISH-6717] Upgrade JBoss Logging to 3.4.3.Final

• [FISH-6718] Upgrade Build and Test Plugins

• [FISH-6726] Upgrade Eclipse Payara Transformer to 0.2.9

Release notes - Payara Platform Community 6.2022.1

Supported APIs and Applications

• Jakarta EE 10
• Jakarta EE 10 Applications
• MicroProfile 5

Security Vulnerability

We have been made aware of a 0-day vulnerability. This vulnerability exploit opens up to attackers a way to explore the contents of the WEB-INF and META-INF folders if an application is deployed to the root context. This vulnerability is similar to another 0-day vulnerability (CVE-2022-37422) we recently had. We would like to thank Michael Baer, Luc Créti and Jean-Michel Lenotte, all working for Atos, for alerting us to this vulnerability. You must upgrade to this latest version of Payara 6 Community to avoid the security issue.

Improvements

• [FISH-372] Provide option to disable clustering functionality of Hazelcast on Payara Micro
• [FISH-1336] Properly Shutdown Payara Micro on Ctrl+C
• [FISH-5827] Stuck Thread count as MicroProfile Metric Gauge
• [FISH-5828] Connection Pool Metrics Exposed as MicroProfile Metrics
• [FISH-6434] Support OpenID Connect token issuer field in ADFS

Security Fix

• [FISH-6603] 0-Day Vulnerability Exploit Using ROOT Context Deployments

Bug Fixes

• [FISH-1418] JMX Service doesn't start on JDK 8u292 and 11.0.11
• [FISH-5806] Remove JobManager from Payara Server
• [FISH-6238] Microprofile Interceptors @Fallback @CircuitBreaker are not getting invoked if the EJB is a @Stateless Bean
• [FISH-6347] Fix Admin Console (Post Mojarra Upgrade)
• [FISH-6430] TransactionScopedCDIEventHelperImpl Injection Error
• [FISH-6435] Dynamic Proxy is not Used when Injecting Context Types into Singleton EJB
• [FISH-6470] GCM Cipher Suites Not Being Recognized
• [FISH-6481] CORBA Incorrectly opening an additional TCP socket on Windows systems
• [FISH-6500] hazelcast-configuration-file Domain Property Ignored
• [FISH-6501] Commands in Postboot File Fail
• [FISH-6506] Environment Variable Replacement in Payara Micro Logging Properties File Does Not Work
• [FISH-6566] Unable to Restart Instance with Application containing JSON File
• [FISH-6576] Jakarta EE 10 DDs schema definition file missing in Payara 6.x

Component Upgrades

• [FISH-6357] Ensure No Longer Using Jakarta Milestone Components
• [FISH-6543] Update JAXB Impl to 4.0.1

Release notes - Payara Platform Community 5.2022.4

Supported APIs and Applications

• Jakarta EE 8
• Jakarta EE 8 Applications
• Jakarta EE 9
• MicroProfile 4.1

Security Vulnerability

We have been made aware of a 0-day vulnerability. This vulnerability exploit opens up to attackers a way to explore the contents of the WEB-INF and META-INF folders if an application is deployed to the root context. This vulnerability is similar to another 0-day vulnerability (CVE-2022-37422) we recently had. We would like to thank Michael Baer, Luc Créti and Jean-Michel Lenotte, all working for Atos, for alerting us to this vulnerability. You must upgrade to this latest version of Payara 5 Community to avoid the security issue.

Improvements

• [FISH-6434] Support OpenID Connect token issuer field in ADFS
• [FISH-5828] Connection Pool Metrics Exposed as MicroProfile Metrics
• [FISH-5827] Stuck Thread count as MicroProfile Metric Gauge
• [FISH-372] Provide option to disable clustering functionality of Hazelcast on Payara Micro

Security Fixes

• [FISH-6603] 0-Day Vulnerability Exploit Using ROOT Context Deployments
• [FISH-6522] FIX CVE-2021-31684/Gihub Advisory - GHSA-fg2v-w576-w4v3 in Payara Platform
• [FISH-6391] Fix sonatype-2014-0173 commons-fileupload : commons-fileupload : 1.3.3

Bug Fixes

• [FISH-5980] Add Option to use ForkJoinPool for Managed Executor Services
• [FISH-6566] Unable to Restart Instance with Application containing JSON File
• [FISH-6506] Environment Variable Replacement in Payara Micro Logging Properties File Does Not Work
• [FISH-6501] Commands in Postboot File Fail
• [FISH-6500] hazelcast-configuration-file Domain Property Ignored
• [FISH-6481] CORBA Incorrectly opening an additional TCP socket on Windows systems
• [FISH-6477] [Community Contribution - Piotrek Żygieło] Wrong License in Payara Zip Distribution
• [FISH-6470] GCM Cipher Suites Not Being Recognized
• [FISH-6435] Dynamic Proxy is not Used when Injecting Context Types into Singleton EJB
• [FISH-6430] TransactionScopedCDIEventHelperImpl Injection Error
• [FISH-6415] Unexpected error when starting instance hosted in remote SSH nodes on Windows OS system via Cygwin
• [FISH-6238] Microprofile Interceptors @Fallback @CircuitBreaker are not getting invoked if the EJB is a @Stateless Bean
• [FISH-5806] Remove JobManager from Payara Server
• [FISH-5723] WebAppClassloader instances are memory leaked

Component Upgrade

• [FISH-6285] Upgrade Jersey to 2.36

Milestone release that is intended for certification against Jakarta EE 10 Platform. Known issues include the MicroProfile integration being broken by the CDI upgrade.

Improvements

• [FISH-6336] [Community Contribution - Tenariel] Bouncy Castle FIPS Integration for HTTPS Connection
• [FISH-6034] Rework Eclipse Transformer into an Extension
• [FISH-5980] Add Option to use ForkJoinPool for Managed Executor Services

Security Fixes

• [FISH-6459] 0-day vulnerability exploit using ROOT context root deployments
• [FISH-6214] Upgrade Jackson to 2.13.3 & SnakeYaml to 1.30

Bug Fixes

• [FISH-6362] The dropdown option to select SSH User Authentication method is broken
• [FISH-6355] Disabled TRACE HTTP Method Still Shows as Enabled
• [FISH-6352] File locks prevent undeployment on Windows
• [FISH-6308] Can't select a different instances when viewing Raw Log
• [FISH-6307] Can't collect domain logs from the Admin Console
• [FISH-6301] The "Enable Asadmin Recorder" button is not visible in the header of the Admin Console
• [FISH-6276] The Healthcheck Service for Hogging threads throws ArithmeticException
• [FISH-6243] On changing the log level in batch results internal server error in the Admin Console
• [FISH-6072] WebSocket Redeployment Fails
• [FISH-1515] Connection Closes Prematurely On HTTP/2 HTTPS Connections When Request Takes Long To Complete
• [FISH-6103] SimplePolicyProvider cannot be used for JACC Per Application
• [FISH-6298] OpenAPI document doesn't take into account multiple applications deployment
• [FISH-6392] Improve memory management of ALPN negotiator maps in Grizzly NPN NegotiationSupport class
• [FISH-6415] Unexpected error when starting instance hosted in remote SSH nodes on Windows OS system via Cygwin
• [FISH-6477] [Community Contribution - pzygielo] Wrong License in Payara Zip Distribution

Component Upgrades

• [FISH-6471] Upgrade Docker Image JDK Versions to 8u345, 11.0.16, 17.0.4
• [FISH-6439] Upgrade Jersey to 3.1.0-M7
• [FISH-6369] Use Grizzly 4.0.0
• [FISH-6110] Upgrade to latest H2 version
• [FISH-6077] Upgrade Jakarta Messaging 3.1 and integrate latest OpenMQ
• [FISH-5747] Upgrade Glassfish Corba to 4.2.4.payara-p1
• [FISH-6512] Upgrade Jakarta Annotations to 2.1.1

Release notes - Payara Platform Community 5.2022.3

Supported APIs and Applications

• Jakarta EE 8
• Jakarta EE 8 Applications
• Jakarta EE 9
• MicroProfile 4.1

Improvements

• https://github.com/payara/Payara/pull/5839[[FISH-6429]] Add Option to Skip Building JDK17 Docker Images
• https://github.com/payara/Payara/pull/5873[[FISH-6336]] https://github.com/Tenariel[[Community Contribution]] Bouncy Castle FIPS Integration for HTTPS Connection
• https://github.com/payara/Payara/pull/5862[[FISH-5980]] Add Option to use ForkJoinPool for Managed Executor Services
• https://github.com/payara/Payara/pull/5755[[FISH-5955]] Support lib/ext libraries on JDK 11+
• https://github.com/payara/Payara/pull/5720[[FISH-5893]] Allow to Specify the Timeout Options for Starting an Instance with Admin Console.
• https://github.com/payara/Payara/pull/5814[[FISH-5722]] Allow Managed Executors to be Defined in 'payara-resources.xml'
• https://github.com/payara/Payara/pull/5827[[FISH-1336]] Properly Shutdown Payara Micro on Ctrl+C

Security Fixes

• https://github.com/payara/Payara/pull/5886[[FISH-6459]] 0-day vulnerability exploit using ROOT context root deployments

Bug Fixes

• https://github.com/payara/Payara/pull/5845[[FISH-6392]] Improve memory management of ALPN negotiator maps in Grizzly NPN NegotiationSupport class
• https://github.com/payara/Payara/pull/5858[[FISH-6389]] Update Woodstox-core to 5.3.0
• https://github.com/payara/Payara/pull/5830[[FISH-6355]] Disabled TRACE HTTP Method Still Shows as Enabled
• https://github.com/payara/Payara/pull/5874[[FISH-6298]] OpenAPI document doesn't take into account multiple applications deployment
• https://github.com/payara/Payara/pull/5864[[FISH-6276]] The Healthcheck Service for Hogging threads throws ArithmeticException
• https://github.com/payara/Payara/pull/5749[[FISH-6260]] Looking Up An MDB using AppClient Causes 'java.lang.NoSuchFieldException: parent' on JDK 17
• https://github.com/payara/Payara/pull/5785[[FISH-6259]] Looking Up A Remote EJB Using AppClient Gets A NPE on JNDI Lookup on JDK 17.
• https://github.com/payara/Payara/pull/5866[[FISH-6072]] WebSocket Redeployment Fails
• https://github.com/payara/Payara/pull/5804[[FISH-6041]] Microprofile Config getOptionalValue Method throws NoSuchElementException if the environment value does not exist
• https://github.com/payara/Payara/pull/5847[[FISH-1515]] Connection Closes Prematurely On HTTP/2 HTTPS Connections When Request Takes Long To Complete

Component Upgrades

• https://github.com/payara/Payara/pull/5890[[FISH-6471]] Upgrade Docker Image JDK Versions to 8u345, 11.0.16, 17.0.4
• https://github.com/payara/Payara/pull/5836[[FISH-6398]] Update Docker Image Java Versions to 11.0.15, 17.0.3, and 8u332
• https://github.com/payara/Payara/pull/5815[[FISH-6331]]https://github.com/flowlogix[[Community Contribution]] Upgrade to ASM 9.3
• https://github.com/payara/Payara/pull/5743[[FISH-6275]] Hazelcast 4.2.4
• https://github.com/payara/Notifiers/pull/23[[FISH-6263]] Smack 4.3.4
• https://github.com/payara/Payara/pull/5734[[FISH-6262]] Json-smart 2.4.8

Release notes - Payara Platform Community 6.2022.1 Alpha 3

Milestone release that is intended for certification against Jakarta EE 10 Core Profile. Known issues include the admin console being broken by the Jakarta Faces upgrade, and the MicroProfile integration being broken by the CDI upgrade.

