Payara Server Community Edition 5.2021.4

Payara Community 5.2021.4 Release Notes 

Supported APIs and Applications 

• Jakarta EE 8 

• Java EE 8 Applications 

• MicroProfile 4.0

Payara Server Community Edition 5.2021.3

Release notes - Payara Platform Development - Version 5.2021.3

Notes

Metro (JAX-WS implementation) remote code vulnerability

We have fixed a remote code vulnerability in the Metro framework. If you have an application deployed on the Payara Server that makes use of the JAX-WS features, please update your environment.

Release Notes

New Feature

• [FISH-1021] - Add Support for Setting the HSTS Header

Improvement

• [FISH-1311] - (Community Contribution - AngelTG2) asadmin create-password-alias is very slow when there are many aliases created
• [FISH-1304] - (Community Contribution - avpinchuk) Basic Auth support for the remote GAV retrieval during uber jar creation for Payara Micro
• [FISH-1295] - Code cleanup in security-core module
• [FISH-1287] - Admin console responds very slowly when remote instances are slow to respond
• [FISH-1286] - Add missing JDK 11 packages to OSGI
• [FISH-987] - Add option to disable evaluating Class references in EL in JSPs

Bug Fixes

• [FISH-1297] - Payara fails to start in certain network configurations
• [FISH-1293] - Disassociate ClusteredStore from tenants
• [FISH-1289] - Race condition in Payara Micro initialization
• [FISH-1214] - Fix ConfigParser Throws Exception when Parsing Domain.xml From CLICommand.
• [FISH-84] - ELResolver cannot handle a null base Object with identifier in EAR

Component Upgrade

• [FISH-858] - Upgrade Hazelcast 4.1 > 4.2 with Tenant Control

Security

• [FISH-1274] - Vulnerability in Metro's WSDL Code Importing/Parsing - Remote Code Execution

Payara Server Community Edition 5.2021.2

Release notes - Payara Platform Development - Version 5.2021.2

Notes

Jakarta EE 9 Support

In this release, we have fixed several issues relating to our Jakarta EE 9 Web Component (Servlet, JSTL and JSF) support through Eclipse Transformer. This is as a part of our ongoing effort to close the migration gap between major Jakarta versions before we provide full support for Jakarta EE 9. We encourage users to try updating their applications to Jakarta EE 9 with Eclipse Transformer, and raising any discovered bugs on our Github issue tracker.

New Feature

• [FISH-1064] - Asadmin to clear out old job executions of JBatch in all supported databases

Improvement

• [FISH-1079] - (Community - poikilotherm) Make MPCONFIG in TranslatedConfigView debugable
• [FISH-1094] - (Community - avpinchuk) Make Micro boot-time deployment more reliable
• [FISH-1171] - Make Enabled Parameter of set-healthcheck-configuration Command Optional
• [FISH-1172] - Make Enabled Parameter of set-admin-audit-configuration Command Optional
• [FISH-1186] - Support server-node Docker Image within Kubernetes
• [FISH-1213] - Remove "Data Grid Group Password" as no longer used with Hazelcast 4.x

Bug Fixes

• [FISH-514] - Fix Inconsistent behaviour when a domain backup is created
• [FISH-625] - Jakarta EE 9: Jakarta Faces Sevlet definition not supported
• [FISH-760] - MicroProfile OpenAPI application not detected
• [FISH-984] - Max Wait Time isn't respected when the JDBC pool is locked for a long time
• [FISH-1014] - [Community Contribution] Variables in @DatasourceDefinition not applied to 'className'
• [FISH-1061] - Fix NullPointer when Configuring a Notifier against a non-DAS Instance or Config
• [FISH-1069] - Fix Fault Tolerance service parameters and documentation
• [FISH-1084] - NullPointerException when getting monitoring data for JDBC
• [FISH-1158] - OpenAPI document creation failed when using @Schema annotation with Enum missing a nullcheck
• [FISH-1173] - Fix NullPointerException on Boot
• [FISH-1177] - Undeploy servlet NPE race condition
• [FISH-1178] - Failure to load resources by applications in parallel
• [FISH-1181] - Fix Conflicting --port Parameters in set-snmp-notifier-configuration/notification-snmp-configure Command
• [FISH-1182] - Fix Conflicting --port Parameters in set-xmpp-notifier-configuration/notification-xmpp-configure Command
• [FISH-1192] - Jakarta EE 9: Duplicate entry ZipException is thrown on transforming web application servlet_plu_singlethreadmodel_web.war
• [FISH-1193] - Jakarta EE 9: jakarta.servlet.http.* imports ignored by Payara transformer in JSP files
• [FISH-1194] - Jakarta EE 9: IllegalArgumentException jakarta.mail.Session is not an allowed property value type
• [FISH-1196] - Jakarta EE 9: Servlet Constant value namespace transformation ignored e.g jakarta.servlet.context.tempdir
• [FISH-1205] - Jakarta EE9: JSTL classes transformation is ignored in tld file
• [FISH-1206] - Jakarta EE9: JSF constants transformation is ignored

