What's New in the August 2021 Payara Platform Release?

Photo of Debbie Hoffman by Debbie Hoffman

The August 2021 Payara Platform release is here!  Payara Platform Enterprise 5.30.0 includes 8 bug fixes, 2 component upgrades, 2 security fixes and 4 new features. The Payara Platform Community 5.2021.6 release offers 7 bug fixes, 1 component upgrade, 2 security fixes, and 3 new features. 

You can download Payara Platform Community 5.2021.6here and request Payara Platform Enterprise 5.30.0 here. 

And don't forget to join the 'August Release Overview + OAuth2 & OpenIdConnect Authentication & Authorization' webinar with Rudy De Busscher on Tuesday, the 24th of August at 3PM BST - find out more & register here.

Read more below to learn more about the highlights of this release.

Support for Multi-Tenant Control for OIDC Security in an Application

A Payara Enterprise Customer requested an update to the OIDC Security integration and the Payara development team decided to make the feature available to all Payara Platform users.

Until this release, there was no way to define multi-tenant control for the integration of OIDC security in your application. But when your application is used by different groups of people, belonging to different customers, a different OpenId Connect provider should be contacted depending on how a user accesses the application. With this feature, you can determine which OIDC configuration is used based on the URL called, for example.

Fixed a Security Vulnerability in Jackson-Databind Dependency 2.10.2

A flaw discovered in FasterXML Jackson Databind meant it did not have entity expansion secured properly. This flaw opened the door to potential XML external entity (XXE) attacks that could involve a loss of data integrity.

This security vulnerability is not a problem when you use Jackson-Databind with this month's release of the Payara Platform as the team upgraded the version of the library within Payara to the fixed Jackson-Databind version to eliminate security concern related to this vulnerability.

Ability to Use the OpenID Connect Protocol with Any Client and Browser

In the August 2021 release, we've updated the OpenID Connection 'bearer support' so the OpenID Connect protocol can not only be used with browsers, but can now also be used by any client. OpenID Connect allows clients of all types, such as mobile, JavaScript clients, and web-based clients, to request and receive information about authenticated sessions and end-users.

OpenID Connect adds an identity layer on top of the 0Auth 2.0 protocol so clients can verify the identity of end users from authentication performed by the authorization server. The OpenID Connect presents the signed JWT Access token in the request for server validation. If the server validates and accepts the request, it can proceed with the authentication and authorization info present in the token.

Support for MicroProfile 4.1

While support for MicroProfile 4.0 has been available in Payara Community since 5.2021.1 we’ve waited to add it to Payara Enterprise because it creates breaking changes. MicroProfile 3.3 was based on Java EE 8.0 artifacts, while MicroProfile 4.1 is based on Jakarta 8.0 artifacts. Please note if you use MicroProfile and upgrade to this Payara Enterprise release you may have to change config values or make updates to your applications using MicroProfile. 

In addition to upgrading from MicroProfile 3.3 to 4.1 support in Payara Enterprise, we also upgraded from MicroProfile 4.0 to 4.1 support in the Payara Community Edition by implementing MicroProfile Health 3.1  to introduce a @Startup annotation.

The most important breaking changes can be found on the following documentation pages:

Ecosystem Improvement: Hot Reload within Payara Micro Plugin for Maven and Gradle

Hot Reload was implemented in Payara Micro since 5.201 and is also available within NetBeans and VSCode 1.1. As of the August 2021 Payara Platform release, the Hot Reload functionality is now also available within the Maven and Gradle plugins for Payara Micro.

Instead of an entirely new deployment, the Payara Micro Plugin for Maven and Gradle uses Hot Reload to update the classloader and internal components relative to the modified source so that subsequent deployments are faster.

Release Notes

The August 2021 Payara Enterprise Release (request here) includes 8 bug fixes, 2 component upgrades, 2 security fixes and 4 new features, while the Community Release (direct download here) includes7 bug fixes, 1 component upgrade, 2 security fixes, and 3 new features.

See more detailed overview of the fixes and improvements in the Release Notes:

Release Overview Webinar

Don't forget to join the 'August Release Overview + OAuth2 & OpenIdConnect Authentication & Authorization' webinar with Rudy De Busscher on Tuesday, the 24th of August at 3PM BST - find out more & register here.

 

Related Posts

Comments