Improvements

https://github.com/payara/Payara/pull/5782[[FISH-6203]] Upgrade Jakarta Standard Tag Library to 3.0

[FISH-6201] Upgrade Jakarta XML Web Services to 4.0

https://github.com/payara/Payara/pull/5770[[FISH-6199]] Upgrade Transaction to 2.0.1

https://github.com/payara/Payara/pull/5748[[FISH-6197]] Upgrade Jakarta Server Pages to 3.1

https://github.com/payara/Payara/pull/5738[[FISH-6137]] Upgrade to Expression Language 5

https://github.com/payara/Payara/pull/5803[[FISH-6084]] Upgrade Jakarta Security 3.0

https://github.com/payara/jakartaee-10-tck-runners/pull/9[[FISH-6083]] Upgrade Jakarta RESTful Web Services to 3.1

https://github.com/payara/Payara/pull/5771[[FISH-6082]] Upgrade Jakarta Batch 2.1.1

https://github.com/payara/Payara/pull/5819[[FISH-6081]] Upgrade Jakarta CDI 4.0 and latest version of Weld

https://github.com/payara/Payara/pull/5668[[FISH-6069]] Implement @ManagedScheduledExecutorDefinition

https://github.com/payara/Payara/pull/5760[[FISH-6065]] Upgrade Jakarta Interceptors to 2.1

https://github.com/payara/Payara/pull/5776[[FISH-6064]] Upgrade Jakarta SOAP with Attachments to 3.0

https://github.com/payara/Payara/pull/5776[[FISH-6063]] Upgrade Jakarta WebSocket to 2.1

https://github.com/payara/Payara/pull/5682[[FISH-6061]] Upgrade Jakarta JSON Processing to 2.1

https://github.com/payara/Payara/pull/5650[[FISH-6040]] Implement support for ThreadContextProvider

https://github.com/payara/Payara/pull/5658[[FISH-6039]] Implement @ContextServiceDefinition

https://github.com/payara/Payara/pull/5656[[FISH-6037]] Implement @ManagedExecutorDefinition

https://github.com/payara/Payara/pull/5656[[FISH-6021]] Cleanup file based JACC connector

https://github.com/payara/Payara/pull/5596[[FISH-6013]] Upgrade Jakarta Annotations to 2.1

https://github.com/payara/Payara/pull/5779[[FISH-6012]] Update Connectors to 2.1

https://github.com/payara/Payara/pull/5590[[FISH-6011]] Upgrade JBatch to 2.1.0

https://github.com/payara/Payara/pull/5757[[FISH-6007]] Upgrade Jakarta Authorization to 3.0

https://github.com/payara/Payara/pull/5786[[FISH-6006]] Upgrade Payara's Authentication to 3.0

https://github.com/payara/Payara/pull/5689[[FISH-5989]] Upgrade Jakarta Activation to 2.1.0

https://github.com/payara/Payara/pull/5666[[FISH-5987]] Remove SSL2, SSL3, TLS 1.0, and TLS 1.1 Configuration options

https://github.com/payara/Payara/pull/5675[[FISH-5978]] Set TLS 1.3 as Default Protocol

https://github.com/payara/Payara/pull/5616[[FISH-5970]] Support for the new CronTrigger of Jakarta Concurrency 3.0

https://github.com/payara/Payara/pull/5616[[FISH-5969]] Implement Java SE 8 Date and Time Support for Jakarta Concurrency 3.0

https://github.com/payara/Payara/pull/5680[[FISH-5968]] Propagation of Custom Context Providers With Jakarta Concurrency 3.0

[FISH-5967] CompletionStage Backed by a ContextService within Jakarta Concurrency 3.0

https://github.com/payara/Payara/pull/5696[[FISH-5966]] CompletionStage Backed by ManagedExecutorService Within Jakarta Concurrency 3.0

https://github.com/payara/Payara/pull/5616[[FISH-5965]] ForkJoinWorkerThreadFactory for Parallel Stream Support in Jakarta Concurrency 3.0

https://github.com/payara/Payara/pull/5661[[FISH-5964]] Add Jakarta Concurrency 3.0 within Web Profile

https://github.com/payara/Payara/pull/5633[[FISH-5963]] Implement Jakarta Concurrency 3.0 @Asynchronous Annotation

https://github.com/payara/Payara/pull/5755[[FISH-5955]] Support lib/ext libraries on JDK 11+

https://github.com/payara/Payara/pull/5637[[FISH-5927]] Update Installation Directory Tooltip for Docker Nodes

https://github.com/payara/Payara/pull/5720[[FISH-5893]] Allow to Specify the Timeout Options for Starting an Instance with Admin Console.

https://github.com/payara/Payara/pull/5624[[FISH-5803]] Add Autocomplete for Local 'asadmin' Commands

https://github.com/payara/Payara/pull/5693[[FISH-898]] Add '--timeout' Option to All the Commands that Manage the Lifecycle of an Instance

Security Fixes

https://github.com/payara/Payara/pull/5686[[FISH-6208]] CVE-2022-22965 - Spring Framework RCE via Data Binding on JDK 9+

Bug Fixes

https://github.com/payara/Payara/pull/5749FISH-6260[[(FISH-6260]] Looking Up An MDB using AppClient Causes 'java.lang.NoSuchFieldException: parent' on JDK 17

https://github.com/payara/Payara/pull/5785[[FISH-6259]] Looking Up A Remote EJB Using AppClient Gets A NPE on JNDI Lookup on JDK 17.

https://github.com/payara/Payara/pull/5648[[FISH-6043]] Configuring Payara Notification Logging Service causes NullPointerException

https://github.com/payara/Payara/pull/5804[[FISH-6041]] Microprofile Config getOptionalValue Method throws NoSuchElementException if the environment value does not exist

https://github.com/payara/Payara/pull/5664[[FISH-6027]] Remote EJB + JDK 17 does not work

https://github.com/payara/Payara/pull/5692[[[FISH-6024]] The 'restart-deployment-group --rolling=false' command does not work with custom Node Directory

https://github.com/payara/ecosystem-rest-ssl-configuration/pull/3[[FISH-6023]] Reduce the log level in our JAX-RS extension as it is causing log file pollution

https://github.com/payara/Payara/pull/5615[[FISH-6019]] Fix XML Schema Issue

https://github.com/payara/Payara/pull/5631[[FISH-6009]] Kubernetes Discovery Mode on Payara Server Doesn't Work Anymore

https://github.com/payara/Payara/pull/5663[[FISH-5990]] Make DnsContextFactory JNDI DirContext instantiable on JDK 17

https://github.com/payara/Payara/pull/5626[[FISH-5939]] Application Redeployment Breaks virtual server When Using it as Default Module

https://github.com/payara/Payara/pull/5623[[FISH-5898]] Unable to Deploy Application on Payara 5 Which is Developed using Jakarta EE 9.1 and Primefaces 10

https://github.com/payara/Notifiers/pull/22[[FISH-5787]] Microsoft Teams Notifier cannot be Configured on User-Created Instance due to an Invalid Command Option

https://github.com/payara/Payara/pull/5606[[FISH-5676]] Cannot Apply Default Values in @DataSourceDefinition URL via Variable Expansion

Component Upgrades

https://github.com/payara/Payara/pull/5784[[FISH-6321]] Upgrade EclipseLink to 4.0.0-M3

https://github.com/payara/Payara/pull/5777[[FISH-6283]] Port Upgrade Felix to 7.0.1 to Payara 6

https://github.com/payara/Payara-Community-Documentation/pull/309[[FISH-6263]] Smack 4.3.4

https://github.com/payara/Payara/pull/5734[[FISH-6262]] Json-smart 2.4.8

[FISH-6251] Update Hibernate-Validator to 8.0.0.Alpha3

https://github.com/payara/Payara/pull/5659[[[FISH-6211]] https://github.com/lprimak[[Community Contribution - Lenny Primak]] ASM 9.2

https://github.com/payara/Payara/pull/5778[[FISH-6109]] Upgrade to latest Hazelcast 5

https://github.com/payara/Payara/pull/5760[[FISH-6080]] Upgrade Jakarta XML Binding 4.0

https://github.com/payara/Payara/pull/5778[[FISH-6079]] Upgrade to Jakarta JSON-B 3.0 and latest Yasson

https://github.com/payara/Payara/pull/5702[[FISH-6078]] Upgrade to Jakarta Mail 2.1

https://github.com/payara/Payara/pull/5671[[FISH-6077]] Upgrade Jakarta Messaging 3.1 and integrate latest OpenMQ

https://github.com/payara/Payara/pull/5836[[FISH-6398]] Update Docker Images to JDK Versions 11.0.15, 17.0.3, and 8u332

Release notes - Payara Platform Community 5.2022.2

Supported APIs and Applications

• Jakarta EE 8
• Jakarta EE 8 Applications
• Jakarta EE 9
• MicroProfile 4.1

Improvements

https://github.com/payara/Payara/pull/5637[[FISH-5927]] Update Installation Directory Tooltip for Docker Nodes

https://github.com/payara/Payara/pull/5624[[FISH-5803]] Add Autocomplete for Local 'asadmin' Commands

https://github.com/payara/Payara/pull/5693[[FISH-898]] Add '--timeout' Option to All the Commands that Manage the Lifecycle of an Instance

