Releases: payara/Payara
Payara Server Community Edition 6.2021.1.Alpha1
Payara Community 6.2021.1.Alpha1 Release Notes
Supported APIs and Applications
-
Jakarta EE 9.1
-
Jakarta EE 8
-
Java EE 8 Applications
Payara Server Community Edition 5.2021.4
Payara Community 5.2021.4 Release Notes
Supported APIs and Applications
Jakarta EE 8
Java EE 8 Applications
MicroProfile 4.0
Payara Server Community Edition 5.2021.3
Release notes - Payara Platform Development - Version 5.2021.3
Notes
Metro (JAX-WS implementation) remote code vulnerability
We have fixed a remote code vulnerability in the Metro framework. If you have an application deployed on the Payara Server that makes use of the JAX-WS features, please update your environment.
Release Notes
New Feature
- [FISH-1021] - Add Support for Setting the HSTS Header
Improvement
- [FISH-1311] - (Community Contribution - AngelTG2) asadmin create-password-alias is very slow when there are many aliases created
- [FISH-1304] - (Community Contribution - avpinchuk) Basic Auth support for the remote GAV retrieval during uber jar creation for Payara Micro
- [FISH-1295] - Code cleanup in security-core module
- [FISH-1287] - Admin console responds very slowly when remote instances are slow to respond
- [FISH-1286] - Add missing JDK 11 packages to OSGI
- [FISH-987] - Add option to disable evaluating Class references in EL in JSPs
Bug Fixes
- [FISH-1297] - Payara fails to start in certain network configurations
- [FISH-1293] - Disassociate ClusteredStore from tenants
- [FISH-1289] - Race condition in Payara Micro initialization
- [FISH-1214] - Fix ConfigParser Throws Exception when Parsing Domain.xml From CLICommand.
- [FISH-84] - ELResolver cannot handle a null base Object with identifier in EAR
Component Upgrade
- [FISH-858] - Upgrade Hazelcast 4.1 > 4.2 with Tenant Control
Security
- [FISH-1274] - Vulnerability in Metro's WSDL Code Importing/Parsing - Remote Code Execution
Payara Server Community Edition 5.2021.2
Release notes - Payara Platform Development - Version 5.2021.2
Notes
Jakarta EE 9 Support
In this release, we have fixed several issues relating to our Jakarta EE 9 Web Component (Servlet, JSTL and JSF) support through Eclipse Transformer. This is as a part of our ongoing effort to close the migration gap between major Jakarta versions before we provide full support for Jakarta EE 9. We encourage users to try updating their applications to Jakarta EE 9 with Eclipse Transformer, and raising any discovered bugs on our Github issue tracker.
New Feature
- [FISH-1064] - Asadmin to clear out old job executions of JBatch in all supported databases
Improvement
- [FISH-1079] - (Community - poikilotherm) Make MPCONFIG in TranslatedConfigView debugable
- [FISH-1094] - (Community - avpinchuk) Make Micro boot-time deployment more reliable
- [FISH-1171] - Make Enabled Parameter of set-healthcheck-configuration Command Optional
- [FISH-1172] - Make Enabled Parameter of set-admin-audit-configuration Command Optional
- [FISH-1186] - Support server-node Docker Image within Kubernetes
- [FISH-1213] - Remove "Data Grid Group Password" as no longer used with Hazelcast 4.x
Bug Fixes
- [FISH-514] - Fix Inconsistent behaviour when a domain backup is created
- [FISH-625] - Jakarta EE 9: Jakarta Faces Sevlet definition not supported
- [FISH-760] - MicroProfile OpenAPI application not detected
- [FISH-984] - Max Wait Time isn't respected when the JDBC pool is locked for a long time
- [FISH-1014] - [Community Contribution] Variables in @DatasourceDefinition not applied to 'className'
- [FISH-1061] - Fix NullPointer when Configuring a Notifier against a non-DAS Instance or Config
- [FISH-1069] - Fix Fault Tolerance service parameters and documentation
- [FISH-1084] - NullPointerException when getting monitoring data for JDBC
- [FISH-1158] - OpenAPI document creation failed when using @Schema annotation with Enum missing a nullcheck
- [FISH-1173] - Fix NullPointerException on Boot
- [FISH-1177] - Undeploy servlet NPE race condition
- [FISH-1178] - Failure to load resources by applications in parallel