Payara Server Community Edition 5.2021.1

Payara Community 5.2021.1 Release Notes

Supported APIs and Applications

• Jakarta EE 8
• Java EE 8 Applications

Notes

MicroProfile 4.0

Following the 5.2021.1 release, we’ve upgraded Payara Platform to be compatible with the specifications present in version 4.0 of MicroProfile. You should be able to test your MicroProfile 4.0 compatible applications using this Community release. If you discover any issues, or have any related questions, please raise them on our GitHub repository.

Asadmin Command to Clear old JBatch Executions

A new command has been introduced with FISH-108 to remove old JBatch executions left around in the database. It is a known issue that this command currently only works with H2 database. In a future iteration, this will be generalised to cover a broader range of databases.

Hazelcast 4.0 Upgrade

It is important to note in this release that with the upgrade of Hazelcast to version 4.0, support for rolling updates from previous versions of Payara Community Edition to 5.2021.1 will not be supported.

New Features

• [FISH-105] - Migrate EJB Timers from Live Instances
• [FISH-108] - Asadmin to clear out old job executions of JBatch in H2
• [FISH-658] - MP Config 2.0 Upgrade
• [FISH-659] - MP Fault Tolerance 3.0 Upgrade
• [FISH-662] - MP Metrics 3.0 Upgrade
• [FISH-663] - MP OpenAPI 2.0 Upgrade
• [FISH-664] - MP OpenTracing 2.0 Upgrade
• [FISH-665] - MP Rest Client 2.0 Upgrade
• [FISH-753] - Remove Production Domain Template From Community Version
• [FISH-788] - [Community - poikilotherm] Support sub-directories for MPCONFIG SecretDirConfigSource
• [FISH-868] - [Community - ghunteranderson] MP-JWT public key location respects HTTP cache headers

Improvements

• [FISH-374] - Remove Support Portal integration from Community Edition
• [FISH-427] - Configure MP Config cache duration through System properties or ENV variables
• [FISH-759] - [Community - sgflt] Sort Instance names in alphabetical order in the Admin Console 'Instances' drop down
• [FISH-886] - [Community - avpinchuk] Deploy GAV from local repository
• [FISH-992] - [Community - cfiguera] Default values in data source definitions when translating values
• [FISH-1006] - Cleanup of glassfish-batch-connector