Security Fixes

[FISH-6242] Update Docker Images for ZLib CVE-2018-25032

https://github.com/payara/Payara/pull/5699[[FISH-6215]] Upgrade Jackson to 2.12.6.1

https://github.com/payara/Payara/pull/5686[[FISH-6208]] CVE-2022-22965 - Spring Framework RCE via Data Binding on JDK 9

https://github.com/payara/Payara/pull/5655[[FISH-6067]] Upgrade Jackson to 2.12.6

Bug Fixes

[FISH-6048] Payara API Dependencies Missing

https://github.com/payara/Payara/pull/5648[[FISH-6043]] Configuring Payara Notification Logging Service causes NullPointerException

https://github.com/payara/Payara/pull/5664[[FISH-6027]] Remote EJB + JDK 17 does not work

https://github.com/payara/Payara/pull/5667[[FISH-6025]] Fix spurious callbacks "all data read" when asynchronously processing gRPC request.

https://github.com/payara/Payara/pull/5692[[FISH-6024]] The 'restart-deployment-group --rolling=false' command does not work with custom Node Directory

https://github.com/payara/ecosystem-rest-ssl-configuration/pull/3[[FISH-6023]] Reduce the log level in our JAX-RS extension as it is causing log file pollution

https://github.com/payara/Payara/pull/5631[[FISH-6009]] Kubernetes Discovery Mode on Payara Server Doesn't Work Anymore

https://github.com/payara/Payara/pull/5663[[FISH-5990]] Make DnsContextFactory JNDI DirContext instantiable on JDK 17

https://github.com/payara/Payara/pull/5605[[FISH-5941]] Duplicate Nimbus JOSE Classes Cause java.lang.LinkageError

https://github.com/payara/Payara/pull/5626[[FISH-5939]] Application Redeployment Breaks virtual server When Using it as Default Module

https://github.com/payara/Payara/pull/5623[[FISH-5898]] Unable to Deploy Application on Payara 5 Which is Developed using Jakarta EE 9.1 and Primefaces 10

https://github.com/payara/Notifiers/pull/19[[FISH-5787]] Microsoft Teams Notifier cannot be Configured on User-Created Instance due to an Invalid Command Option

https://github.com/payara/Payara/pull/5606[[FISH-5676]] Cannot Apply Default Values in @DataSourceDefinition URL via Variable Expansion

Component Upgrades

https://github.com/payara/Payara/pull/5659[[FISH-6211]] https://github.com/lprimak[[Community Contribution - Lenny Primak]] ASM 9.2

https://github.com/payara/Payara/pull/5639[[FISH-6046]] Update Docker Images to JDK Versions 11.0.14.1 & 8u322

Payara Community 6.2021.1.Alpha1 Release Notes

Supported APIs and Applications

• Jakarta EE 9.1

• Jakarta EE 8

• Java EE 8 Applications

Release notes - Payara Platform Community 5.2022.1

Supported APIs and Applications

• Jakarta EE 8
• Jakarta EE 8 Applications
• Jakarta EE 9
• MicroProfile 4.1

Improvements

• [FISH-5938] [Community Contribution - Lukáš Kvídera] Improve CDI Annotation Scan Speed
• [FISH-5892] Autocorrect Corrupted truststore File Within '.gfclient' Directory
• [FISH-5878] Add Certificate Alias Property Names Into Payara API as Constants

Bug Fixes

• [FISH-5974] Specify system-property with Double Quotes in preboot-command File.
• [FISH-5937] Crashes during deploy of app with HealthCheck
• [FISH-5883] Security Exception When a Remote EJB Is Called While Authenticated Using The OIDC Security Connector
• [FISH-5879] The 'stop-deployment-group --kill=true' command does not work with custom Node Directory
• [FISH-5857] Fix Translation of a Logging Error Message About Creation of a Stateless EJB
• [FISH-5854] Error Related to the RolesPermittedInterceptor During Deployment
• [FISH-5780] MP HealthCheck 'No valid EE environment for injection of HealthCheck'
• [FISH-5779] MP HealthCheck Unable to Load Proxy Class for Managed Bean when using JDK 11
• [FISH-394] payara-embedded-all: 'javax.ejb.embeddable.EJBContainer.createEJBContainer()' Requires ASM6
• [FISH-26] Error when MP REST Client Interface has Methods with the Same Resource Mappings

Release Notes - Payara Platform Community 5.2021.10

Supported APIs and Applications

• Jakarta EE 8
• Java EE 8 Applications
• Jakarta EE 9
• MicroProfile 4.1

Improvements

[FISH-5745] Allow 'extraParameters' to be Specified via MP Config [FISH-5743] Define OIDC Provider Metadata Locally [FISH-5725] Support Microsoft ADFS Integration with OpenID Connectors [FISH-5703] Add Option to Improve Logging Speed [FISH-1519] Improve Jersey Handling of MicroProfile Rest Client Proxy Config [FISH-386] Allow to Relax Configuration Validation for 'scopes'

Security Fixes

[FISH-5811] Upgrade Apache Santuario to 2.2.3

Bug Fixes

[FISH-5858] Community Contribution - svendiedrichsen Fix Possible Deadlocks in RWLockDataStructure Class [FISH-5851] Community Contribution - chrjohn Prevent NPE in com.sun.jts.CosTransactions.RecoveryManager [FISH-5824] Monitoring Console Web Application Loads Files from External Sources [FISH-5769] CertificateIdentityStoreDefinition Ignores Role Mappings Specified in payara-web.xml [FISH-5742]'SubjectTypeSupported' is not Validated in OIDC Provider Metadata [FISH-5741] No Check on 'providerURI' Value of OpenIdAuthenticationDefinition [FISH-383] Access Token is Required for OpenID Connect Response

Component Upgrades

[FISH-5852] Update to Payara Security Connectors Version 2.2.0 [FISH-5835] Upgrade ClassFileWriter to 1.2.5

Release Notes - Payara Platform Community 5.2021.9

Supported APIs and Applications

• Jakarta EE 8
• Java EE 8 Applications
• Jakarta EE 9
• MicroProfile 4.1

Notes

Payara Platform Community 5.2021.9, Server and Micro, runs on JDK 17 but there might be corner cases that are not covered yet. We encourage everyone interested in an upgrade to JDK 17 to perform some testing in their test or acceptance environment on JDK 17.

Breaking Changes

TLS 1.0 and TLS 1.1 Disabled within Docker

The JDK version within the Docker images is upgraded to 8u312 and 11.0.13 respectively. These versions have the TLS 1.0 and TLS 1.1 protocol disabled by default as they are considered insecure nowadays. This will only affect if your application creates sockets and defines the TLS version explicitly. There is no problem when calling a remote endpoint using https unless that remote service does not support version 1.2 or higher of the TLS protocol.

Improvements

[FISH-5840] Add '--opens java.base/java.lang.invoke' for MicroProfile Rest Client Running on JDK 17

[FISH-5839] Resolve OpenMQ UniformLogFormatter Cannot Access 'sun.security.action' on JDK 17

[FISH-5836] Refactor EJB Security to use Public APIs

[FISH-5815] Allow Admin Console to Load on JDK 17

[FISH-5812] HK2 Cannot Resolve OSGi on JDK 17

[FISH-5802] Class Data Sharing on JDK17 Can't use Payara Micro Archive Classes Due to Presence of '.gitkeep'

[FISH-5800] Jaspic Uses Unexported Package in 'java.base' Module

[FISH-5797] Refactor OpenTracing to use PreInvocationInterceptor

[FISH-5785] Support 'systemd' when Creating a Payara Service - Implementation

[FISH-5735] Remove Logging fields UserId and ECid

[FISH-230] Provide Means to Specify a Certificate Alias for JAX-RS and MP REST Client Connections

Bug Fixes

[FISH-5837] GSSException: Improperly formatted ASN.1 DER encoding for Oid

[FISH-5801] Custom Vendor MP Metrics Using Placeholders Require 'tags'

[FISH-5753] Corba Read Timeout in Buffer

[FISH-5746] (Community Contribution - arrenping) The 'getOptionalValues' Implementation in PayaraConfig Throws a 'NoSuchElementException' if the Result is Empty.

[FISH-773] (Community Contribution - alexk201) Schedulers are not removed correctly from database after redeployment of an application

[FISH-28] OpenMQ Doesn't Start on Windows with JDK11

Component Upgrades

[FISH-5838] OpenMQ 5.1.4

[FISH-5834] Upgrade JBoss Logging 3.4.2.Final

[FISH-5833] Upgrade Weld API to 3.1.SP4

[FISH-5832] Upgrade Weld to 3.1.8

[FISH-5830] Upgrade GMBAL-PFL to 4.1.2

[FISH-5829] Upgrade GMBAL to 4.0.3

[FISH-5822] Maven WAR Plugin 3.3.2

[FISH-5804] Upgrade EclipseLink to 2.7.9

[FISH-5752] Upgrade GlassFish Security Plugin to 1.0.13

[FISH-5705] (Community Contribution - mkarg) Update Yasson to 1.0.9

[FISH-1323] Upgrade Docker JDK to 8u312 / 11.0.13

Release Notes - Payara Platform Community 5.2021.8

Supported APIs and Applications

• Jakarta EE 8
• Java EE 8 Applications
• Jakarta EE 9
• MicroProfile 4.1

Breaking Changes

Client Certificate Validation Checks

After upgrading to Payara Community 5.2021.8, a certificate that was accepted in earlier versions might be rejected now. It is no longer enough that the client certificates are included within the Payara Keystore. See Certificate Expiration Validation :: Payara Community Documentation

Improvements

[FISH-5687] Integrate HotSwap Agent in Payara Platform

[FISH-5686] Log Warning When Not Running on a Supported LTS JDK Version

[FISH-5658] Add Placeholder for Instance Names in Custom Vendor Metrics

[FISH-5645] Add Validity Checks on Client Certificates in the Trust Store

[FISH-5636] Performance Optimizations to Remote EJB Tracing Feature

[FISH-1467] Reload the Web Application Container and Deployer

[FISH-376] Allow Configuration Details of HTTP GZIP Compression

Security Fixes

[FISH-5697] Upgrade H2 Database Engine to 1.4.200

Bug Fixes

[FISH-5768] Clustered CDI Events Not Being Received

[FISH-5736] Fix Unknown Exclude Field Provided Warning on Startup

[FISH-5734] Recursive Update Exception when Reading a MicroProfile Config Value After Server Restart

[FISH-5724] Deployment Failure Due to 'The lifecycle method [postConstruct] Must Not Throw a Checked Exception'

[FISH-5678] Jakarta Named Properties in 'persistence.xml' Are Not Recognized

[FISH-5675] (Community Contribution - phillipross) Full State Saving with Mojarra Results in ArrayIndexOutOfBoundsException

[FISH-470] NullPointerException when Deploying MDB into a Customized MDB Pool

Component Upgrades

[FISH-5776] Upgrade to Mojarra 2.3.14.payara-p3

[FISH-5751] Upgrade ASM to 9.1

[FISH-5750] Upgrade Felix to 7.0.1

[FISH-5698] Upgrade Apache Commons IO to Version 2.11

[FISH-261] Upgrade 'tini' to 0.19.0 in Docker Images

Release Notes - Payara Platform Community 5.2021.7

Supported APIs and Applications

• Jakarta EE 8
• Java EE 8 Applications
• Jakarta EE 9
• MicroProfile 4.1

Note

Security Vulnerability

IMPORTANT: We recently discovered and fixed an important security vulnerability within the Payara Server and Payara Micro products. A path Traversal security issue was found when the application is deployed under the root context which allowed a hacker to read from the file system of the server running the application. We highly recommend that you upgrade to this version to avoid the security issue.