- [FISH-1181] - Fix Conflicting --port Parameters in set-snmp-notifier-configuration/notification-snmp-configure Command
- [FISH-1182] - Fix Conflicting --port Parameters in set-xmpp-notifier-configuration/notification-xmpp-configure Command
- [FISH-1192] - Jakarta EE 9: Duplicate entry ZipException is thrown on transforming web application servlet_plu_singlethreadmodel_web.war
- [FISH-1193] - Jakarta EE 9: jakarta.servlet.http.* imports ignored by Payara transformer in JSP files
- [FISH-1194] - Jakarta EE 9: IllegalArgumentException jakarta.mail.Session is not an allowed property value type
- [FISH-1196] - Jakarta EE 9: Servlet Constant value namespace transformation ignored e.g jakarta.servlet.context.tempdir
- [FISH-1205] - Jakarta EE9: JSTL classes transformation is ignored in tld file
- [FISH-1206] - Jakarta EE9: JSF constants transformation is ignored
Payara Server Community Edition 5.2021.1
Payara Community 5.2021.1 Release Notes
Supported APIs and Applications
- Jakarta EE 8
- Java EE 8 Applications
Notes
MicroProfile 4.0
Following the 5.2021.1 release, we’ve upgraded Payara Platform to be compatible with the specifications present in version 4.0 of MicroProfile. You should be able to test your MicroProfile 4.0 compatible applications using this Community release. If you discover any issues, or have any related questions, please raise them on our GitHub repository.
Asadmin Command to Clear old JBatch Executions
A new command has been introduced with FISH-108 to remove old JBatch executions left around in the database. It is a known issue that this command currently only works with H2 database. In a future iteration, this will be generalised to cover a broader range of databases.
Hazelcast 4.0 Upgrade
It is important to note in this release that with the upgrade of Hazelcast to version 4.0, support for rolling updates from previous versions of Payara Community Edition to 5.2021.1 will not be supported.
New Features
- [FISH-105] - Migrate EJB Timers from Live Instances
- [FISH-108] - Asadmin to clear out old job executions of JBatch in H2
- [FISH-658] - MP Config 2.0 Upgrade
- [FISH-659] - MP Fault Tolerance 3.0 Upgrade
- [FISH-662] - MP Metrics 3.0 Upgrade
- [FISH-663] - MP OpenAPI 2.0 Upgrade
- [FISH-664] - MP OpenTracing 2.0 Upgrade
- [FISH-665] - MP Rest Client 2.0 Upgrade
- [FISH-753] - Remove Production Domain Template From Community Version
- [FISH-788] - [Community - poikilotherm] Support sub-directories for MPCONFIG SecretDirConfigSource
- [FISH-868] - [Community - ghunteranderson] MP-JWT public key location respects HTTP cache headers
Improvements
- [FISH-374] - Remove Support Portal integration from Community Edition
- [FISH-427] - Configure MP Config cache duration through System properties or ENV variables
- [FISH-759] - [Community - sgflt] Sort Instance names in alphabetical order in the Admin Console 'Instances' drop down
- [FISH-886] - [Community - avpinchuk] Deploy GAV from local repository
- [FISH-992] - [Community - cfiguera] Default values in data source definitions when translating values
- [FISH-1006] - Cleanup of glassfish-batch-connector
### Bug Fixes
- [FISH-222] - HTTP2 tests from h2spec fail with timeout on HTTPS listener
- [FISH-462] - TLSv1.3 is not listed as a supported SSL Protocol
- [FISH-464] - Race condition in Grizzly's HTTP/2
- [FISH-505] - Server instance tries to load Application not assigned to instance
- [FISH-515] - HTTP POST request returns 500 on Zulu JDK8
- [FISH-631] - Infinite loop in Grizzly SSL handshake causing deadlock
- [FISH-642] - Application Logging not performed on Payara 5 Cluster instances
- [FISH-652] - Error in MP JWT validation when retrieving JWKS key from remote location
- [FISH-743] - HK2 Class Parsing ClassCastException
- [FISH-744] - When creating a Resource Adapter Config via Admin Console only thread pools from 'Server-Config' is listed under Thread Pool ID
- [FISH-765] - [Community - sgflt] WebModule doesn't respect virtual server configuration
- [FISH-790] - Refactor, fix bugs and make immutable JavaEEContextUtil
