For development teams managing Jakarta EE applications, staying updated with the latest improvements is important for maintaining secure, stable, and high-performing applications. This month, we're excited to announce updates across our entire product line, with significant enhancements to both Community and Enterprise editions.
In this release, we've added context root customization options, fixed critical security issues, resolved deployment problems, and updated key components across all product streams. Let's explore what's new in each release.
Payara Platform Enterprise 6.2025.3
Key Improvements
- Context Root Customization: New options to set the default global context-root on Payara Micro, giving you more flexibility in URL path structures for microservice deployments.
- CORBA Threading Fix: Improved CORBA code to prevent deadlock situations from pooled threads, enhancing stability for systems using legacy integrations.
Security Enhancements
- XSS Protection: Added character escaping in the REST interface to prevent cross-site scripting attacks against administrative interfaces.
- Security Connector Update: Updated JSON Smart to version 2.5.2 to address potential security vulnerabilities.
Bug Fixes
- SameSite Cookie Configuration: Fixed payara-web.xml to properly change the SameSite cookie attribute, giving you better control over cookie security.
- EAR CDI Deployment: Resolved failures that occurred when deploying Enterprise Archive (EAR) applications with CDI components.
Component Updates
- Reactor Core updated to 3.7.3
- JSON Smart updated to 2.5.2
- Accessors Smart updated to 2.5.2
- SnakeYAML updated to 2.4
- Jackson BOM updated to 2.18.3
Payara Platform Community 7 Alpha
We're happy to introduce the first 2025 alpha release of Payara Platform 7, which brings support for Jakarta EE 11 Core Profile while maintaining MicroProfile 6.1 compatibility.
Notable Features
- Jakarta EE 11 Support: First Payara release supporting the newest Jakarta EE Core Profile specification.
- Security Connectors: Created EE 11 compatible Security Connectors.
- Context Root Customization: Same improvement as in 6.2025.3, allowing default context-root changes in Payara Micro.
- CORBA Threading Fix: Same enhancement as 6.2025.3, preventing deadlocks with pooled threads.
Bug Fixes
- Micro & Embedded Fix: Addressed critical issues in Payara 7 Micro and Embedded deployments.
- Security Connector Update: Updated JSON Smart to 2.5.2 to patch potential vulnerabilities.
Component Upgrades
- Concurro updated to 3.1.0-M5
- Jakarta EE API updated to 11.0.0-M5
Payara Platform Enterprise 6.24.0
For enterprise customers requiring maximum stability and long-term support, Payara Platform Enterprise 6.24.0 comes with these improvements:
Key Enhancements
- Context Root Customization: New options to modify the default context-root in Payara Micro, making URL management more flexible.
- CORBA Code Improvements: Enhanced CORBA code to eliminate deadlock scenarios from pooled threads.
Security Fixes
- XSS Vulnerability Mitigation: Added protection against cross-site scripting in administrative interfaces.
- Updated Security Libraries: JSON Smart updated to 2.5.2 in Security Connectors.
Bug Fixes
- SameSite Cookie Handling: Fixed an issue where payara-web.xml changes to the SameSite cookie attribute weren't applied correctly.
- EAR CDI Deployment: Reverted a change (FISH-10049) that was causing EAR application deployment failures with CDI.
Component Updates
- Reactor Core updated to 3.7.3
- JSON Smart updated to 2.5.2
- Accessors Smart updated to 2.5.2
- SnakeYAML updated to 2.4
- Jackson BOM updated to 2.18.3
Payara Platform Enterprise 5.73.0
For companies maintaining applications on Jakarta EE 8, Payara Platform Enterprise 5.73.0 provides ongoing support with these updates:
Key Improvements
- Context Root Customization: Added flexibility to change default context-root on Payara Micro.
- CORBA Threading Improvement: Enhanced CORBA code to prevent deadlocks from pooled threads.
Bug Fixes
- SameSite Cookie Configuration: Fixed payara-web.xml to correctly modify the SameSite cookie attribute.
- Monitoring Console Fix: Resolved issues with Monitoring Console and Payara InSight functionality.
Security Enhancements
- XSS Protection: Added safeguards against stored cross-site scripting attacks.
- Security Connector Update: Updated JSON Smart to 2.5.2.
Component Upgrades
- Reactor Core updated to 3.7.3
- JSON Smart updated to 2.5.2
- Accessors Smart updated to 2.5.2
- SnakeYAML updated to 2.4
- Nimbus JOSE JWT updated from 9.47 to 10.0.2
- Jackson BOM updated to 2.18.3
Get Started Today
These releases demonstrate our commitment to providing stable, secure, and modern Java application platforms for organizations of all sizes.
Stay competitive with these updates that enhance your application's security, performance, and stability. Happy Coding!