New Features

• [FISH-5646] Add Client Certificate Validation API

Bug Fixes

• [FISH-5711] Fix Could Not Load Formatter Class Error in Payara Micro
• [FISH-5701] Application Does not Deploy Anymore on Payara Server Docker Image
• [FISH-5695] (Community Contribution - Empressia) ArrayIndexOutOfBoundsException When the ConfigProperty Value Ends in a Dollar Sign
• [FISH-5693] Delimiter for Configuring Multiple KeyStores and TrustStores Must use JVM Platform Delimiter
• [FISH-5691] Do not Propagate Non-Transactional EM to Managed Tasks
• [FISH-5690] Remove Duplicate postInvoke Handler Invocation on Failure
• [FISH-5660] Deployment Failure on Payara Micro
• [FISH-1058] Payara Micro - Wrong ClassLoader with Multiple Apps
• [FISH-966] Fix Asadmin stop-domain Help Text
• [FISH-81] Fix Incorrect Error "No valid EE environment for injection" for CDI Reported for Events

Component Upgrades

• [FISH-5655] Update Jersey to 2.34.payara-p1

Security Fixes

• [FISH-5702] Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') When Context Root is /

Release Notes - Payara Platform Community 5.2021.6

Supported APIs and Applications

• Jakarta EE 8
• Java EE 8 Applications
• Jakarta EE 9
• MicroProfile 4.1

New Features

• [FISH-1372] - MicroProfile Health 3.1
• [FISH-385] - OpenID Connect: Per-session configuration and multitenancy
• [FISH-384] - Support Bearer authentication for OpenID authentication mechanism

Bug Fixes

• [FISH-5654] - NullPointerException when setting server log format to JSON
• [FISH-1530] - Fix OpenAPI TCK Tag Collection Test
• [FISH-1521] - Fix Incorrect Group/Role Mapping in OIDC Provider
• [FISH-1520] - Fix MicroProfile JWT-Auth TCK Failures
• [FISH-1345] - EE9 Transformer does not recognize the CDI 3.0 namespace in beans.xml; interceptor ignored.
• [FISH-1312] - MP OpenAPI schema property hidden is ignored
• [FISH-1278] - Jakarta namespace transformation ignored for JSP packaged in the EAR

Component Upgrades

• [FISH-786] - Integrate Security Connector with the Payara Platform

Security Fixes

• [FISH-5545] - Upgrade jackson-databind to 2.12.3
• [FISH-5544] - Upgrade json-smart dependency to 2.4.7

Release notes - Payara Platform Development - Version 5.2021.5

New Feature

• [FISH-1342] Support for loading certificates from multiple keystores

Improvement

• [FISH-5488] - Change default blocking behavior in Tenant Control
• [FISH-1509] - Entries in logging.properties file is pre-determined
• [FISH-1497] - Improve deploying an application from a Maven repository feature to support snapshot version
• [FISH-1423] - Disable escaping events in Asadmin CLI
• [FISH-1375] - (Community - avpinchuk) Improve remote archive deployment
• [FISH-1296] - Log Levels in UI must be sorted by default
• [FISH-862] - Make MPCONFIG usable in all DataSourceDefinition properties
• [FISH-380] - Allow JDBC Connection Pools to set min-size to zero
• [FISH-371] - Improve handling of custom POSTBOOT and PREBOOT file in Docker container
• [FISH-123] - Add an option to configure the URL for MP OpenAPI endpoint

Bug Fixes

• [FISH-1510] - Cannot configure MicroProfile Config Ordinal for JNDI
• [FISH-1418] - JMX Service doesn't start on JDK 8u292 and 11.0.11
• [FISH-1416] - MicroProfile Health Component Not Displaying in the Admin Console
• [FISH-1415] - Write updated log information all at once to logging.properties file.
• [FISH-1346] - Hazelcast / JCache not working for EARs
• [FISH-1341] - ConcurrentModificationException when creating OpenApi document
• [FISH-1204] - Missing example values in OpenApi components schema definition using nested objects
• [FISH-1167] - Fix Inconsistent Synchronization in Password Alias Alterations for Remote Instances
• [FISH-1083] - (Community - peculater) NPE in OpenAPI around visitPost() parameter type discovery
• [FISH-1068] - Parameter Serialization error in open api document for query parameter
• [FISH-995] - Fix JAX-WS Not working after http listener is "restarted"
• [FISH-758] - Fault Tolerance annotations not applied to Rest Client interface
• [FISH-229] - Can't enable monitoring on JDK11

Component Upgrade

• [FISH-1504] - Upgrade MicroProfile JWT-Auth to 1.2.1

Security

• [FISH-1421] - ELParserTokenManager enables invalid EL expressions to be evaluated

Payara Community 6.2021.1.Alpha1 Release Notes

Supported APIs and Applications

• Jakarta EE 9.1

• Jakarta EE 8

• Java EE 8 Applications

Release notes - Payara Platform Development - Version 5.2021.3

Notes

Metro (JAX-WS implementation) remote code vulnerability

We have fixed a remote code vulnerability in the Metro framework. If you have an application deployed on the Payara Server that makes use of the JAX-WS features, please update your environment.

Release Notes

New Feature

• [FISH-1021] - Add Support for Setting the HSTS Header

Improvement

• [FISH-1311] - (Community Contribution - AngelTG2) asadmin create-password-alias is very slow when there are many aliases created
• [FISH-1304] - (Community Contribution - avpinchuk) Basic Auth support for the remote GAV retrieval during uber jar creation for Payara Micro
• [FISH-1295] - Code cleanup in security-core module
• [FISH-1287] - Admin console responds very slowly when remote instances are slow to respond
• [FISH-1286] - Add missing JDK 11 packages to OSGI
• [FISH-987] - Add option to disable evaluating Class references in EL in JSPs

Bug Fixes

• [FISH-1297] - Payara fails to start in certain network configurations
• [FISH-1293] - Disassociate ClusteredStore from tenants
• [FISH-1289] - Race condition in Payara Micro initialization
• [FISH-1214] - Fix ConfigParser Throws Exception when Parsing Domain.xml From CLICommand.
• [FISH-84] - ELResolver cannot handle a null base Object with identifier in EAR

Component Upgrade

• [FISH-858] - Upgrade Hazelcast 4.1 > 4.2 with Tenant Control

Security

• [FISH-1274] - Vulnerability in Metro's WSDL Code Importing/Parsing - Remote Code Execution

Release notes - Payara Platform Development - Version 5.2021.2

Notes

Jakarta EE 9 Support

In this release, we have fixed several issues relating to our Jakarta EE 9 Web Component (Servlet, JSTL and JSF) support through Eclipse Transformer. This is as a part of our ongoing effort to close the migration gap between major Jakarta versions before we provide full support for Jakarta EE 9. We encourage users to try updating their applications to Jakarta EE 9 with Eclipse Transformer, and raising any discovered bugs on our Github issue tracker.

New Feature

• [FISH-1064] - Asadmin to clear out old job executions of JBatch in all supported databases

Improvement

• [FISH-1079] - (Community - poikilotherm) Make MPCONFIG in TranslatedConfigView debugable
• [FISH-1094] - (Community - avpinchuk) Make Micro boot-time deployment more reliable
• [FISH-1171] - Make Enabled Parameter of set-healthcheck-configuration Command Optional
• [FISH-1172] - Make Enabled Parameter of set-admin-audit-configuration Command Optional
• [FISH-1186] - Support server-node Docker Image within Kubernetes
• [FISH-1213] - Remove "Data Grid Group Password" as no longer used with Hazelcast 4.x

Bug Fixes

• [FISH-514] - Fix Inconsistent behaviour when a domain backup is created
• [FISH-625] - Jakarta EE 9: Jakarta Faces Sevlet definition not supported
• [FISH-760] - MicroProfile OpenAPI application not detected
• [FISH-984] - Max Wait Time isn't respected when the JDBC pool is locked for a long time
• [FISH-1014] - [Community Contribution] Variables in @DatasourceDefinition not applied to 'className'
• [FISH-1061] - Fix NullPointer when Configuring a Notifier against a non-DAS Instance or Config
• [FISH-1069] - Fix Fault Tolerance service parameters and documentation
• [FISH-1084] - NullPointerException when getting monitoring data for JDBC
• [FISH-1158] - OpenAPI document creation failed when using @Schema annotation with Enum missing a nullcheck
• [FISH-1173] - Fix NullPointerException on Boot
• [FISH-1177] - Undeploy servlet NPE race condition
• [FISH-1178] - Failure to load resources by applications in parallel
• [FISH-1181] - Fix Conflicting --port Parameters in set-snmp-notifier-configuration/notification-snmp-configure Command
• [FISH-1182] - Fix Conflicting --port Parameters in set-xmpp-notifier-configuration/notification-xmpp-configure Command
• [FISH-1192] - Jakarta EE 9: Duplicate entry ZipException is thrown on transforming web application servlet_plu_singlethreadmodel_web.war
• [FISH-1193] - Jakarta EE 9: jakarta.servlet.http.* imports ignored by Payara transformer in JSP files
• [FISH-1194] - Jakarta EE 9: IllegalArgumentException jakarta.mail.Session is not an allowed property value type
• [FISH-1196] - Jakarta EE 9: Servlet Constant value namespace transformation ignored e.g jakarta.servlet.context.tempdir
• [FISH-1205] - Jakarta EE9: JSTL classes transformation is ignored in tld file
• [FISH-1206] - Jakarta EE9: JSF constants transformation is ignored

Payara Community 5.2021.1 Release Notes

Supported APIs and Applications

• Jakarta EE 8
• Java EE 8 Applications

Notes

MicroProfile 4.0

Following the 5.2021.1 release, we’ve upgraded Payara Platform to be compatible with the specifications present in version 4.0 of MicroProfile. You should be able to test your MicroProfile 4.0 compatible applications using this Community release. If you discover any issues, or have any related questions, please raise them on our GitHub repository.

