What's new in Payara Server 171?

Kick-starting yet another year, we are pleased to announce our largest release yet - Payara Server 4.1.1.171. Building on a year's worth of updates and improvements, in this release, you can find 18 brand new features and over 60 new fixes and enhancements for Payara Server & Payara Micro! Given the size of the additions, look out for detailed blogs in the near future. For now, check out below for a summary of the changes in 171 release, and have a look at the full release notes.

Payara Server Long Term Support

Uniquely for support customers, 171 will be our first Long Term Support version, with patches and fixes provided for the next 12 months!

This new branch of Payara Server will boost the stability of your production environments throughout the year as we focus on reliability and polishing Payara Server 4.1.1.171. Long Term Support has also been implemented for all other distributions (including Payara Micro), so if you are an active user of these you will be benefited as well.

If your key deliverable is stability and consistency, rather than new features, we recommend you to get a support subscription to fully benefit from this Long Term Support release.

New notifiers for the Notification Service

Expanding the notification service introduced with Payara Server 163, we have further built on Payara Server's notification capabilities.

Notification events can now be transmitted using multiple channels:

• via mail notification using the JavaMail API;
• via standard JMS using managed resources;
• via SNMP traps;
• to a XMPP server;
• to a HipChat room;
• to a Slack Channel.

Admin Console integration for the Health Check Service

Taking advantage of the expanded notification service, 171 includes a new Admin Console integration for the Health Check Service. It is now possible to configure the monitoring of hogging threads, heap, CPU, machine memory, garbage collection, and connection pools directly from the Admin Console. Combined with the new notifiers it is easier than ever to set up remote notifications on the status of your servers and view their health over a period of time.

Public API JAR

Whereas prior to Payara Server 4.1.1.171 you would have to add either Payara Server or Payara Micro as a dependency to import Payara Server specific features such as @Traced and JCache features (to name two), with the new Public API the whole process is far easier. Now all it takes is to add the new Public API JAR as a Maven dependency! Details on how to do this will be explained in a separate blog soon.

CDI Remote Events are now available to Payara Server

Starting from release 153, an extension to CDI events was included with Payara Micro that allows the sending and receiving of custom "remote" events to other instances that leave on the same cluster. This feature is now  included in Payara Server Full Profile, along with new enhancements that allow developers to take advantage of this feature within a Hazelcast cluster.

Additional changes to Payara Micro

More details of the new features included with Payara Micro 171 are explored in a separate blog article here; the highlights include:

• New JAR structure
• Asadmin commands can now be used with Payara Micro
• Further Hazelcast improvements

Minor New Features

We've also added plenty of other new features in this release, with some highlights being:

• Simplified Rolling Upgrades;

• Historical Health Checks and Request Tracing capabilities;
• Configure Hazelcast Host aware partition groups in the administration console;
• Keep trace of top and slow SQL queries;
• Environment variable substitution in the domain.xml configuration.

Component Upgrades

• Hazelcast upgraded to 3.7.4
• EclipseLink upgraded to 2.6.4
• Mojarra upgraded to 2.2.14
• Jackson upgraded to 2.8.5
• Jettison upgraded to 1.3.8
• asm-commons upgraded to 5.0.3
• Weld upgraded to 2.4.1.Final

Security Fixes

Payara Server 171 also includes a number of fixes for critical vulnerabilities:

• PAYARA-989 Fixed Directory Traversal Vulnerability
• CVE-2016-3092 Upgrade Apache Commons Fileupload
• CVE-2016-0763 Protect ResourceLinkFactory when running with SecurityManager
• CVE-2016-3427 (CVE-2016-8735) Adapted to Oracle JDK Fix
• CVE-2013-2035 Upgrade jline to avoid native library overwrites