Release notes - Payara Platform Enterprise 5.42.0

Supported APIs and Applications

  • Jakarta EE 8

  • Java EE 8 Applications

  • MicroProfile 4.1

Security Vulnerability

We recently discovered and fixed an important security vulnerability within the Payara Server and Payara Micro products. A path traversal security issue was found when the application is deployed under the ROOT context root (/), which allowed a hacker to read from the file system of the server running the application. We highly recommend that you upgrade to this version to avoid the security issue.

Improvement

  • [FISH-5980] Add Option to use ForkJoinPool for Managed Executor Services

Security Fix

  • [FISH-6459] Vulnerability exploit using ROOT context root deployment

Bug Fixes

  • [FISH-6392] Improve memory management of ALPN negotiator maps in Grizzly NPN NegotiationSupport class

  • [FISH-6389] Update Woodstox-core to 5.3.0

  • [FISH-6298] OpenAPI document doesn’t take into account multiple applications deployment

  • [FISH-6276] The Healthcheck Service for Hogging threads throws ArithmeticException

  • [FISH-6072] WebSocket Redeployment Fails

Component Upgrade

  • [FISH-6471] Upgrade Docker Image JDK Versions to 8u345, 11.0.16, 17.0.4