Asadmin Command to Clear old JBatch Executions

A new command has been introduced with FISH-108 to remove old JBatch executions left around in the database. It is a known issue that this command currently only works with H2 database. In a future iteration, this will be generalised to cover a broader range of databases.

Hazelcast 4.0 Upgrade

It is important to note in this release that with the upgrade of Hazelcast to version 4.0, support for rolling updates from previous versions of Payara Community Edition to 5.2021.1 will not be supported.

New Features

• [FISH-105] - Migrate EJB Timers from Live Instances
• [FISH-108] - Asadmin to clear out old job executions of JBatch in H2
• [FISH-658] - MP Config 2.0 Upgrade
• [FISH-659] - MP Fault Tolerance 3.0 Upgrade
• [FISH-662] - MP Metrics 3.0 Upgrade
• [FISH-663] - MP OpenAPI 2.0 Upgrade
• [FISH-664] - MP OpenTracing 2.0 Upgrade
• [FISH-665] - MP Rest Client 2.0 Upgrade
• [FISH-753] - Remove Production Domain Template From Community Version
• [FISH-788] - [Community - poikilotherm] Support sub-directories for MPCONFIG SecretDirConfigSource
• [FISH-868] - [Community - ghunteranderson] MP-JWT public key location respects HTTP cache headers

Improvements

• [FISH-374] - Remove Support Portal integration from Community Edition
• [FISH-427] - Configure MP Config cache duration through System properties or ENV variables
• [FISH-759] - [Community - sgflt] Sort Instance names in alphabetical order in the Admin Console 'Instances' drop down
• [FISH-886] - [Community - avpinchuk] Deploy GAV from local repository
• [FISH-992] - [Community - cfiguera] Default values in data source definitions when translating values
• [FISH-1006] - Cleanup of glassfish-batch-connector

### Bug Fixes

• [FISH-222] - HTTP2 tests from h2spec fail with timeout on HTTPS listener
• [FISH-462] - TLSv1.3 is not listed as a supported SSL Protocol
• [FISH-464] - Race condition in Grizzly's HTTP/2
• [FISH-505] - Server instance tries to load Application not assigned to instance
• [FISH-515] - HTTP POST request returns 500 on Zulu JDK8
• [FISH-631] - Infinite loop in Grizzly SSL handshake causing deadlock
• [FISH-642] - Application Logging not performed on Payara 5 Cluster instances
• [FISH-652] - Error in MP JWT validation when retrieving JWKS key from remote location
• [FISH-743] - HK2 Class Parsing ClassCastException
• [FISH-744] - When creating a Resource Adapter Config via Admin Console only thread pools from 'Server-Config' is listed under Thread Pool ID
• [FISH-765] - [Community - sgflt] WebModule doesn't respect virtual server configuration
• [FISH-790] - Refactor, fix bugs and make immutable JavaEEContextUtil
• [FISH-796] - Fix Clustered Singleton bugs / add tests
• [FISH-876] - Incorrect Hashicorp Vault MP Config source blocks deployment and usage of MP Config
• [FISH-877] - Cloud MP Config Sources ignore ordinal defined in Domain
• [FISH-885] - OpenAPI document creation failed when using @Schema annotation with Enum
• [FISH-892] - Hashicorp vault secret value not picked up by MicroProfile after restart domain
• [FISH-990] - OpenTracing Active Span is NULL when retrieved in EJB tracer on remote execution
• [FISH-994] - [Community - sgflt] Package jaxws opentracing to embedded Payara
• [FISH-1007] - [Community - sgflt] Payara logback libs produce NPE
• [FISH-1015] - [Community - avpinchuk] Add appropriate application name to GAV deployments
• [FISH-1017] - [Community - bjetal] Payara can close JarFile instances used by current URLClassLoaders
• [FISH-1018] - Class Loader leaks on redeploy
• [FISH-1019] - [Community - bhanuunrivalled] GlassFishProperties NPE when initialised with null properties

Component Upgrades

• [FISH-791] - Upgrade to Hazelcast 4

Payara Community 5.2020.7 Release Notes

Supported APIs and Applications

• Jakarta EE 8
• Java EE 8 Applications

Notes

MicroProfile 4.0

As MicroProfile moves toward the 4.0 final release, the Payara team has simultaneously been working to ready the Payara Platform for MicroProfile 4.0 compatibility. In this Payara Platform Community Release, you can give two of the MicroProfile specification release candidates a try: MP Health 3.0 and MP JWT Auth 1.2. This technically breaks MicroProfile 3.3 support, although functionally the MicroProfile 3.3 TCK will only fail on the @Health annotation removal.

Production Domain Removal

As part of our ongoing effort to reduce bloat in Payara Community Edition, we have removed the production domain from the distributions. The template for this domain (common/templates/gf/production-domain.jar) is still available, although this too will be removed in a future release. Note that Payara Enterprise Edition will still contain the production domain.

New Features

• [FISH-330] - Implement LDAP MicroProfile Config Source
• [FISH-338] - Create Hashicorp Cloud Vault MicroProfile Config Source
• [FISH-660] - MP Health 3.0 Upgrade
• [FISH-661] - MP JWT Auth 1.2 Upgrade

Improvements

• [FISH-327] - Implement MicroProfile Sniffer and Engine
• [FISH-375] - Remove production domain from community version
• [FISH-651] - Allow JWT verification to skip type validation
• [FISH-732] - Improve message when same name is used in metrics.xml for exposed AMX bean.

Security fixes

• [FISH-731] - Upgrade Hibernate Validator to 6.1.5.Final

Bug Fixes

• [FISH-206] - @RolesAllowed annotation in method prevents unauthenticated calls to other methods in remote EJB
• [FISH-275] - Deployment fails if system properties in persistence.xml are only defined in the target config and not in DAS config
• [FISH-431] - OpenAPI document shows ejb-timer-service-app as server URL when EJB timer available
• [FISH-657] - no element When deploy WebServices
• [FISH-747] - Azure Secret Secret Configuration screen on Web Admin console fails
• [FISH-761] - [Community - bjetal] Deployment of unpacked WAB fails when using Felix fileinstall
• [FISH-763] - [Community - sgflt] Embedded Payara is unable to start
• [FISH-766] - [Community - sgflt] Improper synchronization of session map
• [FISH-767] - Missing ejb-opentracing.jar in manifest of gf-client.jar
• [FISH-777] - [Community - avpinchuk] Exclude OpenAPI rest endpoint from tracing

Release Notes Downloads Compatibility Certification Request

Release Notes

Notes

Tech Preview: Run Jakarta EE 9 Applications

This release includes tech preview functionality to run Jakarta EE 9 applications on Payara Server and Payara Micro. This does not, however, make this edition of Payara Platform Community Jakarta EE 9 compatible, and we do not recommend using this functionality in production at this time. This should not affect the ability to run Jakarta EE 8 applications. See ‘FISH-256’ for more details.

New Notifier Extensions

FISH-315 gave the notification service a major overhaul that makes implementing new notifiers in a modular fashion easier. This has facilitated the rewrite of the notifiers as extensions (https://github.com/payara/Notifiers) and the implementation of new Discord (FISH-471) and Microsoft Teams (FISH-370) notifiers. Note that the notifiers that were previously removed from Payara Platform Community Edition (now found at the above link) are still available by default in Payara Enterprise Edition.

New Features

• [FISH-256] - Identify, Transform, and Run jakarta.* application (Tech Preview Only)

• [FISH-333] - Add MicroProfile Health Readiness Checks

• [FISH-370] - Add Microsoft Teams Notification channel

• [FISH-471] - Add Discord Notification Channel

Improvements

• [FISH-141] - Support additional fields with LogRecord when using JsonLogFormatter

• [FISH-154] - Support log-jdbc-calls attribute in xml used by asadmin commands create-jdbc-connection-pool and add-resources (through xml)

• [FISH-315] - Implement New Public Notifier API

• [FISH-316] - Upgrade New Relic Notifier to Implement New Notifier API

• [FISH-317] - Upgrade XMPP Notifier to Implement New Notifier API

• [FISH-318] - Upgrade SNMP Notifier to Implement New Notifier API

• [FISH-319] - Upgrade Slack Notifier to Implement New Notifier API

• [FISH-320] - Remove Hipchat Notifier

• [FISH-321] - Upgrade Datadog Notifier to Implement New Notifier API

• [FISH-322] - Upgrade Email Notifier to Implement New Notifier API

• [FISH-323] - Upgrade JMS Notifier to Implement New Notifier API

• [FISH-324] - Upgrade Eventbus Notifier to Implement New Notifier API

• [FISH-325] - Upgrade CDI Eventbus Notifier to Implement New Notifier API

• [FISH-389] - Add Transaction ID as a Baggage Item to Spans

• [FISH-426] - Store initial request path when accessing protected resource with OpenIdAuthenticationMechanism

• [FISH-441] - StatsProviderManagerDelegate should write warning instead of throwing Exception when stats provider info is not found.

