What’s New In The Payara Platform August 2025 Release?

News
What's New In The Payara Platform August 2025 Release?

The August 2025 release brings important security fixes and stability improvements across the Payara Platform. This month’s releases include Payara Platform Community 6.2025.8 and Payara Platform Community 7.1 Alpha4, Payara Platform Enterprise 6.29.0 and 5.78.0, with a focus on addressing critical security vulnerabilities and enhancing platform reliability.

What’s New in August 2025?

Critical Security Fix: Request Smuggling Prevention

All three editions of Payara Platform include a critical security fix addressing request smuggling in Grizzly due to improper handling of the chunked transfer-coding. This vulnerability could potentially allow attackers to bypass security controls or poison web caches. Organizations running web applications on Payara Platform should prioritize upgrading to these releases to protect against potential exploitation.

Bug Fixes for Enhanced Stability

Realm Configuration Management

Payara Platform Community 6.2025.8 and Enterprise 6.29.0 resolve an issue where existing security realms would only display their name without showing their configured properties in the admin interface. This fix improves administrative visibility and management of security configurations.

Database Transaction Handling

Payara Platform Community Edition 6.2025.8 includes a community contribution from our esteemed Lenny Primak that fixes a NullPointerException occurring when using database transactions with EntityListener components that inject CDI beans in @Asynchronous processes. This enhancement improves reliability for applications using asynchronous database operations with CDI.

Certificate Management

Payara Platform Enterprise editions address a ConcurrentModificationException that occurred when running the remove-expired-certificates command, ensuring smooth certificate lifecycle management in production environments.

X.509 Certificate Processing

Payara Platform Enterprise 6.29.0 specifically resolves an issue where the jakarta.servlet.request.X509Certificate request attribute would return NULL values, restoring proper client certificate handling for applications requiring certificate-based authentication.

Component Upgrades

Major Infrastructure Updates

All editions of Payara Platform receive significant infrastructure component upgrades:

  • Hazelcast Upgrade: Updated to version 5.3.8 with backported CP (Consensus Protocol) fixes, improving distributed computing reliability and performance.
  • Metro Web Services: Upgraded to 4.0.4 for enhanced SOAP and REST web services support (Payara 6 editions).
  • Woodstox XML Processing: Updated to 7.1.1 for improved XML parsing performance and security.

Core Library Updates

Comprehensive updates to core libraries ensure compatibility and security:

  • Jackson BOM: Updated to 2.19.2 for improved JSON processing
  • Reactor Core: Upgraded to 3.7.8 for enhanced reactive programming support
  • Nimbus JOSE JWT: Updated to 10.4 for better JWT token handling
  • Commons IO: Upgraded to 2.20.0 for enhanced file and stream operations
  • Commons Codec: Updated to 1.19.0 for improved encoding and decoding utilities

Docker Environment Updates

All editions feature refreshed Docker images with the latest JDK security patches:

  • JDK 21.0.7 (Community 6.2025.8 & Enterprise 6.29.0)
  • JDK 17.0.15 (All editions)
  • JDK 11.0.27 (All editions)
  • JDK 8u452 (Enterprise 5.78.0)
 Payara Platform Community 6.2025.8Payara Platform Enterprise 6.29.0Payara Platform Enterprise 5.78.0
JDK 21.0.7 
JDK 17.0.15
JDK 11.0.27 
JDK 8u452  

Community Contributions

We extend our gratitude to Lenny Primak for contributing the fix for NPE issues in asynchronous database transactions with CDI. Community contributions continue to strengthen the Payara Platform and drive innovation forward. Want to contribute too? Visit our GitHub repo and get involved.

Upgrading

We strongly recommend upgrading to these latest releases immediately to benefit from the critical security fix addressing request smuggling vulnerabilities. The security patch alone makes this upgrade essential for all production environments. Download the latest version of:

For detailed upgrade instructions and additional information about these releases, please visit our official documentation.

Get Started with Payara Today

If you aren’t using Payara’s runtimes yet, download them now to support your Jakarta EE applications. 

  • For Production Environments: Payara Platform Enterprise provides comprehensive security, 24/7 support, and guaranteed stability for mission-critical applications.
  • For Development Teams: Payara Community Edition offers a feature-rich platform ideal for development and testing environments.

As always, we welcome your feedback and encourage you to report any issues you encounter on our GitHub repository. Thank you for your continued support of the Payara Platform.

Happy deploying!

Comments (0)

Post a comment

Your email address will not be published. Required fields are marked *

Payara needs the contact information you provide to us to contact you about our products and services. You may unsubscribe from these communications at any time. For information on how to unsubscribe, as well as our privacy practices and commitment to protecting your privacy, please review our Legal & Privacy Policy.

Related Posts

Payara Comparably Awards 2025 1 minute
News

Payara Wins Three Comparably Awards – Recognised for Happiest Employees, Perks & Benefits, and Work-Life Balance

Payara is proud to announce that we have been recognised with three Comparably Awards in 2025, a reflection of our […]

Community_Announcement 4 minutes
Uncategorized

Leading the Way: Payara Platform Community 7 Beta Now Fully Jakarta EE 11 Certified

We’re excited to announce that Payara Platform Community 7 Beta application server is now fully certified as Jakarta EE 11 […]

New Releases 5 minutes
News

What’s New In The Payara Platform September 2025 Release?

The September 2025 release marks a significant milestone with Payara 7.2025.1.Beta1 advancing Jakarta EE 11 readiness, alongside focused improvements […]