Release notes - Payara Platform Enterprise 5.42.0

Supported APIs and Applications

Jakarta EE 8
Java EE 8 Applications
MicroProfile 4.1

Note

Security Vulnerability

We recently discovered and fixed an important security vulnerability within the Payara Server and Payara Micro products. A path traversal security issue was found when the application is deployed under the ROOT context root (/), which allowed a hacker to read from the file system of the server running the application. We highly recommend that you upgrade to this version to avoid the security issue.

Improvements

[FISH-5980] Add Option to use ForkJoinPool for Managed Executor Services

Security Fixes

[FISH-6459] Vulnerability exploit using ROOT context root deployment

Bug Fixes

[FISH-6392] Improve memory management of ALPN negotiator maps in Grizzly NPN NegotiationSupport class

[FISH-6389] Update Woodstox-core to 5.3.0

[FISH-6298] OpenAPI document doesn’t take into account multiple applications deployment

[FISH-6276] The Healthcheck Service for Hogging threads throws ArithmeticException

[FISH-6072] WebSocket Redeployment Fails

Component Upgrades

[FISH-6471] Upgrade Docker Image JDK Versions to 8u345, 11.0.16, 17.0.4