• [FISH-449] - Oracle 19C Not Autodetected by EclipseLink

• [FISH-459] - Cleanup of sonar warnings in jdbc40 module

Security fixes

• [FISH-381] - Upgrade Nimbus JOSE+JWT to 8.20

Bug Fixes

• [FISH-25] - SOAP Web Service Tester not working correctly (JDK 11)

• [FISH-37] - @DataSourceDefinition passes serverName and url to DataSource in some cases

• [FISH-48] - OpenAPI document failed to use Generics within @Schema

• [FISH-55] - Creating Java Mail Session targetted to Deployment Group fails

• [FISH-59] - Payara Micro --enableRequestTracing argument not accepting values

• [FISH-66] - Zip file closed on EJB initialization

• [FISH-82] - Command Line option --warmup results in an Exception when Payara Micro instance stops when Request Tracing is activated

• [FISH-89] - Possible NPE in request tracing during startup

• [FISH-90] - wscompile NoClassDefFoundError with jdk 8

• [FISH-93] - wsgen NoClassDefFoundError with jdk 11

• [FISH-99] - OpenAPI APIResponse.Content.Schema sometimes shows only partial result

• [FISH-196] - EJB injection in EJB Stateless based JAX-RS resource doesn't work in EAR.

• [FISH-198] - IllegalArgumentException on accessing the deploy asadmin REST endpoint with upload flag

• [FISH-298] - OpenAPI @Schema implementation is ignored

• [FISH-379] - Admin Console Masthead Looks Different Between Firefox and Chrome

• [FISH-388] - Fix NPE when printing out Active Span

• [FISH-391] - OutOfMemoryError exception caused by OpenApi refactor

• [FISH-392] - Trace gets started even when RequestTracing is disabled.

• [FISH-393] - asadmin command list-rest-endpoints doesn't list PATCH methods

• [FISH-396] - When _JAVA_OPTIONS specified, Payara Server incorrectly detects Java version for JVM options

• [FISH-407] - List of enabled application targets are not always correct

• [FISH-446] - [Community Contribution: svendiedrichsen] Access to /metrics endpoint may cause ConcurrentModificationException

• [FISH-447] - TCK Failure Websocket module. Relates to HTTP2

• [FISH-474] - Admin Console doesn't display JDK distribution specified for a JVM option

• [FISH-477] - Deployment Group Properties are Ignored

• [FISH-509] - Deployment failure due to 'The lifecycle method [postConstruct] must not throw a checked exception.'

Component Upgrades

• [FISH-604] - EclipseLink 2.7.7

Release Notes

New Features

• [FISH-8] - Add-Widget-Wizard
• [FISH-244] - Expand Open Tracing Support across Remote EJB Calls

Improvements

• [FISH-257] - Domain Status Indicator
• [FISH-266] - Remove New Relic Notifier
• [FISH-267] - Remove XMPP Notifier
• [FISH-268] - Remove SNMP Notifier
• [FISH-269] - Remove Slack Notifier
• [FISH-270] - Remove HipChat Notifier
• [FISH-271] - Remove Email Notifier
• [FISH-272] - Remove Datadog Notifier
• [FISH-273] - Remove Yubikey Authentication Mechanism
• [FISH-314] - Add TLS 1.3 support for OpenJDK 8

Bug Fixes

• [FISH-35] - Payara Micro system property payaramicro.logPropertiesFile and payaramicro.enableAccessLog do not work
• [FISH-45] - The Jackson-dataformat-XML OSGi module cannot be resolved in Payara 5
• [FISH-53] - Using Span.finish() doesn't finish a Propagated Span
• [FISH-68] - @DatasourceDefinition not picking MicroProfile Configuration properties
• [FISH-342] - Community Contribution: CopyOnWriteArrayList throws expected exceptions in WebdavServlet

Component Upgrades

• [FISH-287] - Update Monitoring Console to 1.3

Release Notes

Improvements

• [FISH-6] - Multiple Data Series in a Graph
• [FISH-31] - HTTP/2 Support for JDK Native ALPN APIs
• [FISH-128] - OpenAPI does not include APIs from jars within a war (other jars)
• [FISH-148] - Support multirelease JARs in WARs
• [FISH-151] - Implement MicroProfile JWT-Auth 1.1.1
• [FISH-171] - Support for multi HTTPAuthenticationMechanism
• [FISH-205] - Allow dynamic reconfiguration of log levels for Payara Micro instance
• [FISH-208] - Improvements in stop-domain process
• [FISH-219] - Indicate missing default value when using custom template for create-domain

Bug Fixes

• [FISH-42] - OpenAPI document has duplicate Tag items
• [FISH-50] - JDK11 illegal reflective access by OpenAPI document generation
• [FISH-56] - OpenAPI document doesn't use @Schema when class is in jar dependency of the project
• [FISH-70] - JsonArray as return type breaks the OpenAPI document generation
• [FISH-92] - OpenAPI document fails for bidirectional references
• [FISH-197] - JDBCRealm requires the Message Digest field although a default value should be used
• [FISH-207] - Disabling applications via their deployment group targets not working
• [FISH-211] - PayaraMicro APIs not initializable when run via RootLauncher
• [FISH-236] - GitHub #4688 Typo in docker file - removal of /tmp/tmpfile
• [FISH-260] - Missing invocation on top of invocation stack
• [FISH-263] - Community Contribution: NPE when enabling versioned application with Microprofile Config

Component Upgrades

• [FISH-243] - Update Monitoring Console Process to 1.2.1

Release Notes

Notes

CUSTCOM-40 Upgraded Yasson to version 1.0.6, which introduced some breaking changes in Payara 5.2020.2 - take caution when upgrading.

New Features

• [APPSERV-20] - MicroProfile ConfigSource for Payara Variable Expressions
• [APPSERV-124] - Monitoring Console: Server Side Configuration and Sharing
• [APPSERV-149] - Add Command to Generate Self-Signed Certificate

Improvements

• [APPSERV-54] - Print a Warning if Data Grid Encryption is Enabled without a Key
• [APPSERV-57] - MicroProfile Fault Tolerance 2.1
• [APPSERV-58] - MicroProfile Config 1.4
• [APPSERV-59] - MicroProfile Metrics 2.3
• [APPSERV-60] - MicroProfile Health 2.2
• [APPSERV-61] - MicroProfile Rest Client 1.4
• [APPSERV-141] - Add Caching to MicroProfile Config
• [APPSERV-143] - Update Enterprise and Community Branding
• [APPSERV-146] - Monitoring Console: Bookmarkable Page URLs
• [APPSERV-148] - Monitoring Console: MP Metrics Metadata as MC Annotations
• [CUSTCOM-166] - CDI deployment failure when to use @RolesPermitted in Faces backing bean
• [CUSTCOM-235] - Stop Hazelcast being started twice to improve Micro boot times
• [CUSTCOM-238] - Support JSP on Payara Micro Docker

Bug Fixes

• [APPSERV-55] - Fix Fault Tolerance Bulkheads Race Conditions
• [APPSERV-114] - Race condition in InvocationManager
• [APPSERV-142] - Payara Micro doesn't shutdown when invoked with –warmup
• [CUSTCOM-12] - Unexpected errors when updating SSH node security properties
• [CUSTCOM-22] - HTTP/2 Push Can't be Disabled
• [CUSTCOM-133] - Accessing a URL before any application is deployed disables JASPIC SAM authentication
• [CUSTCOM-179] - PrimeFaces AutoSelect Event is Null within Custom Component
• [CUSTCOM-194] - The delete-jvm-options command shouldn't require to specify the Java version prefix
• [CUSTCOM-205] - On ZuluJDK 8.44, accessing HTTPS gives NoSuchMethodError
• [CUSTCOM-213] - generate-encryption-key Command Always Creates Key for Default Domain
• [CUSTCOM-219] - Fix support for set-batch-runtime-configuration --schemaName for MySql and Postgres
• [CUSTCOM-223] - Datagrid Encryption Enabled Message Printed even if it isn't
• [CUSTCOM-237] - In Weld, parallel execution mode for async observers doesn't trigger all observers (IllegalStateException: Security context is already associated)
• [CUSTCOM-247] - Custom realm defined in web.xml isn't used for SOAP services secured using WS security policy
• [CUSTCOM-253] - Patch ArrayIndexOutOfBoundsException defect in Mojarra
• [CUSTCOM-254] - NumberFormatException when parsing a HTTP header in metrics
• [CUSTCOM-260] - {Community - sgflt] - Deadlock in HA session management
• [CUSTCOM-261] - Remove jakarta.transaction.cdi:jakarta.transaction.cdi-api from Payara BOM as it is wrong
• [CUSTCOM-262] - HZ_LISTENER_PORT property error when setting system properties via the admin console
• [CUSTCOM-263] - HTTPS doesn't work on JDK 8u252
• [CUSTCOM-264] - Client mode debugging (server=no) doesn't work with JDK>=9
• [CUSTCOM-265] - Starting the domain with JSON Log formatter causes the server log to rotate
• [CUSTCOM-266] - JSP/JSF startup issues when using Payara Micro RootDir launcher
• [CUSTCOM-271] - Metric endpoint fails to parse Accept header from Telegraf
• [CUSTCOM-273] - Support for all AjaxBehaviourEvent classes, extension to CUSTCOM-179
• [CUSTCOM-284] - Remove Expired Certificates
• [ECOSYS-157] - OpenID Connect Caller's name and groups are null
• [ECOSYS-161] - [Community - NikitaZ] OAuth2AccessToken empty instance injected

Component Upgrades

• [APPSERV-80] - Upgrade Weld to 3.1.4.Final
• [APPSERV-109] - Update EclipseLink to 2.7.6
• [APPSERV-110] - Update Grizzly to 2.4.4
• [CUSTCOM-40] - [BREAKING CHANGE] Upgrade to Yasson 1.0.6
• [CUSTCOM-211] - Upgrade Trilead SSH 2 to support ECDSA keys

Release Notes

Supported APIs and Applications

Java EE 8 Applications

MicroProfile 3.2

Jakarta EE 8 Applications

Notes

Derby Database has been removed from the Payara Platform in this release – keep this in mind when upgrading from a previous version in the case that you have been making use of the Derby Database implementation in production previously

New Feature

• [APPSERV-11] - Add Monitoring Console support for reporting healthchecks values
• [APPSERV-14] - Add Monitoring Console support for identifying slow SQL queries
• [APPSERV-16] - Add support for encrypting data inside the domain data grid.
• [APPSERV-19] - Add Monitoring Console Support for Hogging and Stuck Thread Health Checks
• [APPSERV-47] - Add user defined watches to monitoring console

