What’s New in the July 2021 Payara Platform Release?

Photo of Debbie Hoffman by Debbie Hoffman

The July 2021 Payara Platform release is here!  Payara Platform Enterprise 5.29.0 includes 8 bug fixes, 9 improvements, 1 security fix and 1 new feature. The Payara Platform Community 5.2021.5 release offers 13 bug fixes, 1 security fix, 10 improvements, 1 new feature and 1 component upgrade.

You can download Payara Platform Community 5.2021.5 here and request Payara Platform Enterprise 5.29.0 here. 

Read more below to learn more about the highlights of this release.

EL Expression Vulnerability Fixed

We have fixed a vulnerability related to the interpretation of EL expressions filed under the number CVE-2021-28170 for both Enterprise and Community editions.

This release fixes the issue where some combination of identifiers are incorrectly interpreted and a constant expression is evaluated which could lead to unwanted execution of code on the server. Unless you accept user input that is interpreted as expressions, the risk is later low that your application is vulnerable.

New Feature: Support for Multiple KeyStores and TrustStores Makes Upgrading Payara Server Easier

Up until this release, Payara Server (both the Enterprise and Community Editions) could only read from a single KeyStore and TrustStore. Whenever you wanted to upgrade from one Payara version to the next, you had to import your custom SSL certificate into the Payara TrustStore and then import it again when you upgrade your Payara environment.

In the July 2021 release,  Payara Server can now read from multiple KeyStores and TrustStores, making it possible to just point to the original TrustStores you were using (while also adding new TrustStores and KeyStores) when you upgrade Payara Server to the latest version. 

Other Improvements

There are many other smaller improvements in this release. Related to our ongoing logging improvements,  the order of the keys within the logging.properties file is now fixed and will not change when logging properties are updated through the Admin Console or the asadmin CLI. We also show all the log levels in an alphabetic order on the Admin Console, which makes it easier to find the key that you are interested in.

There are also a few improvements around the database connection configuration. All the @DataSourceDefinition properties now support retrieving values from MicroProfile config values and the JDBC connection pool can have 0 as the minimum size so that there are initially no connections to the database created - which can be important when provisioning services in a cloud environment that are not immediately active.

Payara 6.2021.1.Alpha1 Also Released This Month

Earlier this month we announced the release of Payara 6 Alpha  as a certified Jakarta EE 9.1 implementation. We don’t recommend using Payara 6 in production at this time, but you can use it to test your applications on Jakarta EE 9.1 in development. There is currently no MicroProfile compatible version of Jakarta EE 9.1, so if your applications use MicroProfile they will not work on Payara Server 6 Alpha. Luckily, you do not need to use Payara Server 6 Alpha to run on JDK 11 as you’ve been able to run Payara Platform 5 on JDK 11 for several years already.  Using Jakarta EE 9.1 with Payara Platform 5 makes it possible to continue using the MicroProfile specifications. 

Release Notes

The Payara Enterprise Release (request here) includes 8 bug fixes, 9 improvements, 1 security fix and 1 new feature, while the Community Release (direct download here) includes 13 bug fixes, 1 security fix, 10 improvements, 1 new feature and 1 component upgrade.

See more detailed overview of the fixes and improvements in the Release Notes: