It's the final release of the year and the final release of Payara 5 Community!
Payara Platform Community 6.2022.2 brings 20 component upgrades, 8 bug fixes, 2 security fixes and 4 improvements. Payara Platform Enterprise 5.46.0 brings 45 component upgrades, 13 bug fixes, and 2 security fixes.
Payara Platform Community 5.2022.5 is the final release of the Payara 5 Community stream.
All releases contain a key fix for a vulnerability in web applications deployed as the default module of an instance's virtual server configuration. Read more details below!
You can request Payara Platform Enterprise 5.46.0here.
You can download Community 6.2022.2 and 5.2022.5here.
Final Release: Payara 5 Community
Payara 5 Community reaches its end this month. This final release is focused on clearing as many possible bugs as possible, and updating various components.
After thisit will no longer be maintained;there will be no more bug fixes, component upgrades or improvements. In short, it will no longer be safe to use.
You must either:
- Upgrade to Payara 6 Community and Jakarta EE 10
- Move to Payara 5 Enterprise to stay with Payara Platform 5 and Jakarta EE 8 (or earlier)
The December 2022 Payara Enterprise Release (requesthere) includes 45 component upgrades, 13 bug fixes, and 2 security fixes.
Payara Community 6.2022.2 (downloadhere) includes 20 component upgrades, 8 bug fixes, 2 security fixes and 4 improvements.
Payara 5 Community's final release (downloadhere) includes 46 component upgrades, 12 bug fixes, 2 security fixes, and 2 improvements.
See a more detailed overview of the fixes and improvements in the Release Notes:
- Payara Platform Enterprise Edition 5.46
- Payara Platform Community Edition 6.2022.2
- Payara Platform Community Edition 5.2022.5
Vulnerability Found & Fixed: Check if It Affects You
We received a report of a recent vulnerability that allows penetration attacks on web applications that are deployed as the default module of an instance’s virtual server configuration. The vulnerability in question allows attackers access to protected web resources that are guarded using standard Jakarta Authentication constraints.
If you deploy a web application on Payara Server under these conditions, you are affected, so please make sure to update your environments to use the latest released version to prevent any issues. If you do not use the default module configuration feature of web virtual servers in Payara Server, then there is no cause for immediate concern as this flaw will not affect you. Payara Micro is not affected by this vulnerability.
As usual, Payara Enterprise customers can request patch builds if upgrading their environments immediately is not an option.
Thank you to Luc Creti and Jean Michel Note, ofAtos Group, for detecting this.