The December 2025 releases bring targeted improvements and security updates across Payara Platform Enterprise versions 5.82.0 and 6.33.0 as well as Payara Platform Community 7.2025.2. These updates focus on enhancing JWT authentication resilience, security patching, and platform stability for your Jakarta EE applications.
Download Payara Platform
Enhanced JWT Authentication Reliability
This release strengthens MicroProfile JWT authentication with cached remote public keys retention on error. When remote key fetching fails, your application can now fall back to previously cached keys, preventing authentication disruptions during temporary network issues or key server outages.
Tech Preview – Azul CRIU/CRaC Support
Payara Micro Enterprise now supports a technical preview for CRaC (Coordinated Restore at Checkpoint). This experimental feature enables faster application startup times through checkpoint/restore mechanisms, particularly beneficial for cloud-native and containerized deployments. A detailed blog post will be out soon on this new feature, stay tuned!
Domain Upgrade Tool Enhancement
The domain upgrade tool now recognizes new license file locations, streamlining your migration process when upgrading between Payara Platform Enterprise versions.
Stability Improvements
Fixed file upload memory leak that could impact long-running applications handling frequent file uploads. Database monitoring metrics now display accurate values, improving observability for production workloads. App client functionality restored for Java 11+ environments, ensuring compatibility across supported JDK versions.
Contributions
We particularly appreciated what community member Lenny Primak contributed for Payara Platform Community on whitespace trimming in DataSourceDefinition properties, as it can improve configuration reliability. So we included his input on Payara Platform Enterprise too.
Security Updates
Addressed CVE-2020-36843 by upgrading net-i2p-crypto-eddsa to version 0.3.1, strengthening cryptographic operations.
Component Upgrades
Updated Kotlin stdlib from 2.2.20 to 2.2.21 and Jackson BOM from 2.20.0 to 2.20.1, keeping dependencies current with latest security patches and features.
The Payara Platform Enterprise 5.82.0 release incorporates several key updates from the 6.33.0 release, including JWT authentication enhancements, improvements to the domain upgrade tool, and security fixes. Furthermore, this version addresses compatibility issues with application clients running on Java 11+ environments. A significant fix is also included for a CDI ClassAnalyzer implementation discovery problem under high load, which previously led to deployment failures.
Payara Enterprise Free Trial
The Payara Platform Community edition parallels the Enterprise releases with JWT authentication improvements, security patches, and database monitoring fixes. Additional community-driven enhancements include:
Multiple contributions from Lenny Primak (lprimak) helped improve platform stability: Class loader leak fixes prevent memory issues in long-running applications. Enhanced cleanup procedures after failed EAR deployments reduce resource waste. Injection safeguards for EAR-root deployments prevent potential conflicts.
Jersey Upgrade
Upgraded Jersey to version 4.0.0, aligning with the latest Jakarta RESTful Web Services advancements.
Documentation Improvements
Synchronized Asadmin help documentation for improved command-line user experience.
Download Payara Community
Release Notes and Documentation
For detailed information about these releases, consult the official documentation:
Get Started
Download Payara Platform Community or request a free trial of Payara Platform Enterprise to experience these improvements in your development and production environments.
We value your feedback and contributions to the Payara Platform. Report issues or share your experiences on our GitHub repository.
Happy deployments!
5 minutes