- [FISH-796] - Fix Clustered Singleton bugs / add tests
- [FISH-876] - Incorrect Hashicorp Vault MP Config source blocks deployment and usage of MP Config
- [FISH-877] - Cloud MP Config Sources ignore ordinal defined in Domain
- [FISH-885] - OpenAPI document creation failed when using @Schema annotation with Enum
- [FISH-892] - Hashicorp vault secret value not picked up by MicroProfile after restart domain
- [FISH-990] - OpenTracing Active Span is NULL when retrieved in EJB tracer on remote execution
- [FISH-994] - [Community - sgflt] Package jaxws opentracing to embedded Payara
- [FISH-1007] - [Community - sgflt] Payara logback libs produce NPE
- [FISH-1015] - [Community - avpinchuk] Add appropriate application name to GAV deployments
- [FISH-1017] - [Community - bjetal] Payara can close JarFile instances used by current URLClassLoaders
- [FISH-1018] - Class Loader leaks on redeploy
- [FISH-1019] - [Community - bhanuunrivalled] GlassFishProperties NPE when initialised with null properties
Component Upgrades
- [FISH-791] - Upgrade to Hazelcast 4
Payara Server Community Edition 5.2020.7
Payara Community 5.2020.7 Release Notes
Supported APIs and Applications
- Jakarta EE 8
- Java EE 8 Applications
Notes
MicroProfile 4.0
As MicroProfile moves toward the 4.0 final release, the Payara team has simultaneously been working to ready the Payara Platform for MicroProfile 4.0 compatibility. In this Payara Platform Community Release, you can give two of the MicroProfile specification release candidates a try: MP Health 3.0 and MP JWT Auth 1.2. This technically breaks MicroProfile 3.3 support, although functionally the MicroProfile 3.3 TCK will only fail on the @Health
annotation removal.
Production Domain Removal
As part of our ongoing effort to reduce bloat in Payara Community
Edition, we have removed the production domain from the distributions.
The template for this domain
(common/templates/gf/production-domain.jar
) is still available,
although this too will be removed in a future release. Note that Payara
Enterprise Edition will still contain the production domain.
New Features
- [FISH-330] - Implement
LDAP MicroProfile Config Source - [FISH-338] - Create
Hashicorp Cloud Vault MicroProfile Config Source - [FISH-660] - MP Health 3.0
Upgrade - [FISH-661] - MP JWT Auth
1.2 Upgrade
Improvements
- [FISH-327] - Implement
MicroProfile Sniffer and Engine - [FISH-375] - Remove
production domain from community version - [FISH-651] - Allow JWT
verification to skip type validation - [FISH-732] - Improve
message when same name is used in metrics.xml for exposed AMX bean.
Security fixes
- [FISH-731] - Upgrade
Hibernate Validator to 6.1.5.Final
Bug Fixes
- [FISH-206] - @RolesAllowed
annotation in method prevents unauthenticated calls to other methods in
remote EJB - [FISH-275] - Deployment
fails if system properties in persistence.xml are only defined in the
target config and not in DAS config - [FISH-431] - OpenAPI
document shows ejb-timer-service-app as server URL when EJB timer
available - [FISH-657] - no
element When deploy WebServices - [FISH-747] - Azure Secret
Secret Configuration screen on Web Admin console fails - [FISH-761] - [Community -
bjetal] Deployment of unpacked WAB fails when
using Felix fileinstall - [FISH-763] - [Community -
sgflt] Embedded Payara is unable to start - [FISH-766] - [Community -
sgflt] Improper synchronization of session map - [FISH-767] - Missing
ejb-opentracing.jar in manifest of gf-client.jar - [FISH-777] - [Community -
avpinchuk] Exclude OpenAPI rest endpoint
from tracing
Payara Server Community Edition 5.2020.6
Payara Server Community Edition 5.2020.5
Release Notes
Notes
Tech Preview: Run Jakarta EE 9 Applications
This release includes tech preview functionality to run Jakarta EE 9 applications on Payara Server and Payara Micro. This does not, however, make this edition of Payara Platform Community Jakarta EE 9 compatible, and we do not recommend using this functionality in production at this time. This should not affect the ability to run Jakarta EE 8 applications. See ‘FISH-256’ for more details.