Bug Fixes

• [APPSERV-30] - Exception when Adding an Instance to a Deployment Group with an Application Deployed
• [APPSERV-40] - NPE on starting Payara Micro in JobCleanUpService
• [APPSERV-87] - Auto-generated name contains a Space
• [CUSTCOM-13] - A REST management DELETE command returns 415 code instead of 404
• [CUSTCOM-24] - Persistent EJB Timers are not restored on restart of a Payara Micro instance
• [CUSTCOM-27] - [Community] Steady pool size should allow zero
• [CUSTCOM-53] - Wrong error message when a JDBC pool with size 0 is created.
• [CUSTCOM-54] - NullPointerException when JMX attribute is null within the rest-monitoring endpoint
• [CUSTCOM-56] - [Community] Production domain.xml in Payara Web Profile is unparseable
• [CUSTCOM-70] - JAX-RS client request with payara-embedded raises IllegalStateException for RequestTracingService run level
• [CUSTCOM-71] - Multiple realm identity store annotations are ignored
• [CUSTCOM-75] - Problem in Payara 5.194 setting port overrides via configuration > system properties resets other overrides
• [CUSTCOM-76] - Incorrect thread synchronization in WebappClassLoader
• [CUSTCOM-78] - Redeployment on deployment groups is broken
• [CUSTCOM-83] - Grizzly Infinite Loop Causing CPU Hogging
• [CUSTCOM-109] - SendAsadminCommand throws NPE if there are no explicit targets
• [CUSTCOM-135] - Domain Startup Failure on slow or busy environments
• [CUSTCOM-142] - Unable to use delete-jvm-options on option with min/max version defined.
• [CUSTCOM-144] - [Community] NPE in FilterDefDecorator
• [CUSTCOM-165] - JDK11 prints warning about illegal access to private field props of the LogManager
• [CUSTCOM-167] - [Community] Code cleanup - removed unused cycles
• [CUSTCOM-168] - [Community] OpenID Connect: Fixed simultaneous redirects and invalidation of session
• [CUSTCOM-171] - [Community] BlockingQueueHandler throws ClassCastException
• [CUSTCOM-174] - NPE on EJBException.addSuppressed() within EJBContainerTransactionManager
• [CUSTCOM-181] - [Community] GH #4444 PR - Remove unused method with potential ClassCastException
• [CUSTCOM-195] - Building of domain module fail when port 7676 is in use
• [CUSTCOM-198] - [Community] OpenAPI document generation ignores @Schema(ref) value
• [CUSTCOM-199] - REST Management Interface Can't Be Invoked With JSON Request
• [CUSTCOM-200] - [Community] Unused timer var in HazelcastTimerStore.cancelTimersByKey
• [CUSTCOM-203] - [Community] OpenAPI Incorrect $ref Field with Custom Schema Name
• [CUSTCOM-204] - [Community] Incorrect TreeSet Comparator Implementation

Improvements

• [APPSERV-12] - Change Request Tracing Store Configuration from per Instance to per Cluster
• [APPSERV-15] - Simplify JMX monitoring and Jolokia configuration
• [APPSERV-18] - forceName needed for redeployment when deployment descriptor does not specify name
• [APPSERV-22] - Remove Derby from Payara 5
• [APPSERV-27] - Allow Temp Docker Nodes to Join a Deployment Group on Creation
• [CUSTCOM-81] - [Community] GitHub #4386 Debug port is not printed
• [CUSTCOM-88] - Minor Improvement to DynamicInterceptor Monitoring class
• [CUSTCOM-145] - Assign meaningful thread names
• [CUSTCOM-146] - Parameterise CacheMap
• [CUSTCOM-147] - GH #4418 Improve dependency management of mockito
• [CUSTCOM-152] - GitHub #4388 Remove unused field debug from StartServerHelper
• [CUSTCOM-187] - [Community] Display JVM Uptime in a friendlier format in the Admin Console

Component Upgrade

• [APPSERV-63] - Upgrade JSFTemplating to 2.1.4
• [APPSERV-64] - Upgrade Jboss Classfilewriter to 1.2.4.Final
• [APPSERV-65] - Upgrade Jackson to 2.10.2
• [APPSERV-67] - Upgrade Istack Common Utility to 3.0.10
• [APPSERV-68] - Upgrade Hazelcast to 3.12.6
• [APPSERV-69] - Upgrade Imqjmx to 4.4.2
• [APPSERV-71] - Upgrade Jakarta dependencies
• [APPSERV-72] - Upgrade Cache API to 1.1.1
• [APPSERV-73] - Upgrade Bouncy Castle to 1.64
• [APPSERV-74] - Upgrade JSON Processing to 1.1.6
• [APPSERV-75] - Upgrade Logging Annotation Processor to 1.9
• [APPSERV-76] - Upgrade OSGi Resource Locator to 1.0.3
• [APPSERV-77] - Upgrade Hamcrest to 2.2
• [APPSERV-78] - Upgrade Hibernate Validator to 6.1.2.Final
• [APPSERV-79] - Upgrade Javassist to 3.26.0-GA
• [APPSERV-81] - Upgrade JLine to 3.13.3
• [APPSERV-82] - Upgrade MIME Streaming Extension to 1.9.12
• [APPSERV-84] - Upgrade ASM to 7.3.1
• [APPSERV-85] - Upgrade SnakeYAML to 1.25
• [CUSTCOM-154] - Upgrade JSF Mojarra to 2.3.14
• [CUSTCOM-160] - Upgrade jersey to 2.30

Release notes

JDK11

Payara Server on JDK11 will no longer be in technical preview with the 5.194 release! This means you are now able to use Payara in Production on JDK11 confidently.

Note

Metrics includes some breaking changes related to the refactoring of counters (see spec for more details).

New Features

• [PAYARA-3924] - Publish Payara third-party BOM
• [PAYARA-2598] - Hook up Soteria Identity Stores to Payara Realms
• [PAYARA-3263] - Support Certified OpenTracing Tracers in MP OpenTracing
• [PAYARA-3658] - Add support for easily securing the ejb-invoker endpoint
• [PAYARA-3793] - Role mapping can be based on partial DN name (Client Certificates)
• [PAYARA-3828] - REST Client 1.3 support
• [PAYARA-3829] - Healthcheck 2.1 support
• [PAYARA-3832] - Add Monitoring Console support for identifying which traces have exceeded thresholds
• [PAYARA-3994] - HotDeploy support in deploy/redeploy asadmin command
• [PAYARA-4027] - Add timeout parameter to start-deployment-group command
• [PAYARA-4037] - Add access log setting options for Payara Micro
• [PAYARA-4097] - Add Monitoring Console support for launching with a preset of 5 key metrics
• [PAYARA-4166] - Metrics 2.2 Support

Improvements

• [PAYARA-3796] - Can't inject a JNDI Integer property as MicroProfile config value
• [PAYARA-3811] - Improve Application Deployment Performance (Pt2.) on Windows OS
• [PAYARA-3819] - Remove java.net repositories from pom
• [PAYARA-3940] - Classloader whitelisting mechanism should isolate resources too
• [PAYARA-3997] - Add TLS 1.3 support when using Zulu JDK 8
• [PAYARA-4033] - Remove duplicate classes for remote commands
• [PAYARA-4096] - Allow Instance Names to be Generated when Creating Instances from the Admin Console
• [PAYARA-4099] - Add support for autoscaling Docker Nodes
• [PAYARA-4118] - Graceful shutdown of PayaraExecutorService slows down server shutdown
• [PAYARA-4143] - Community Contribution: Replace usage of File.deleteOnExit() with manual deletion on exit.
• [PAYARA-4158] - Domain Data Grid Port Behaviour options for create-domain command
• [PAYARA-4171] - Monitoring data of an Instance is not visible if it is in a Deployment Group
• [PAYARA-4192] - Support explicitly setting Data-Grid port in an instance
• [PAYARA-4193] - Additonal Improvements for Monitoring Console Preset Page
• [PAYARA-4195] - Cleanup in deployment-client
• [PAYARA-4197] - Improve logging warnings for container-managed transaction timeouts
• [PAYARA-4247] - Cleanup of sonar warnings for common/common-util
• [PAYARA-4248] - Log Expired certificates from cacerts.jks with level warning
• [PAYARA-4251] - Simplify Woodstock upgrades

Bug Fixes

• [PAYARA-1285] - Thread Pool monitoring breaks when configuring thread pools
• [PAYARA-3500] - Admin console shows incorrect virtual servers for MP health and metrics targets
• [PAYARA-3501] - Configuration changes in MP health and metrics in Admin console don't warn about restart needed
• [PAYARA-3803] - Illegal Reflective Access by com.sun.enterprise.admin.util.JarFileUtils
• [PAYARA-4025] - REGRESSION: Setting context root with app.war:context stopped working in Payara Micro 5.192
• [PAYARA-4048] - ejb32/mdb/modernconnector fails
• [PAYARA-4055] - Jaxrs client obtained from the request context must be the same instance
• [PAYARA-4061] - jsp test failures
• [PAYARA-4077] - CDI test EnterpriseSecurityContextPropagationInAsyncObserverTest fails
• [PAYARA-4078] - CDI InterceptorEnvironmentJNDISessionBeanTest fails
• [PAYARA-4083] - Unsatisfied dependencies for type YubicoAPI in CDI TCK
• [PAYARA-4087] - Allow use of single char operands in payara micro commands
• [PAYARA-4104] - Disabling Hazelcast for 5.193 Server causes startup failure
• [PAYARA-4115] - List-Nodes-Docker Command Fails with Invalid Number of Columns
• [PAYARA-4116] - Server shutdown hangs when startup fails
• [PAYARA-4120] - Server fails to start when using JDK11
• [PAYARA-4121] - Monitoring Configuration Level Ignored after Redeploying an Application
• [PAYARA-4122] - Unable to acquire global lock for resolve payara-micro-service
• [PAYARA-4123] - Async errors are missing in resumed response
• [PAYARA-4124] - Application name of deployed ear shows the unique number
• [PAYARA-4125] - MP HealthCheck NPE from when first saving values in admin console
• [PAYARA-4129] - Payara-samples were not updated after release of 5.193
• [PAYARA-4131] - java.lang.ClassNotFoundException: org.glassfish.admin.rest.resources.generatedASM.DomainResource not found by org.glassfish.main.admin.rest-service
• [PAYARA-4140] - ResourceValidator fails on jms/ee20/cditests/ejbweb
• [PAYARA-4141] - Use correct constructor of NotAuthorizedException in RolesPermittedInterceptor
• [PAYARA-4144] - Add support for Deployment Group on Management API
• [PAYARA-4146] - JavaMail Fails to Load Default Providers
• [PAYARA-4147] - MicroProfile Metrics API returns no data for vendor:system_cpu_load
• [PAYARA-4160] - Admin Console List EJB Timers Causes HTTP 500
• [PAYARA-4164] - OpenTracingApplicationEventListener is not null-safe
• [PAYARA-4167] - JSON-B Runtime not present on AppClient classpath
• [PAYARA-4169] - Incorrect server.policy settings
• [PAYARA-4170] - Deployment-client breaks TCK tests
• [PAYARA-4172] - Generation of OpenAPI document when using @Schema(implementation) sometimes give wrong result
• [PAYARA-4174] - CDI injection gives IllegalStateException on MP Metrics bean in Payara Micro
• [PAYARA-4186] - OpenAPI document generates incorrect schema for Enums
• [PAYARA-4196] - Monitoring console throws error when dealing metrics that include a space
• [PAYARA-4202] - Arrays not supported in PayaraConfig.getOptionalValue()
• [PAYARA-4206] - MP Config does not support char as type of property
• [PAYARA-4207] - Steady pool size should allow zero
• [PAYARA-4215] - Database EJB Timer Persistence Service doesn't work on Deployment Group
• [PAYARA-4218] - JAX-WS Command Error
• [PAYARA-4219] - Problem when trying to override System Properties of an instance
• [PAYARA-4238] - Monitoring Console Hardening
• [PAYARA-4250] - Monitoring Console - Prevent Log Spamming
• [PAYARA-4253] - Update TCK signature tests for 5.194
• [PAYARA-4254] - Test failure in ejb32 / modernconnector
• [PAYARA-4255] - Servlet TCK failures
• [PAYARA-4256] - MP Metrics still registered after application removed
• [PAYARA-4266] - EJB TCK fails on NPE in EJB Container annotation

