
Payara Wins Three Comparably Awards – Recognised for Happiest Employees, Perks & Benefits, and Work-Life Balance
Payara is proud to announce that we have been recognised with three Comparably Awards in 2025, a reflection of our […]
The August 2025 release brings important security fixes and stability improvements across the Payara Platform. This month’s releases include Payara Platform Community 6.2025.8 and Payara Platform Community 7.1 Alpha4, Payara Platform Enterprise 6.29.0 and 5.78.0, with a focus on addressing critical security vulnerabilities and enhancing platform reliability.
All three editions of Payara Platform include a critical security fix addressing request smuggling in Grizzly due to improper handling of the chunked transfer-coding. This vulnerability could potentially allow attackers to bypass security controls or poison web caches. Organizations running web applications on Payara Platform should prioritize upgrading to these releases to protect against potential exploitation.
Payara Platform Community 6.2025.8 and Enterprise 6.29.0 resolve an issue where existing security realms would only display their name without showing their configured properties in the admin interface. This fix improves administrative visibility and management of security configurations.
Payara Platform Community Edition 6.2025.8 includes a community contribution from our esteemed Lenny Primak that fixes a NullPointerException occurring when using database transactions with EntityListener components that inject CDI beans in @Asynchronous processes. This enhancement improves reliability for applications using asynchronous database operations with CDI.
Payara Platform Enterprise editions address a ConcurrentModificationException that occurred when running the remove-expired-certificates command, ensuring smooth certificate lifecycle management in production environments.
Payara Platform Enterprise 6.29.0 specifically resolves an issue where the jakarta.servlet.request.X509Certificate request attribute would return NULL values, restoring proper client certificate handling for applications requiring certificate-based authentication.
All editions of Payara Platform receive significant infrastructure component upgrades:
Comprehensive updates to core libraries ensure compatibility and security:
All editions feature refreshed Docker images with the latest JDK security patches:
Payara Platform Community 6.2025.8 | Payara Platform Enterprise 6.29.0 | Payara Platform Enterprise 5.78.0 | |
JDK 21.0.7 | ✅ | ✅ | |
JDK 17.0.15 | ✅ | ✅ | ✅ |
JDK 11.0.27 | ✅ | ✅ | ✅ |
JDK 8u452 | ✅ |
We extend our gratitude to Lenny Primak for contributing the fix for NPE issues in asynchronous database transactions with CDI. Community contributions continue to strengthen the Payara Platform and drive innovation forward. Want to contribute too? Visit our GitHub repo and get involved.
We strongly recommend upgrading to these latest releases immediately to benefit from the critical security fix addressing request smuggling vulnerabilities. The security patch alone makes this upgrade essential for all production environments. Download the latest version of:
For detailed upgrade instructions and additional information about these releases, please visit our official documentation.
If you aren’t using Payara’s runtimes yet, download them now to support your Jakarta EE applications.
As always, we welcome your feedback and encourage you to report any issues you encounter on our GitHub repository. Thank you for your continued support of the Payara Platform.
Happy deploying!
Share:
Payara is proud to announce that we have been recognised with three Comparably Awards in 2025, a reflection of our […]
We’re excited to announce that Payara Platform Community 7 Beta application server is now fully certified as Jakarta EE 11 […]
The September 2025 release marks a significant milestone with Payara 7.2025.1.Beta1 advancing Jakarta EE 11 readiness, alongside focused improvements […]