The November 2022 Payara Platform release is here and ALL versions are getting a new release!
Payara Platform Community 6.2022.1 is the first stable release of the Payara 6 Community stream. This is certified against the Jakarta EE 10 Platform, Web Profile, and Core Profile. Payara 6 will now be the updated, current version of Payara Platform Community.
Payara Platform Enterprise 5.45.0 is also out, containing 5 bug fixes, 1 security fix and 2 improvements.
Payara Platform Community 5.2022.4 has been released today as the penultimate Payara 5 Community release, and there is also a release of Payara Platform 4 for Enterprise customers.
All releases contain an important fix for a 0-day vulnerability.
Read more details below!
You can request Payara Platform Enterprise 5.45.0 here.
You can download Community 6.2022.1 and 5.2022.4 here.
Payara Community Officially Moves to Jakarta EE 10
6.2022.1 marks the official transition of Payara Community development to Payara 6 Community, which will run on Jakarta EE 10 only. Following the release of Payara 6 Community Alpha 4, Payara 6 Community now has full TCK-compatibility and full functionality with Jakarta EE 10 Platform, Web Profile, and Core Profile. There is also now full documentation available.
There will be one more Payara 5 Community release in December, but after this it will no longer be maintained; there will be no more bug fixes, component upgrades or improvements.
There is no guarantee that Jakarta EE 8 applications will work on Payara 6 Community. If you want to keep using Payara 5 and Jakarta EE / Java EE 8 applications, we encourage you to move to Payara 5 Enterprise.
Payara 6 Community is also compiled with JDK 11 and requires as a minimum JDK 11. It also includes MicroProfile 5.0 and can run with JDK 17.
If you choose to move to Payara 6 Community and Jakarta EE 10, you will gain access to new Java SE features now supported in Jakarta EE, and a simplified, modernised new iteration of enterprise Java.
You can also watch a video where we explain more about the Payara 6 release here.
Key 0-Day Vulnerability Fix
All of the releases out today include a key fix. Please download these latest versions – 6.2022.1, 4.1.2.191.38, 5.2022.4, 5.45.0 – to ensure you are safe.
This vulnerability exploit opens up to attackers a way to explore the contents of the WEB-INF and META-INF folders if an application is deployed to the root context.
This vulnerability affects ALL the distributions of the Payara Platform (Server Full, Server Web, Micro, Embedded, Docker images) in every edition and major version.
We would like to thank Michael Baer, Luc Créti and Jean-Michel Lenotte, all working for Atos, for alerting us to this vulnerability.
Join Our Webinar!
Our next webinar will see Payara Senior Software Engineer Andrew Pielage talk through what you can enjoy with Jakarta EE 10 and also discuss issues to watch out for as you migrate to Payara 6 Community.
Join him on November 4, 2pm GMT.
{{cta(‘c5a39e66-c1fb-4053-bbc0-e3f02e16022a’)}}
Release Notes
The November 2022 Payara Enterprise Release (requesthere) includes 5 bug fixes, 1 security fix and 2 improvements.
Payara 6 Community’s first release (downloadhere) includes 13 bug fixes, 1 component upgrade, 1 security fix, and 5 improvements.
Payara 5 Community’s penultimate release (downloadhere) includes 14 bug fixes, 1 component upgrade, 3 security fixes, and 4 improvements. There will be one more release in December and then Payara 5 Community will be discontinued.
See a more detailed overview of the fixes and improvements in the Release Notes:
3 minutes