Component Upgrades

• [PAYARA-4030] - Upgrade HK2 to 2.6.1
• [PAYARA-4198] - Upgrade Tyrus to 1.15
• [PAYARA-4213] - Upgrade jackson to 2.10.0
• [PAYARA-4243] - Upgrade ASM to 7.2

Notes

JDK11

In this release, JDK11 support is still in tech preview. Although it may work without problems in production we cannot guarantee that this will be the case.

Guava Removal

PAYARA-3939 removed Guava from the Payara codebase. This is important when upgrading your domain since previously if application used Guava it may have worked with Guava as only a compile dependency. After upgrading this will not be the case, and you should provide Guava yourself.

Master Password Changes

PAYARA-4031 addressed a problem with changing the master password for nodes. In previous releases, changing the master password for only a domain before attempting to start an instance on another node would render that instance unusable. This fix changed the functionality of running change-master-password against a node. It now will not interact with any keystores, only the saved password file. This makes the master password change work the way we believe was originally intended: you need to run the command against each node after changing the domain master password before starting those instances.

New Features

• [PAYARA-3573] - Dynamic Instances
• [PAYARA-3830] - Support Metrics 2.0
• [PAYARA-3850] - Aggregate data onto Monitoring App
• [PAYARA-3864] - Support Java Serialization in EJB HTTP Client
• [PAYARA-3876] - Add profiles for building dev version of Payara with full source embedded
• [PAYARA-3885] - Implement "Parameterized" dynamically resolved role names for @RolesPermitted annotation

Improvements

• [PAYARA-3218] - Add Deployment Performance Analyzer
• [PAYARA-3492] - Upgrade JLine version to v3.x
• [PAYARA-3691] - Support reading WSDL files from WEB-INF
• [PAYARA-3792] - asadmin command to return the DN of Client Certificate
• [PAYARA-3821] - Add asadmin command to reset AMX metrics
• [PAYARA-3824] - Use KeyID from JWT header to find public key in JSON Web Key Set [Community Contribution: lreimer]
• [PAYARA-3825] - Validity check and auto-refresh for OpenID connect tokens. [Community Contribution: parysto]
• [PAYARA-3868] - Repeated NPE printed to console with Payara Micro after sitting idle
• [PAYARA-3883] - Move the groupsearcherror to a separate logger
• [PAYARA-3902] - Support protocol V1 for JSON-B serialization
• [PAYARA-3903] - Improve support for interface return and parameter types for Json-B
• [PAYARA-3913] - Instantiating wrappers - from 'new Wrapper(arg)' to 'Wrapper.valueOf(arg)' [Community Contribution: dvmarcilio]
• [PAYARA-3914] - SonarQube - Replacing raw Collections EMPTY_... fields with generic methods empty…() [Community Contribution: dvmarcilio]
• [PAYARA-3915] - SonarQube - Using Wrapper.parseWrapper() when converting String to primitive [Community Contribution: dvmarcilio]
• [PAYARA-3916] - SonarQube - Optimizing String.lastIndexOf() for single char in appserver [Community Contribution: dvmarcilio]
• [PAYARA-3917] - SonarQube - Optimizing String.lastIndexOf() for single char in nucleus [Community Contribution: dvmarcilio]
• [PAYARA-3918] - Fixed typo in path [Community Contribution: johnmanko]
• [PAYARA-3919] - SonarQube - Iterating on entrySet() instead of keySet() when key and value are needed [Community Contribution: dvmarcilio]
• [PAYARA-3964] - Allow configuration of MDB bean pool size with ActivationConfigProperty
• [PAYARA-3988] - Dynamic Docker Node Instances
• [PAYARA-3990] - Support definition of tags for custom MicroProfile JMX vendor metrics
• [PAYARA-4002] - Replace stats77 module with management-api
• [PAYARA-4015] - Replace synchronised classes with unsynchronised in admingui/common-console [Community Contribution: svendiedrichsen]
• [PAYARA-4034] - Cleanup of sonar warnings for common/amx-core
• [PAYARA-4064] - Stabilize creation of default domain in build
• [PAYARA-4065] - Reinitialize PayaraExecutorService on embedded server restart
• [PAYARA-4073] - Use correct constructor of NotAuthorizedException in RolesAllowedRequestFilter

Security

• [PAYARA-3881] - CVE-2019-12086 Jackson Databind upgrade

Bug Fixes

• [PAYARA-3101] - MicroProfile endpoints security support
• [PAYARA-3698] - ! no longer allowed in admin password when using multimode asadmin
• [PAYARA-3703] - update_file_user command fails when there are instances based on a different config.
• [PAYARA-3736] - unsatisfied dependency HazelcastConfigSpecificConfiguration after migration from Payara 4 to 5 by backup and restore strategy
• [PAYARA-3756] - High Memory Usage in Grizzly caused by large Object arrays remaining in memory
• [PAYARA-3789] - DN representation of Client Certificate isn't uniform across Payara
• [PAYARA-3797] - JDBC Connection Pool Flush when targeting Deployment Groups/Instances
• [PAYARA-3815] - Support Remote Lookup of administered objects
• [PAYARA-3822] - Some AMX metrics missing after server restart
• [PAYARA-3860] - Race Condition When Starting Instance on JDK11 with Payara Server Full
• [PAYARA-3875] - Update Docker Node Image Name
• [PAYARA-3880] - Saving JVM Options corrupts the domain.xml
• [PAYARA-3884] - Payara Micro adds JDK 11 warning when exploded application deployed
• [PAYARA-3887] - Sonar issues sweep
• [PAYARA-3895] - Check for if name is in use by deployment group is wrong
• [PAYARA-3908] - JAX-RS Providers duplicated when CDI is enabled
• [PAYARA-3909] - You can't use any of the variable types in JDBC connection pool settings
• [PAYARA-3911] - Payara Server incorrectly detects Java version if it's different from the one used by the launcher [Community Contribution: vlumi]
• [PAYARA-3922] - NamingException for certain situations when JAX-RS resource is defined as Stateless EJB.
• [PAYARA-3931] - Revert the removal of 'java.ext.dirs' and 'java.endorsed.dirs` properties
• [PAYARA-3968] - Payara Micro Postboot Script asadmin Commands Incorrect Quotation Mark Parsing
• [PAYARA-3992] - JsonB serialization error when using Custom serializer
• [PAYARA-3996] - Ensure that the TimerWrapper references correct EJBTimerService [Community Contribution: realityforge]
• [PAYARA-4000] - A REST management DELETE command returns 415 code instead of 404
• [PAYARA-4012] - Delete unused and unmaintained javaee-api modules
• [PAYARA-4026] - MP Fault Tolerance fails on 2.0.1
• [PAYARA-4028] - PostConstruct setting values are lost in Clustered Startup Singleton EJB within WAR/EAR
• [PAYARA-4031] - Master Password synchronization inconsistencies across nodes
• [PAYARA-4043] - Get rid of jvnet-parent
• [PAYARA-4044] - ejbCreate method not invoked for EJB
• [PAYARA-4045] - Tests with embedded EJB container fail to start
• [PAYARA-4046] - TimerService not injected to HelloBean (ejb30)
• [PAYARA-4047] - Entity timer looses primary key
• [PAYARA-4049] - TCK requires no string interpolation in env entries
• [PAYARA-4052] - Instance not created at end of aroundConstruct interceptor chain
• [PAYARA-4054] - Not all timer methods throw exception on expired timer
• [PAYARA-4058] - non-api public method in javax.faces.webapp.FacesServlet
• [PAYARA-4062] - Failures in concurrency suite
• [PAYARA-4067] - JSON-B API not present on AppClient classpath
• [PAYARA-4076] - Docker: correct exposed ports
• [PAYARA-4079] - Arquillian container does not pass CDI exceptions correctly to TCK runner
• [PAYARA-4081] - glassfish-ejb-jar_3_1-1.dtd: Element type property declared more than once [Community Contribution: pzygielo]
• [PAYARA-4091] - payara-embedded s1as key expired
• [PAYARA-4092] - JVM Options page shows error on RC1
• [PAYARA-3928] - NPE when using enabling notifications via the CDI event bus

Tasks

• [PAYARA-3950] - Process all properties files [Community Contribution: edthorne]
• [PAYARA-3980] - Remove duplicated element 'description' [Community Contribution: pzygielo]
• [PAYARA-4010] - Cleanup Expired Certificates in the Server

Component Upgrades

• [PAYARA-3749] - Upgrade servlet-api to 4.0.2 [Community Contribution: mulderbaba]
• [PAYARA-3896] - Upgrade Weld to 3.1.1.Final [Community Contribution: mulderbaba]
• [PAYARA-3939] - Remove Google Guava