Payara Community 5.2021.3 Release Notes

Supported APIs and Applications

  • Jakarta EE 8

  • Java EE 8 Applications

  • Jakarta EE 9

  • MicroProfile 4.0


Hazelcast 4.2 Upgrade

With the upgrade of Hazelcast to version 4.2, support for rolling updates from previous versions of Payara Community Edition to 5.2021.3 will NOT be supported.

Metro (JAX-WS implementation) remote code vulnerability

We have fixed a remote code vulnerability in the Metro framework. If you have an application deployed on Payara Server that makes use of any JAX-WS features, please update your environment as soon as possible.

New Feature

  • [FISH-1021] - Add Support for Setting the HSTS Header


  • [FISH-1311] - (Community Contribution - AngelTG2) asadmin create-password-alias is very slow when there are many aliases created

  • [FISH-1304] - (Community Contribution - avpinchuk) Basic Auth support for the remote GAV retrieval during uber jar creation for Payara Micro

  • [FISH-1295] - Code cleanup in security-core module

  • [FISH-1287] - Admin console responds very slowly when remote instances are slow to respond

  • [FISH-1286] - Add missing JDK 11 packages to OSGI

  • [FISH-987] - Add option to disable evaluating Class references in EL in JSPs

Bug Fixes

  • [FISH-1297] - Payara fails to start in certain network configurations

  • [FISH-1293] - Disassociate ClusteredStore from tenants

  • [FISH-1289] - Race condition in Payara Micro initialization

  • [FISH-1214] - Fix ConfigParser Throws Exception when Parsing Domain.xml From CLICommand.

  • [FISH-84] - ELResolver cannot handle a null base Object with identifier in EAR

Component Upgrade

  • [FISH-858] - Upgrade Hazelcast 4.1 > 4.2 with Tenant Control


  • [FISH-1274] - Vulnerability in Metro’s WSDL Code Importing/Parsing - Remote Code Execution