What's New In The Payara Platform August 2025 Release?

Photo of Luqman Saeed by Luqman Saeed

The August 2025 release brings important security fixes and stability improvements across the Payara Platform. This month's releases include Payara Platform Community 6.2025.8 and Payara Platform Community 7.1 Alpha4, Payara Platform Enterprise 6.29.0 and 5.78.0, with a focus on addressing critical security vulnerabilities and enhancing platform reliability.

What’s New in August 2025?

Critical Security Fix: Request Smuggling Prevention

All three editions of Payara Platform include a critical security fix addressing request smuggling in Grizzly due to improper handling of the chunked transfer-coding. This vulnerability could potentially allow attackers to bypass security controls or poison web caches. Organizations running web applications on Payara Platform should prioritize upgrading to these releases to protect against potential exploitation.

Bug Fixes for Enhanced Stability

Realm Configuration Management

Payara Platform Community 6.2025.8 and Enterprise 6.29.0 resolve an issue where existing security realms would only display their name without showing their configured properties in the admin interface. This fix improves administrative visibility and management of security configurations.

Database Transaction Handling

Payara Platform Community Edition 6.2025.8 includes a community contribution from our esteemed Lenny Primak that fixes a NullPointerException occurring when using database transactions with EntityListener components that inject CDI beans in @Asynchronous processes. This enhancement improves reliability for applications using asynchronous database operations with CDI.

Certificate Management

Payara Platform Enterprise editions address a ConcurrentModificationException that occurred when running the remove-expired-certificates command, ensuring smooth certificate lifecycle management in production environments.

X.509 Certificate Processing

Payara Platform Enterprise 6.29.0 specifically resolves an issue where the jakarta.servlet.request.X509Certificate request attribute would return NULL values, restoring proper client certificate handling for applications requiring certificate-based authentication.

Component Upgrades

Major Infrastructure Updates

All editions of Payara Platform receive significant infrastructure component upgrades:

  • Hazelcast Upgrade: Updated to version 5.3.8 with backported CP (Consensus Protocol) fixes, improving distributed computing reliability and performance.
  • Metro Web Services: Upgraded to 4.0.4 for enhanced SOAP and REST web services support (Payara 6 editions).
  • Woodstox XML Processing: Updated to 7.1.1 for improved XML parsing performance and security.

Core Library Updates

Comprehensive updates to core libraries ensure compatibility and security:

  • Jackson BOM: Updated to 2.19.2 for improved JSON processing
  • Reactor Core: Upgraded to 3.7.8 for enhanced reactive programming support
  • Nimbus JOSE JWT: Updated to 10.4 for better JWT token handling
  • Commons IO: Upgraded to 2.20.0 for enhanced file and stream operations
  • Commons Codec: Updated to 1.19.0 for improved encoding and decoding utilities

Docker Environment Updates

All editions feature refreshed Docker images with the latest JDK security patches:

  • JDK 21.0.7 (Community 6.2025.8 & Enterprise 6.29.0)
  • JDK 17.0.15 (All editions)
  • JDK 11.0.27 (All editions)
  • JDK 8u452 (Enterprise 5.78.0)
  Payara Platform Community 6.2025.8 Payara Platform Enterprise 6.29.0 Payara Platform Enterprise 5.78.0
JDK 21.0.7  
JDK 17.0.15
JDK 11.0.27 
JDK 8u452    

 

Community Contributions

We extend our gratitude to Lenny Primak for contributing the fix for NPE issues in asynchronous database transactions with CDI. Community contributions continue to strengthen the Payara Platform and drive innovation forward. Want to contribute too? Visit our GitHub repo and get involved.

Upgrading

We strongly recommend upgrading to these latest releases immediately to benefit from the critical security fix addressing request smuggling vulnerabilities. The security patch alone makes this upgrade essential for all production environments. Download the latest version of:

For detailed upgrade instructions and additional information about these releases, please visit our official documentation.

Get Started with Payara Today

If you aren't using Payara's runtimes yet, download them now to support your Jakarta EE applications. 

  • For Production Environments: Payara Platform Enterprise provides comprehensive security, 24/7 support, and guaranteed stability for mission-critical applications.
  • For Development Teams: Payara Community Edition offers a feature-rich platform ideal for development and testing environments.

As always, we welcome your feedback and encourage you to report any issues you encounter on our GitHub repository. Thank you for your continued support of the Payara Platform.

Happy deploying!

 

Related Posts

Comments