### Bug Fixes

• [FISH-222] - HTTP2 tests from h2spec fail with timeout on HTTPS listener
• [FISH-462] - TLSv1.3 is not listed as a supported SSL Protocol
• [FISH-464] - Race condition in Grizzly's HTTP/2
• [FISH-505] - Server instance tries to load Application not assigned to instance
• [FISH-515] - HTTP POST request returns 500 on Zulu JDK8
• [FISH-631] - Infinite loop in Grizzly SSL handshake causing deadlock
• [FISH-642] - Application Logging not performed on Payara 5 Cluster instances
• [FISH-652] - Error in MP JWT validation when retrieving JWKS key from remote location
• [FISH-743] - HK2 Class Parsing ClassCastException
• [FISH-744] - When creating a Resource Adapter Config via Admin Console only thread pools from 'Server-Config' is listed under Thread Pool ID
• [FISH-765] - [Community - sgflt] WebModule doesn't respect virtual server configuration
• [FISH-790] - Refactor, fix bugs and make immutable JavaEEContextUtil
• [FISH-796] - Fix Clustered Singleton bugs / add tests
• [FISH-876] - Incorrect Hashicorp Vault MP Config source blocks deployment and usage of MP Config
• [FISH-877] - Cloud MP Config Sources ignore ordinal defined in Domain
• [FISH-885] - OpenAPI document creation failed when using @Schema annotation with Enum
• [FISH-892] - Hashicorp vault secret value not picked up by MicroProfile after restart domain
• [FISH-990] - OpenTracing Active Span is NULL when retrieved in EJB tracer on remote execution
• [FISH-994] - [Community - sgflt] Package jaxws opentracing to embedded Payara
• [FISH-1007] - [Community - sgflt] Payara logback libs produce NPE
• [FISH-1015] - [Community - avpinchuk] Add appropriate application name to GAV deployments
• [FISH-1017] - [Community - bjetal] Payara can close JarFile instances used by current URLClassLoaders
• [FISH-1018] - Class Loader leaks on redeploy
• [FISH-1019] - [Community - bhanuunrivalled] GlassFishProperties NPE when initialised with null properties

Component Upgrades

• [FISH-791] - Upgrade to Hazelcast 4

Payara Server Community Edition 5.2020.7

Payara Community 5.2020.7 Release Notes

Supported APIs and Applications

• Jakarta EE 8
• Java EE 8 Applications

Notes

MicroProfile 4.0

As MicroProfile moves toward the 4.0 final release, the Payara team has simultaneously been working to ready the Payara Platform for MicroProfile 4.0 compatibility. In this Payara Platform Community Release, you can give two of the MicroProfile specification release candidates a try: MP Health 3.0 and MP JWT Auth 1.2. This technically breaks MicroProfile 3.3 support, although functionally the MicroProfile 3.3 TCK will only fail on the @Health annotation removal.

Production Domain Removal

As part of our ongoing effort to reduce bloat in Payara Community
Edition, we have removed the production domain from the distributions.
The template for this domain
(common/templates/gf/production-domain.jar) is still available,
although this too will be removed in a future release. Note that Payara
Enterprise Edition will still contain the production domain.

New Features

• [FISH-330] - Implement
  LDAP MicroProfile Config Source
• [FISH-338] - Create
  Hashicorp Cloud Vault MicroProfile Config Source
• [FISH-660] - MP Health 3.0
  Upgrade
• [FISH-661] - MP JWT Auth
  1.2 Upgrade

Improvements

• [FISH-327] - Implement
  MicroProfile Sniffer and Engine
• [FISH-375] - Remove
  production domain from community version
• [FISH-651] - Allow JWT
  verification to skip type validation
• [FISH-732] - Improve
  message when same name is used in metrics.xml for exposed AMX bean.

Security fixes

• [FISH-731] - Upgrade
  Hibernate Validator to 6.1.5.Final

Bug Fixes

• [FISH-206] - @RolesAllowed
  annotation in method prevents unauthenticated calls to other methods in
  remote EJB
• [FISH-275] - Deployment
  fails if system properties in persistence.xml are only defined in the
  target config and not in DAS config
• [FISH-431] - OpenAPI
  document shows ejb-timer-service-app as server URL when EJB timer
  available
• [FISH-657] - no
  element When deploy WebServices
• [FISH-747] - Azure Secret
  Secret Configuration screen on Web Admin console fails
• [FISH-761] - [Community -
  bjetal] Deployment of unpacked WAB fails when
  using Felix fileinstall
• [FISH-763] - [Community -
  sgflt] Embedded Payara is unable to start
• [FISH-766] - [Community -
  sgflt] Improper synchronization of session map
• [FISH-767] - Missing
  ejb-opentracing.jar in manifest of gf-client.jar
• [FISH-777] - [Community -
  avpinchuk] Exclude OpenAPI rest endpoint
  from tracing

Payara Server Community Edition 5.2020.6

Release Notes
Downloads
Compatibility Certification Request

Payara Server Community Edition 5.2020.5

Release Notes

Notes

Tech Preview: Run Jakarta EE 9 Applications

This release includes tech preview functionality to run Jakarta EE 9 applications on Payara Server and Payara Micro. This does not, however, make this edition of Payara Platform Community Jakarta EE 9 compatible, and we do not recommend using this functionality in production at this time. This should not affect the ability to run Jakarta EE 8 applications. See ‘FISH-256’ for more details.

