The August 2025 release brings important security fixes and stability improvements across the Payara Platform. This month’s releases include Payara Platform Community 6.2025.8 and Payara Platform Community 7.1 Alpha4, Payara Platform Enterprise 6.29.0 and 5.78.0, with a focus on addressing critical security vulnerabilities and enhancing platform reliability.
All three editions of Payara Platform include a critical security fix addressing request smuggling in Grizzly due to improper handling of the chunked transfer-coding. This vulnerability could potentially allow attackers to bypass security controls or poison web caches. Organizations running web applications on Payara Platform should prioritize upgrading to these releases to protect against potential exploitation.
Bug Fixes for Enhanced Stability
Realm Configuration Management
Payara Platform Community 6.2025.8 and Enterprise 6.29.0 resolve an issue where existing security realms would only display their name without showing their configured properties in the admin interface. This fix improves administrative visibility and management of security configurations.
Database Transaction Handling
Payara Platform Community Edition 6.2025.8 includes a community contribution from our esteemed Lenny Primak that fixes a NullPointerException occurring when using database transactions with EntityListener components that inject CDI beans in @Asynchronous processes. This enhancement improves reliability for applications using asynchronous database operations with CDI.
Certificate Management
Payara Platform Enterprise editions address a ConcurrentModificationException that occurred when running the remove-expired-certificates command, ensuring smooth certificate lifecycle management in production environments.
X.509 Certificate Processing
Payara Platform Enterprise 6.29.0 specifically resolves an issue where the jakarta.servlet.request.X509Certificate request attribute would return NULL values, restoring proper client certificate handling for applications requiring certificate-based authentication.
Component Upgrades
Major Infrastructure Updates
All editions of Payara Platform receive significant infrastructure component upgrades:
Hazelcast Upgrade: Updated to version 5.3.8 with backported CP (Consensus Protocol) fixes, improving distributed computing reliability and performance.
Metro Web Services: Upgraded to 4.0.4 for enhanced SOAP and REST web services support (Payara 6 editions).
Woodstox XML Processing: Updated to 7.1.1 for improved XML parsing performance and security.
Core Library Updates
Comprehensive updates to core libraries ensure compatibility and security:
Jackson BOM: Updated to 2.19.2 for improved JSON processing
Reactor Core: Upgraded to 3.7.8 for enhanced reactive programming support
Nimbus JOSE JWT: Updated to 10.4 for better JWT token handling
Commons IO: Upgraded to 2.20.0 for enhanced file and stream operations
Commons Codec: Updated to 1.19.0 for improved encoding and decoding utilities
Docker Environment Updates
All editions feature refreshed Docker images with the latest JDK security patches:
We extend our gratitude to Lenny Primak for contributing the fix for NPE issues in asynchronous database transactions with CDI. Community contributions continue to strengthen the Payara Platform and drive innovation forward. Want to contribute too? Visit our GitHub repo and get involved.
Upgrading
We strongly recommend upgrading to these latest releases immediately to benefit from the critical security fix addressing request smuggling vulnerabilities. The security patch alone makes this upgrade essential for all production environments. Download the latest version of:
If you aren’t using Payara’s runtimes yet, download them now to support your Jakarta EE applications.
For Production Environments:Payara Platform Enterprise provides comprehensive security, 24/7 support, and guaranteed stability for mission-critical applications.
For Development Teams: Payara Community Edition offers a feature-rich platform ideal for development and testing environments.
As always, we welcome your feedback and encourage you to report any issues you encounter on our GitHub repository. Thank you for your continued support of the Payara Platform.
5 minutes
