What's New In The Payara Platform August 2025 Release?
Published on 06 Aug 2025

The August 2025 release brings important security fixes and stability improvements across the Payara Platform. This month's releases include Payara Platform Community 6.2025.8 and Payara Platform Community 7.1 Alpha4, Payara Platform Enterprise 6.29.0 and 5.78.0, with a focus on addressing critical security vulnerabilities and enhancing platform reliability.
What’s New in August 2025?
- Payara Platform Enterprise 5.78.0
- Payara Platform Enterprise 6.29.0
- Payara Platform Community 6.2025.8 and Payara Platform Community 7 Alpha4
Critical Security Fix: Request Smuggling Prevention
All three editions of Payara Platform include a critical security fix addressing request smuggling in Grizzly due to improper handling of the chunked transfer-coding. This vulnerability could potentially allow attackers to bypass security controls or poison web caches. Organizations running web applications on Payara Platform should prioritize upgrading to these releases to protect against potential exploitation.
Bug Fixes for Enhanced Stability
Realm Configuration Management
Payara Platform Community 6.2025.8 and Enterprise 6.29.0 resolve an issue where existing security realms would only display their name without showing their configured properties in the admin interface. This fix improves administrative visibility and management of security configurations.
Database Transaction Handling
Payara Platform Community Edition 6.2025.8 includes a community contribution from our esteemed Lenny Primak that fixes a NullPointerException occurring when using database transactions with EntityListener components that inject CDI beans in @Asynchronous processes. This enhancement improves reliability for applications using asynchronous database operations with CDI.
Certificate Management
Payara Platform Enterprise editions address a ConcurrentModificationException that occurred when running the remove-expired-certificates command, ensuring smooth certificate lifecycle management in production environments.
X.509 Certificate Processing
Payara Platform Enterprise 6.29.0 specifically resolves an issue where the jakarta.servlet.request.X509Certificate request attribute would return NULL values, restoring proper client certificate handling for applications requiring certificate-based authentication.
Component Upgrades
Major Infrastructure Updates
All editions of Payara Platform receive significant infrastructure component upgrades:
- Hazelcast Upgrade: Updated to version 5.3.8 with backported CP (Consensus Protocol) fixes, improving distributed computing reliability and performance.
- Metro Web Services: Upgraded to 4.0.4 for enhanced SOAP and REST web services support (Payara 6 editions).
- Woodstox XML Processing: Updated to 7.1.1 for improved XML parsing performance and security.
Core Library Updates
Comprehensive updates to core libraries ensure compatibility and security:
- Jackson BOM: Updated to 2.19.2 for improved JSON processing
- Reactor Core: Upgraded to 3.7.8 for enhanced reactive programming support
- Nimbus JOSE JWT: Updated to 10.4 for better JWT token handling
- Commons IO: Upgraded to 2.20.0 for enhanced file and stream operations
- Commons Codec: Updated to 1.19.0 for improved encoding and decoding utilities
Docker Environment Updates
All editions feature refreshed Docker images with the latest JDK security patches:
- JDK 21.0.7 (Community 6.2025.8 & Enterprise 6.29.0)
- JDK 17.0.15 (All editions)
- JDK 11.0.27 (All editions)
- JDK 8u452 (Enterprise 5.78.0)
Payara Platform Community 6.2025.8 | Payara Platform Enterprise 6.29.0 | Payara Platform Enterprise 5.78.0 | |
JDK 21.0.7 | ✅ | ✅ | |
JDK 17.0.15 | ✅ | ✅ | ✅ |
JDK 11.0.27 | ✅ | ✅ | ✅ |
JDK 8u452 | ✅ |
Community Contributions
We extend our gratitude to Lenny Primak for contributing the fix for NPE issues in asynchronous database transactions with CDI. Community contributions continue to strengthen the Payara Platform and drive innovation forward. Want to contribute too? Visit our GitHub repo and get involved.
Upgrading
We strongly recommend upgrading to these latest releases immediately to benefit from the critical security fix addressing request smuggling vulnerabilities. The security patch alone makes this upgrade essential for all production environments. Download the latest version of:
- Payara Platform Enterprise 5
- Payara Platform Enterprise 6
- Payara Platform Community 6 and/orPayara Platform Community 7 Alpha 4
For detailed upgrade instructions and additional information about these releases, please visit our official documentation.
Get Started with Payara Today
If you aren't using Payara's runtimes yet, download them now to support your Jakarta EE applications.
- For Production Environments: Payara Platform Enterprise provides comprehensive security, 24/7 support, and guaranteed stability for mission-critical applications.
- For Development Teams: Payara Community Edition offers a feature-rich platform ideal for development and testing environments.
As always, we welcome your feedback and encourage you to report any issues you encounter on our GitHub repository. Thank you for your continued support of the Payara Platform.
Happy deploying!
Related Posts
The Payara Monthly Catch - July 2025
Published on 31 Jul 2025
by Chiara Civardi
0 Comments
Getting Started with Jakarta EE 11: Hello World
Published on 23 Jul 2025
by Luqman Saeed
0 Comments