The April 2022 Payara Platform release is here! Payara Platform Community 5.2022.2 brings 13 bug fixes, 2 component upgrades, 3 improvements and 3 security fixes, whilst Payara Platform Enterprise 5.38.0 includes 2 bug fixes, 1 improvement and 4 security fixes.
It includes the fix for "Spring4Shell", and improved support for Jakarta EE 9, as you can now run Jakarta EE 9 applications using PrimeFaces.
This release also gives Payara users the ability to use gRPC, the Google Remote Procedure Call Framework.
Please note: This is the penultimate Payara 5 Community release. Payara 6 Community will soon take its place, to be used with Jakarta EE 10. If you want to keep using earlier Java EE/Jakarta EE versions - we encourage you to move to Payara 5 Enterprise.
gRPC Extension Available
Google Remote Procedure Call, orgRPC, is a protocol to communicate between two processes. It is similar to REST but provides more efficient data transfer, meaning its performance is often better. The gRPC protocol is not limited to Java as many languages have support for it.
We responded to a customer request for gRPC to be fully integrated with Jakarta EE APIs, in the same way that components implemented withJakarta Enterprise Beans(also called EJBs) are. We achieved this by providing an option to make stateless EJBs available via gRPC. The Payara Server can then run a gRPC server to handle client requests.
gRPC support is an extension and in both Enterprise and Community needs to be added to the modules directory. You can then pick and choose when it is used. For Community, you will need to build the module yourself and place it in the modules directory. We will be providing a follow-up blog on how to do this. For Enterprise, we have a compiled version ready that customers can download, then place in the modules directory.
The customer who requested this feature fed back that gRPC was faster than other solutions and EJB integration was a major benefit. Find more information in our Documentationhere.
Urgent Fix If Using Spring Framework WAR Packaged Applications
If you are deploying Spring Framework WAR packaged applications in Payara Server, they are affected by the "Spring4Shell" CVE-2022-22965 vulnerability.
We have implemented an urgent fix that effectively disables the affected code in the corresponding Catalina modules. With this release, this hotfix is now available to both Community and Enterprise users.
However, please note that you must also apply fixes issued in Spring Framework 5.3.18 and 5.2.20, available inSpring Boot 2.6.6.,as per their recommendations, to be fully protected.
Ability to Use Jakarta EE 9 and PrimeFaces with Eclipse Transformer
The April Community and Enterprise releases improve support for Jakarta EE 9 and Payara Server 5. You can already use Jakarta EE 9 with Payara 5 Community and Payara 5 Enterprise using theEclipse Transformer Tool, which helps you transform existing Jakarta EE 8 binary to Jakarta EE 9.
Previously, however, you were unable to use Jakarta EE 9, Payara andPrimeFaces.This is no longer the case.
You can now use the UI component library PrimeFaces with your Payara application and Jakarta EE 9 and 9.1.
Penultimate Payara 5 Community Release
Please note, this is the second-to-last Payara 5 Community release. After this, Payara 5 Community will reach end of life and no longer be supported. Payara 6 Community will take its place. This will run with Jakarta EE 10 and there is no guarantee Jakarta EE / Java EE 8 applications will work.
If you are using Payara 5 Community and wish to continue using Jakarta EE / Java EE 8 applications, we encourage you to move to Payara 5 Enterprise. It will continue to be supported as a Jakarta EE 8 certified runtime, using the javax namespace, until 2028 for JDK 8 and JDK 17, and until 2026 for JDK 11. Find more informationhereon specific timelines and our10-year software lifecycle.
The April 2022 Payara Community Release includes 13 bug fixes, 2 component upgrades, 3 improvements and 3 security fixes (downloadhere), whilst the Enterprise Release (request here) includes 2 bug fixes, 1 improvement and 4 security fixes.
See a more detailed overview of the fixes and improvements in the Release Notes: