See 'Part 1 - Configuring the LDAP Server' here.

In this three-parts article series I will illustrate the implementation of the LDAP integration using a sample scenario: integrate Payara Server with a LDAP user directory and manage the authentication and authorization of a sample web application.

One of the most common administration tasks with Payara Server, as well as with any web server, is to set up certificates to secure either HTTP protocol or remote access to Payara Server administration interface. You might have a self-signed certificate or a certificate signed by a trusted authority. In both cases it is pretty easy to add them to a Payara Server domain and use them to secure communication channels. 

This hot fix removes an arbitrary file read exploit that allows an attacker to read the content of any file on the server hosting the DAS. This exploit attacks the administration console with a specific string, bypassing secure administration and any required login details. Therefore, if the administration console is not publicly accessible, and Payara Server is running under a restricted user (as per best practice), then the risk is minimised.