New Notifier Extensions
FISH-315 gave the notification service a major overhaul that makes implementing new notifiers in a modular fashion easier. This has facilitated the rewrite of the notifiers as extensions (https://github.com/payara/Notifiers) and the implementation of new Discord (FISH-471) and Microsoft Teams (FISH-370) notifiers. Note that the notifiers that were previously removed from Payara Platform Community Edition (now found at the above link) are still available by default in Payara Enterprise Edition.
New Features
-
[FISH-256] - Identify, Transform, and Run jakarta.* application (Tech Preview Only)
-
[FISH-333] - Add MicroProfile Health Readiness Checks
-
[FISH-370] - Add Microsoft Teams Notification channel
-
[FISH-471] - Add Discord Notification Channel
Improvements
-
[FISH-141] - Support additional fields with LogRecord when using JsonLogFormatter
-
[FISH-154] - Support log-jdbc-calls attribute in xml used by asadmin commands create-jdbc-connection-pool and add-resources (through xml)
-
[FISH-315] - Implement New Public Notifier API
-
[FISH-316] - Upgrade New Relic Notifier to Implement New Notifier API
-
[FISH-317] - Upgrade XMPP Notifier to Implement New Notifier API
-
[FISH-318] - Upgrade SNMP Notifier to Implement New Notifier API
-
[FISH-319] - Upgrade Slack Notifier to Implement New Notifier API
-
[FISH-320] - Remove Hipchat Notifier
-
[FISH-321] - Upgrade Datadog Notifier to Implement New Notifier API
-
[FISH-322] - Upgrade Email Notifier to Implement New Notifier API
-
[FISH-323] - Upgrade JMS Notifier to Implement New Notifier API
-
[FISH-324] - Upgrade Eventbus Notifier to Implement New Notifier API
-
[FISH-325] - Upgrade CDI Eventbus Notifier to Implement New Notifier API
-
[FISH-389] - Add Transaction ID as a Baggage Item to Spans
-
[FISH-426] - Store initial request path when accessing protected resource with OpenIdAuthenticationMechanism
-
[FISH-441] - StatsProviderManagerDelegate should write warning instead of throwing Exception when stats provider info is not found.
-
[FISH-449] - Oracle 19C Not Autodetected by EclipseLink
-
[FISH-459] - Cleanup of sonar warnings in jdbc40 module
Security fixes
- [FISH-381] - Upgrade Nimbus JOSE+JWT to 8.20
Bug Fixes
-
[FISH-25] - SOAP Web Service Tester not working correctly (JDK 11)
-
[FISH-37] - @DataSourceDefinition passes serverName and url to DataSource in some cases
-
[FISH-48] - OpenAPI document failed to use Generics within @Schema
-
[FISH-55] - Creating Java Mail Session targetted to Deployment Group fails
-
[FISH-59] - Payara Micro --enableRequestTracing argument not accepting values
-
[FISH-66] - Zip file closed on EJB initialization
-
[FISH-82] - Command Line option --warmup results in an Exception when Payara Micro instance stops when Request Tracing is activated
-
[FISH-89] - Possible NPE in request tracing during startup
-
[FISH-90] - wscompile NoClassDefFoundError with jdk 8
-
[FISH-93] - wsgen NoClassDefFoundError with jdk 11
-
[FISH-99] - OpenAPI APIResponse.Content.Schema sometimes shows only partial result
-
[FISH-196] - EJB injection in EJB Stateless based JAX-RS resource doesn't work in EAR.
