The August 2021 Payara Platform release is here! Payara Platform Enterprise 5.30.0 includes 8 bug fixes, 2 component upgrades, 2 security fixes and 4 new features. The Payara Platform Community 5.2021.6 release offers 7 bug fixes, 1 component upgrade, 2 security fixes, and 3 new features.
And don't forget to join the 'August Release Overview + OAuth2 & OpenIdConnect Authentication & Authorization' webinar with Rudy De Busscher on Tuesday, the 24th of August at 3PM BST - find out more & register here.
Read more below to learn more about the highlights of this release.
Support for Multi-Tenant Control for OIDC Security in an Application
A Payara Enterprise Customer requested an update to the OIDC Security integration and the Payara development team decided to make the feature available to all Payara Platform users.
Until this release, there was no way to define multi-tenant control for the integration of OIDC security in your application. But when your application is used by different groups of people, belonging to different customers, a different OpenId Connect provider should be contacted depending on how a user accesses the application. With this feature, you can determine which OIDC configuration is used based on the URL called, for example.
Fixed a Security Vulnerability in Jackson-Databind Dependency 2.10.2
A flaw discovered in FasterXML Jackson Databind meant it did not have entity expansion secured properly. This flaw opened the door to potential XML external entity (XXE) attacks that could involve a loss of data integrity.
This security vulnerability is not a problem when you use Jackson-Databind with this month's release of the Payara Platform as the team upgraded the version of the library within Payara to the fixed Jackson-Databind version to eliminate security concern related to this vulnerability.
Ability to Use the OpenID Connect Protocol with Any Client and Browser
OpenID Connect adds an identity layer on top of the 0Auth 2.0 protocol so clients can verify the identity of end users from authentication performed by the authorization server. The OpenID Connect presents the signed JWT Access token in the request for server validation. If the server validates and accepts the request, it can proceed with the authentication and authorization info present in the token.
Support for MicroProfile 4.1
While support for MicroProfile 4.0 has been available in Payara Community since 5.2021.1 we’ve waited to add it to Payara Enterprise because it creates breaking changes. MicroProfile 3.3 was based on Java EE 8.0 artifacts, while MicroProfile 4.1 is based on Jakarta 8.0 artifacts. Please note if you use MicroProfile and upgrade to this Payara Enterprise release you may have to change config values or make updates to your applications using MicroProfile.
In addition to upgrading from MicroProfile 3.3 to 4.1 support in Payara Enterprise, we also upgraded from MicroProfile 4.0 to 4.1 support in the Payara Community Edition by implementing MicroProfile Health 3.1 to introduce a @Startup annotation.
The most important breaking changes can be found on the following documentation pages:
- MicroProfile Config
- MicroProfile Fault Tolerance
- MicroProfile Health Check
- MicroProfile Metrics
- MicroProfile Open API
- MicroProfile OpenTracing
Ecosystem Improvement: Hot Reload within Payara Micro Plugin for Maven and Gradle
Hot Reload was implemented in Payara Micro since 5.201 and is also available within NetBeans and VSCode 1.1. As of the August 2021 Payara Platform release, the Hot Reload functionality is now also available within the Maven and Gradle plugins for Payara Micro.
Instead of an entirely new deployment, the Payara Micro Plugin for Maven and Gradle uses Hot Reload to update the classloader and internal components relative to the modified source so that subsequent deployments are faster.
The August 2021 Payara Enterprise Release (request here) includes 8 bug fixes, 2 component upgrades, 2 security fixes and 4 new features, while the Community Release (direct download here) includes7 bug fixes, 1 component upgrade, 2 security fixes, and 3 new features.
See more detailed overview of the fixes and improvements in the Release Notes:
Release Overview Webinar
Don't forget to join the 'August Release Overview + OAuth2 & OpenIdConnect Authentication & Authorization' webinar with Rudy De Busscher on Tuesday, the 24th of August at 3PM BST - find out more & register here.