Payara Platform Enterprise 5.42.0 brings 5 bug fixes, 1 improvement, 1 component upgrade and 1 key security fix - of a 0-day vulnerability in all distributions of the Payara Platform that affects web applications that are deployed in the default context root(/).
A release of Payara 6 Community (Alpha 4) and Payara Community Version 5.2022.3 will follow next week. This will bring the fix to Community users, providing they update to these versions.
You can request Payara Platform Enterprise 5.42.0here.
You Must Update - CVE-2022-37422
We have recently detected a 0-day vulnerability in all distributions of the Payara Platform that affects web applications that are deployed in the default context root(/). To this effect, we have prepared a fix.
You must update your environment as soon as possible to remain safe. The safe Enterprise version is Payara Enterprise 5.42.0. The fix will also come out for Payara 4.x and Payara 5 Community next week in Payara Community 5.2022.3 and Payara Enterprise 184.108.40.206.36.
Payara Enterprise - Use ForkJoinPool for Managed Executor Services
Inour June Enterprise release, we increased the functionality of the Managed Exectutor Services, as part of the Jakarta Concurrency specification.
With this Enterprise release, we have added the option to use
ForkJoinPool for Managed Executor Services, meaning you can manage worker threads and get more information from your Managed Executor instances. This is aJava SEfeature brought in toJakarta EEwith Jakarta EE 10 - and now backported to Jakarta EE 8. The Payara 5.2022.3 release next week will also bring this to Community users, alongsideother Concurrency changesalready enjoyed by Enterprise users.
Payara 4 Extended Support Phase Imminent
Enterprise users with applications on Payara Platform version 4.x: please note it will be entering itsExtended Support phasevery soon. You have been emailed about this but monthly patches will stop being released for the current minor version, and we'll stop implementing hotfixes and backport fixes for releases older than 220.127.116.11. Please upgrade your environments!
The August 2022 Payara Enterprise Release (requesthere) includes 5 bug fixes, 1 improvement, 1 component upgrade and 1 Security fix.
See a more detailed overview in the Release Notes: