Payara Enterprise 5.28.0 Release Notes

Supported APIs and Applications

  • Java EE 8 Applications

  • Jakarta EE 8

  • MicroProfile 3.3

Notes

Metro (JAX-WS implementation) remote code vulnerability

We have fixed a remote code vulnerability in the Metro framework. If you have an application deployed on Payara Server that makes use of any JAX-WS features, please update your environment as soon as possible.

New Features

  • [FISH-1021] - Add Support for Setting the HSTS Header

Improvements

  • [FISH-1311] - (Community Contribution - AngelTG2) asadmin create-password-alias is very slow when there are many aliases created

  • [FISH-1304] - (Community Contribution - avpinchuk) Basic Auth support for the remote GAV retrieval during uber jar creation for Payara Micro

  • [FISH-1295] - Code cleanup in security-core module

  • [FISH-1287] - Admin console responds very slowly when remote instances are slow to respond

  • [FISH-1286] - Add missing JDK 11 packages to OSGI

  • [FISH-987] - Add option to disable evaluating Class references in EL in JSPs

Bug Fixes

  • [FISH-1289] - Race condition in Payara Micro initialization

  • [FISH-1214] - Fix ConfigParser Throws Exception when Parsing Domain.xml From CLICommand.

  • [FISH-1178] - Failure to load resources by applications in parallel

  • [FISH-84] - ELResolver cannot handle a null base Object with identifier in EAR

Security Fixes

  • [FISH-1274] - Vulnerability in Metro’s WSDL Code Importing/Parsing - Remote Code Execution