
The Payara Monthly Catch -September 2025
Welcome aboard the September issue of The Monthly Catch! With summer holidays wrapping up, the Java world is back […]
The August 2021 Payara Platform release is here! Payara Platform Enterprise 5.30.0 includes 8 bug fixes, 2 component upgrades, 2 security fixes and 4 new features. The Payara Platform Community 5.2021.6 release offers 7 bug fixes, 1 component upgrade, 2 security fixes, and 3 new features.
You can download Payara Platform Community 5.2021.6here and request Payara Platform Enterprise 5.30.0 here.
And don’t forget to join the ‘August Release Overview + OAuth2 & OpenIdConnect Authentication & Authorization‘ webinar with Rudy De Busscher on Tuesday, the 24th of August at 3PM BST – find out more & register here.
Read more below to learn more about the highlights of this release.
A Payara Enterprise Customer requested an update to the OIDC Security integration and the Payara development team decided to make the feature available to all Payara Platform users.
Until this release, there was no way to define multi-tenant control for the integration of OIDC security in your application. But when your application is used by different groups of people, belonging to different customers, a different OpenId Connect provider should be contacted depending on how a user accesses the application. With this feature, you can determine which OIDC configuration is used based on the URL called, for example.
A flaw discovered in FasterXML Jackson Databind meant it did not have entity expansion secured properly. This flaw opened the door to potential XML external entity (XXE) attacks that could involve a loss of data integrity.
This security vulnerability is not a problem when you use Jackson-Databind with this month’s release of the Payara Platform as the team upgraded the version of the library within Payara to the fixed Jackson-Databind version to eliminate security concern related to this vulnerability.
In the August 2021 release, we’ve updated the OpenID Connection ‘bearer support’ so the OpenID Connect protocol can not only be used with browsers, but can now also be used by any client. OpenID Connect allows clients of all types, such as mobile, JavaScript clients, and web-based clients, to request and receive information about authenticated sessions and end-users.
OpenID Connect adds an identity layer on top of the 0Auth 2.0 protocol so clients can verify the identity of end users from authentication performed by the authorization server. The OpenID Connect presents the signed JWT Access token in the request for server validation. If the server validates and accepts the request, it can proceed with the authentication and authorization info present in the token.
While support for MicroProfile 4.0 has been available in Payara Community since 5.2021.1 we’ve waited to add it to Payara Enterprise because it creates breaking changes. MicroProfile 3.3 was based on Java EE 8.0 artifacts, while MicroProfile 4.1 is based on Jakarta 8.0 artifacts. Please note if you use MicroProfile and upgrade to this Payara Enterprise release you may have to change config values or make updates to your applications using MicroProfile.
In addition to upgrading from MicroProfile 3.3 to 4.1 support in Payara Enterprise, we also upgraded from MicroProfile 4.0 to 4.1 support in the Payara Community Edition by implementing MicroProfile Health 3.1 to introduce a @Startup annotation.
The most important breaking changes can be found on the following documentation pages:
Hot Reload was implemented in Payara Micro since 5.201 and is also available within NetBeans and VSCode 1.1. As of the August 2021 Payara Platform release, the Hot Reload functionality is now also available within the Maven and Gradle plugins for Payara Micro.
Instead of an entirely new deployment, the Payara Micro Plugin for Maven and Gradle uses Hot Reload to update the classloader and internal components relative to the modified source so that subsequent deployments are faster.
The August 2021 Payara Enterprise Release (request here) includes 8 bug fixes, 2 component upgrades, 2 security fixes and 4 new features, while the Community Release (direct download here) includes7 bug fixes, 1 component upgrade, 2 security fixes, and 3 new features.
See more detailed overview of the fixes and improvements in the Release Notes:
Don’t forget to join the ‘August Release Overview + OAuth2 & OpenIdConnect Authentication & Authorization‘ webinar with Rudy De Busscher on Tuesday, the 24th of August at 3PM BST – find out more & register here.
Welcome aboard the September issue of The Monthly Catch! With summer holidays wrapping up, the Java world is back […]
We’re excited to announce that Payara Platform Community 7 Beta application server is now fully certified as Jakarta EE 11 […]
The September 2025 release marks a significant milestone with Payara 7.2025.1.Beta1 advancing Jakarta EE 11 readiness, alongside focused improvements […]