New Notifier Extensions

FISH-315 gave the notification service a major overhaul that makes implementing new notifiers in a modular fashion easier. This has facilitated the rewrite of the notifiers as extensions (https://github.com/payara/Notifiers) and the implementation of new Discord (FISH-471) and Microsoft Teams (FISH-370) notifiers. Note that the notifiers that were previously removed from Payara Platform Community Edition (now found at the above link) are still available by default in Payara Enterprise Edition.

New Features

• [FISH-256] - Identify, Transform, and Run jakarta.* application (Tech Preview Only)

• [FISH-333] - Add MicroProfile Health Readiness Checks

• [FISH-370] - Add Microsoft Teams Notification channel

• [FISH-471] - Add Discord Notification Channel

Improvements

• [FISH-141] - Support additional fields with LogRecord when using JsonLogFormatter

• [FISH-154] - Support log-jdbc-calls attribute in xml used by asadmin commands create-jdbc-connection-pool and add-resources (through xml)

• [FISH-315] - Implement New Public Notifier API

• [FISH-316] - Upgrade New Relic Notifier to Implement New Notifier API

• [FISH-317] - Upgrade XMPP Notifier to Implement New Notifier API

• [FISH-318] - Upgrade SNMP Notifier to Implement New Notifier API

• [FISH-319] - Upgrade Slack Notifier to Implement New Notifier API

• [FISH-320] - Remove Hipchat Notifier

• [FISH-321] - Upgrade Datadog Notifier to Implement New Notifier API

• [FISH-322] - Upgrade Email Notifier to Implement New Notifier API

• [FISH-323] - Upgrade JMS Notifier to Implement New Notifier API

• [FISH-324] - Upgrade Eventbus Notifier to Implement New Notifier API

• [FISH-325] - Upgrade CDI Eventbus Notifier to Implement New Notifier API

• [FISH-389] - Add Transaction ID as a Baggage Item to Spans

• [FISH-426] - Store initial request path when accessing protected resource with OpenIdAuthenticationMechanism

• [FISH-441] - StatsProviderManagerDelegate should write warning instead of throwing Exception when stats provider info is not found.

• [FISH-449] - Oracle 19C Not Autodetected by EclipseLink

• [FISH-459] - Cleanup of sonar warnings in jdbc40 module

Security fixes

• [FISH-381] - Upgrade Nimbus JOSE+JWT to 8.20

Bug Fixes

• [FISH-25] - SOAP Web Service Tester not working correctly (JDK 11)

• [FISH-37] - @DataSourceDefinition passes serverName and url to DataSource in some cases

• [FISH-48] - OpenAPI document failed to use Generics within @Schema

• [FISH-55] - Creating Java Mail Session targetted to Deployment Group fails

• [FISH-59] - Payara Micro --enableRequestTracing argument not accepting values

• [FISH-66] - Zip file closed on EJB initialization

• [FISH-82] - Command Line option --warmup results in an Exception when Payara Micro instance stops when Request Tracing is activated

• [FISH-89] - Possible NPE in request tracing during startup

• [FISH-90] - wscompile NoClassDefFoundError with jdk 8

• [FISH-93] - wsgen NoClassDefFoundError with jdk 11

• [FISH-99] - OpenAPI APIResponse.Content.Schema sometimes shows only partial result

• [FISH-196] - EJB injection in EJB Stateless based JAX-RS resource doesn't work in EAR.

• [FISH-198] - IllegalArgumentException on accessing the deploy asadmin REST endpoint with upload flag

• [FISH-298] - OpenAPI @Schema implementation is ignored

• [FISH-379] - Admin Console Masthead Looks Different Between Firefox and Chrome

• [FISH-388] - Fix NPE when printing out Active Span

• [FISH-391] - OutOfMemoryError exception caused by OpenApi refactor

• [FISH-392] - Trace gets started even when RequestTracing is disabled.

