Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

Red Hat JBoss Web Server 5.5 Release Notes

Red Hat JBoss Web Server 5.5

For Use with the Red Hat JBoss Web Server 5.5

Red Hat Customer Content Services

Abstract

These release notes contain important information related to the Red Hat JBoss Web Server 5.5.

Chapter 1. RedHat JBoss Web Server 5.5
Copy link

Welcome to the Red Hat JBoss Web Server version 5.5 release.

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It consists of an application server (Apache Tomcat Servlet container), and the Tomcat Native Library. A short description of key components is given below:

  • Apache tomcat: a servlet container in accordance with the Java Servlet Specification. JBoss Web Server contains Apache Tomcat 9.
  • Apache tomcat native library: a Tomcat library, which improves Tomcat scalability, performance, and integration with native server technologies.
  • tomcat-vault: an extension for the JBoss Web Server used for securely storing passwords and other sensitive information used by a JBoss Web Server.
  • mod_cluster library: a library that allows communication between Apache Tomcat and the Apache HTTP Server’s mod_proxy_cluster module. This allows the Apache HTTP Server to be used as a load balancer for JBoss Web Server. For information on the configuration of mod_cluster, or for information on the installation and configuration of the alternative load balancers mod_jk and mod_proxy, see the HTTP Connectors and Load Balancing Guide.
  • Apache portable runtime(APR): A runtime which provides superior scalability, performance, and improved integration with native server technologies. APR is a highly portable library that is at the heart of Apache HTTP Server 2.x. It enables access to advanced IO functionality (for example: sendfile, epoll and OpenSSL), Operating System level functionality (for example: random number generation and system status), and native process handling (shared memory, NT pipes and Unix sockets).
  • OpenSSL: A software library which implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols and includes a basic cryptographic library.

This release of JBoss Web Server focuses on syncing JWS with the latest Apache HTTPD JBoss Core Services, as well as fixing some security issues.

Red Hat JBoss Web Server 5.5 OpenShift images based on Red Hat Enterprise Linux 7 are no longer provided with this release. Red Hat JBoss Web Server 5.5 images based on Red Hat Enterprise Linux 8 are provided with this release.

The JBoss Web Server 5.5 can be installed using one of the following sections of the installation guide:

Chapter 3. OS/JVM Certifications
Copy link

Expand
Operating SystemChipset ArchitectureJava Virtual Machine

Red Hat Enterprise Linux 8

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, OracleJDK 11

Red Hat Enterprise Linux 7

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11, IBM JDK 1.8.x

Microsoft Windows 2019 Server

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11

Microsoft Windows 2016 Server

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11

Microsoft Windows 2012 Server R2

x86_64

Red Hat OpenJDK 1.8.x, Red Hat OpenJDK 11, Oracle JDK 1.8.x, Oracle JDK 11

Red Hat Enterprise Linux 6 is not supported.

Chapter 4. Security Fixes
Copy link

This update includes fixes for the following security related issues:

Expand
IDImpactSummary

CVE-2020-25638

Important

hibernate-core: SQL injection vulnerability when both hibernate.use_sql_comments and JPQL String literals are used [jws-5]

CVE-2021-25122

Moderate

tomcat: Request mix-up with h2c [jws-5]

CVE-2021-25329

Low

Incomplete fix for CVE-2020-9484 (RCE via session persistence) [jws-5]

Chapter 5. Resolved issues
Copy link

Expand
IssueDescription

JWS-1994

Deprecate JWS Container Images for RHEL7

JWS-1857

Documentation doesn’t match changed behaviour of HealthCheckValve

JWS-1834

Ensure the overhead check runs after every frame

JWS-1200

Implement JWS Health Check so that it can be consumed by OpenShift

JWS-1708

JWS5 requires Java8

JWS-1969

MODCLUSTER-728 - Proxy configured by a hostname caches resolved address indefinitely

JWS-1462

OpenShift image create apr connector with SSLVerifyClient="optional" but doesn’t provide a CA file.

JWS-1485

Provide a JWS Openshift image for PowerPC

JWS-1838

Rebase tomcat to version 9.0.43

JWS-2069

System properties are no longer expanded in JWS 5.4

JWS-1528

Tomcat - implement pooled LDAP connection for JNDIRealm

JWS-1841

Unable to enable SECURITY_MANAGER through jws5-tomcat.conf in zip based installation

JWS-1845

Update hibernate to latest available version

JWS-1839

Update apr and openssl from JBCS to versions from jbcs-httpd-2.4.37.SP8

JWS-1836

Upgrade mod_cluster to latest available version

JWS-1840

Upgrade tomcat-native to 1.2.26

JWS-1835

Upgrade/Rebase components for the release 5.5

JWS-1665

bndlib is not needed

Chapter 6. Known issues
Copy link

There are no Known issues this release.

Expand
ComponentVersion

Apache CXF

3.3.5

Apache Tomcat

9.0.43

ECJ

4.12.0

Hibernate

5.3.20.Final

JBoss logging

3.4.1.Final

libapr

1.6.3

mod_cluster

1.4.3.Final

OpenSSL

1.1.1g

Tomcat-Native

1.2.26

Tomcat-Vault

1.1.8.Final

Legal Notice
Copy link

Copyright © 2021 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.
Red Hat logoGithubredditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust. Explore our recent updates.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

Theme

© 2026 Red HatBack to top