-
[FISH-198] - IllegalArgumentException on accessing the deploy asadmin REST endpoint with upload flag
-
[FISH-379] - Admin Console Masthead Looks Different Between Firefox and Chrome
-
[FISH-388] - Fix NPE when printing out Active Span
-
[FISH-391] - OutOfMemoryError exception caused by OpenApi refactor
-
[FISH-392] - Trace gets started even when RequestTracing is disabled.
-
[FISH-393] - asadmin command list-rest-endpoints doesn't list PATCH methods
-
[FISH-396] - When _JAVA_OPTIONS specified, Payara Server incorrectly detects Java version for JVM options
-
[FISH-407] - List of enabled application targets are not always correct
-
[FISH-446] - [Community Contribution: svendiedrichsen] Access to /metrics endpoint may cause ConcurrentModificationException
-
[FISH-447] - TCK Failure Websocket module. Relates to HTTP2
-
[FISH-474] - Admin Console doesn't display JDK distribution specified for a JVM option
-
[FISH-477] - Deployment Group Properties are Ignored
-
[FISH-509] - Deployment failure due to 'The lifecycle method [postConstruct] must not throw a checked exception.'
Component Upgrades
- [FISH-604] - EclipseLink 2.7.7
Payara Server Community Edition 5.2020.4
Release Notes
New Features
- [FISH-8] - Add-Widget-Wizard
- [FISH-244] - Expand Open Tracing Support across Remote EJB Calls
Improvements
- [FISH-257] - Domain Status Indicator
- [FISH-266] - Remove New Relic Notifier
- [FISH-267] - Remove XMPP Notifier
- [FISH-268] - Remove SNMP Notifier
- [FISH-269] - Remove Slack Notifier
- [FISH-270] - Remove HipChat Notifier
- [FISH-271] - Remove Email Notifier
- [FISH-272] - Remove Datadog Notifier
- [FISH-273] - Remove Yubikey Authentication Mechanism
- [FISH-314] - Add TLS 1.3 support for OpenJDK 8
Bug Fixes
- [FISH-35] - Payara Micro system property payaramicro.logPropertiesFile and payaramicro.enableAccessLog do not work
- [FISH-45] - The Jackson-dataformat-XML OSGi module cannot be resolved in Payara 5
- [FISH-53] - Using Span.finish() doesn't finish a Propagated Span
- [FISH-68] - @DatasourceDefinition not picking MicroProfile Configuration properties
- [FISH-342] - Community Contribution: CopyOnWriteArrayList throws expected exceptions in WebdavServlet
Component Upgrades
- [FISH-287] - Update Monitoring Console to 1.3
Payara Server Community Edition 5.2020.3
Release Notes
Improvements
- [FISH-6] - Multiple Data Series in a Graph
- [FISH-31] - HTTP/2 Support for JDK Native ALPN APIs
- [FISH-128] - OpenAPI does not include APIs from jars within a war (other jars)
- [FISH-148] - Support multirelease JARs in WARs
- [FISH-151] - Implement MicroProfile JWT-Auth 1.1.1
- [FISH-171] - Support for multi HTTPAuthenticationMechanism
- [FISH-205] - Allow dynamic reconfiguration of log levels for Payara Micro instance
- [FISH-208] - Improvements in stop-domain process
- [FISH-219] - Indicate missing default value when using custom template for create-domain
Bug Fixes
- [FISH-42] - OpenAPI document has duplicate Tag items
- [FISH-50] - JDK11 illegal reflective access by OpenAPI document generation
- [FISH-56] - OpenAPI document doesn't use @Schema when class is in jar dependency of the project
- [FISH-70] - JsonArray as return type breaks the OpenAPI document generation
- [FISH-92] - OpenAPI document fails for bidirectional references
- [FISH-197] - JDBCRealm requires the Message Digest field although a default value should be used
- [FISH-207] - Disabling applications via their deployment group targets not working
- [FISH-211] - PayaraMicro APIs not initializable when run via RootLauncher
- [FISH-236] - GitHub #4688 Typo in docker file - removal of /tmp/tmpfile
- [FISH-260] - Missing invocation on top of invocation stack
- [FISH-263] - Community Contribution: NPE when enabling versioned application with Microprofile Config
Component Upgrades
- [FISH-243] - Update Monitoring Console Process to 1.2.1