• [FISH-393] - asadmin command list-rest-endpoints doesn't list PATCH methods

• [FISH-396] - When _JAVA_OPTIONS specified, Payara Server incorrectly detects Java version for JVM options

• [FISH-407] - List of enabled application targets are not always correct

• [FISH-446] - [Community Contribution: svendiedrichsen] Access to /metrics endpoint may cause ConcurrentModificationException

• [FISH-447] - TCK Failure Websocket module. Relates to HTTP2

• [FISH-474] - Admin Console doesn't display JDK distribution specified for a JVM option

• [FISH-477] - Deployment Group Properties are Ignored

• [FISH-509] - Deployment failure due to 'The lifecycle method [postConstruct] must not throw a checked exception.'

Component Upgrades

• [FISH-604] - EclipseLink 2.7.7

Payara Server Community Edition 5.2020.4

Release Notes

New Features

• [FISH-8] - Add-Widget-Wizard
• [FISH-244] - Expand Open Tracing Support across Remote EJB Calls

Improvements

• [FISH-257] - Domain Status Indicator
• [FISH-266] - Remove New Relic Notifier
• [FISH-267] - Remove XMPP Notifier
• [FISH-268] - Remove SNMP Notifier
• [FISH-269] - Remove Slack Notifier
• [FISH-270] - Remove HipChat Notifier
• [FISH-271] - Remove Email Notifier
• [FISH-272] - Remove Datadog Notifier
• [FISH-273] - Remove Yubikey Authentication Mechanism
• [FISH-314] - Add TLS 1.3 support for OpenJDK 8

Bug Fixes

• [FISH-35] - Payara Micro system property payaramicro.logPropertiesFile and payaramicro.enableAccessLog do not work
• [FISH-45] - The Jackson-dataformat-XML OSGi module cannot be resolved in Payara 5
• [FISH-53] - Using Span.finish() doesn't finish a Propagated Span
• [FISH-68] - @DatasourceDefinition not picking MicroProfile Configuration properties
• [FISH-342] - Community Contribution: CopyOnWriteArrayList throws expected exceptions in WebdavServlet

Component Upgrades

• [FISH-287] - Update Monitoring Console to 1.3

Payara Server Community Edition 5.2020.3

Release Notes

Improvements

• [FISH-6] - Multiple Data Series in a Graph
• [FISH-31] - HTTP/2 Support for JDK Native ALPN APIs
• [FISH-128] - OpenAPI does not include APIs from jars within a war (other jars)
• [FISH-148] - Support multirelease JARs in WARs
• [FISH-151] - Implement MicroProfile JWT-Auth 1.1.1
• [FISH-171] - Support for multi HTTPAuthenticationMechanism
• [FISH-205] - Allow dynamic reconfiguration of log levels for Payara Micro instance
• [FISH-208] - Improvements in stop-domain process
• [FISH-219] - Indicate missing default value when using custom template for create-domain

Bug Fixes

• [FISH-42] - OpenAPI document has duplicate Tag items
• [FISH-50] - JDK11 illegal reflective access by OpenAPI document generation
• [FISH-56] - OpenAPI document doesn't use @Schema when class is in jar dependency of the project
• [FISH-70] - JsonArray as return type breaks the OpenAPI document generation
• [FISH-92] - OpenAPI document fails for bidirectional references
• [FISH-197] - JDBCRealm requires the Message Digest field although a default value should be used
• [FISH-207] - Disabling applications via their deployment group targets not working
• [FISH-211] - PayaraMicro APIs not initializable when run via RootLauncher
• [FISH-236] - GitHub #4688 Typo in docker file - removal of /tmp/tmpfile
• [FISH-260] - Missing invocation on top of invocation stack
• [FISH-263] - Community Contribution: NPE when enabling versioned application with Microprofile Config

Component Upgrades

• [FISH-243] - Update Monitoring Console Process to 1.2.1

Payara Server Community Edition 5.2020.2

Release Notes

Notes

CUSTCOM-40 Upgraded Yasson to version 1.0.6, which introduced some breaking changes in Payara 5.2020.2 - take caution when upgrading.

New Features

• [APPSERV-20] - MicroProfile ConfigSource for Payara Variable Expressions
• [APPSERV-124] - Monitoring Console: Server Side Configuration and Sharing
• [APPSERV-149] - Add Command to Generate Self-Signed Certificate

Improvements

• [APPSERV-54] - Print a Warning if Data Grid Encryption is Enabled without a Key
• [APPSERV-57] - MicroProfile Fault Tolerance 2.1
• [APPSERV-58] - MicroProfile Config 1.4
• [APPSERV-59] - MicroProfile Metrics 2.3
• [APPSERV-60] - MicroProfile Health 2.2
• [APPSERV-61] - MicroProfile Rest Client 1.4
• [APPSERV-141] - Add Caching to MicroProfile Config
• [APPSERV-143] - Update Enterprise and Community Branding
• [APPSERV-146] - Monitoring Console: Bookmarkable Page URLs
• [APPSERV-148] - Monitoring Console: MP Metrics Metadata as MC Annotations
• [CUSTCOM-166] - CDI deployment failure when to use @RolesPermitted in Faces backing bean
• [CUSTCOM-235] - Stop Hazelcast being started twice to improve Micro boot times
• [CUSTCOM-238] - Support JSP on Payara Micro Docker

Bug Fixes

• [APPSERV-55] - Fix Fault Tolerance Bulkheads Race Conditions
• [APPSERV-114] - Race condition in InvocationManager
• [APPSERV-142] - Payara Micro doesn't shutdown when invoked with –warmup
• [CUSTCOM-12] - Unexpected errors when updating SSH node security properties
• [CUSTCOM-22] - HTTP/2 Push Can't be Disabled
• [CUSTCOM-133] - Accessing a URL before any application is deployed disables JASPIC SAM authentication
• [CUSTCOM-179] - PrimeFaces AutoSelect Event is Null within Custom Component
• [CUSTCOM-194] - The delete-jvm-options command shouldn't require to specify the Java version prefix
• [CUSTCOM-205] - On ZuluJDK 8.44, accessing HTTPS gives NoSuchMethodError
• [CUSTCOM-213] - generate-encryption-key Command Always Creates Key for Default Domain
• [CUSTCOM-219] - Fix support for set-batch-runtime-configuration --schemaName for MySql and Postgres
• [CUSTCOM-223] - Datagrid Encryption Enabled Message Printed even if it isn't
• [CUSTCOM-237] - In Weld, parallel execution mode for async observers doesn't trigger all observers (IllegalStateException: Security context is already associated)
• [CUSTCOM-247] - Custom realm defined in web.xml isn't used for SOAP services secured using WS security policy
• [CUSTCOM-253] - Patch ArrayIndexOutOfBoundsException defect in Mojarra
• [CUSTCOM-254] - NumberFormatException when parsing a HTTP header in metrics
• [CUSTCOM-260] - {Community - sgflt] - Deadlock in HA session management
• [CUSTCOM-261] - Remove jakarta.transaction.cdi:jakarta.transaction.cdi-api from Payara BOM as it is wrong
• [CUSTCOM-262] - HZ_LISTENER_PORT property error when setting system properties via the admin console
• [CUSTCOM-263] - HTTPS doesn't work on JDK 8u252
• [CUSTCOM-264] - Client mode debugging (server=no) doesn't work with JDK>=9
• [CUSTCOM-265] - Starting the domain with JSON Log formatter causes the server log to rotate
• [CUSTCOM-266] - JSP/JSF startup issues when using Payara Micro RootDir launcher
• [CUSTCOM-271] - Metric endpoint fails to parse Accept header from Telegraf
• [CUSTCOM-273] - Support for all AjaxBehaviourEvent classes, extension to CUSTCOM-179
• [CUSTCOM-284] - Remove Expired Certificates
• [ECOSYS-157] - OpenID Connect Caller's name and groups are null
• [ECOSYS-161] - [Community - NikitaZ] OAuth2AccessToken empty instance injected

Component Upgrades

• [APPSERV-80] - Upgrade Weld to 3.1.4.Final
• [APPSERV-109] - Update EclipseLink to 2.7.6
• [APPSERV-110] - Update Grizzly to 2.4.4
• [CUSTCOM-40] - [BREAKING CHANGE] Upgrade to Yasson 1.0.6
• [CUSTCOM-211] - Upgrade Trilead SSH 2 to support ECDSA keys