Release Notes

Payara Platform 5.191

 Payara Server  Download

The release notes of previous releases can be found in the Payara Server Documentation.

Release Highlights

A new year means a new version number for the Payara Platform. With the release of 5.191, we welcome the return of the Help Docs. Oracle recently donated GlassFish to the Eclipse Foundation along with the rest of Java EE, and that includes the help documentation. Thanks to their donation, we can use and update the help docs again for the Payara Platform.

As usual, our release continues our quest to eradicate all bugs, with this release bringing with it roughly forty fixes. Some of the notable bug fixes for this release include a fix for viewing remote instance monitoring information, some HTTP2 fixes (including a memory leak!), variable substitution not working for Payara Micro post-boot files,  and making it so the interactive asadmin prompt doesn’t die when it prompts you for extra command parameters.

See below for a complete list of new features, improvements, security updates, and bug fixes:

New Feature

  • [PAYARA-1165] – Allow Payara Micro to set the context root with –contextRoot 
  • [PAYARA-3132] – Incorporate Help Documentation back into Payara 
  • [PAYARA-3169] – Thin Client Dependency for Remote EJB communications in client applications 
  • [PAYARA-3261] – MicroProfile 2.1 (OpenTracing 1.3)
  • [PAYARA-3312] – Add Heartbeat into the Cluster Instance Descriptor 
  • [PAYARA-3344] – Allow a configurable graceful behaviour for Payara Server’s (and Micro) shutdown hook 
  • [PAYARA-3381] – Daily rotation for Access Log 
  • [PAYARA-3440] – New EJB Remoting Subsystem 


  • [PAYARA-546] – Allow setting SO_KEEPALIVE on the DAS or specific configs 
  • [PAYARA-1896] – Refactor HealthCheck service commands to bring in to line with other asadmin commands 
  • [PAYARA-2206] – Remove registration and installer modules 
  • [PAYARA-2308] – ***Community Contribution*** Replace StringBuffer with StringBuilder 
  • [PAYARA-3262] – Don’t create a new response in the JaxrsContainerExceptionMapper 
  • [PAYARA-3306] – Starting asadmin with domain not running results in warning 
  • [PAYARA-3310] – Make Service Name and Namespace Options for Kubernetes Cluster mode Optional 
  • [PAYARA-3316] – Improve @AroundInvoke/@AroundTimeout interceptor handling 
  • [PAYARA-3318] – Allow enabling or disabling HTTP methods for the j_security_check action 
  • [PAYARA-3360] – asadmin list-commands only works when domain is running 
  • [PAYARA-3382] – Make `addDateStampToFirstAccessLogFile` configurable 
  • [PAYARA-3387] – Support reading Jax-ws catalog from WEB-INF 
  • [PAYARA-3434] – Optimise FileArchive to reduce deployment times 
  • [PAYARA-3438] – Improve usability of MP Health endpoint as readinessProbe for k8s 
  • [PAYARA-3457] – Allow disabling auto-increment of Hazelcast port selection for the Domain Data Grid 
  • [PAYARA-3458] – Improve Domain Data Grid Startup/Status Log Output 
  • [PAYARA-3473] – Make Hazelcast initial wait time configurable 
  • [PAYARA-3499] – Optimise ASClassLoaderUtil 
  • [PAYARA-3505] – Prevent JLine Logging in Asadmin Multimode 
  • [PAYARA-3507] – Improve the Executor Pool and Queue Sizes in Payara Micro 
  • [PAYARA-3508] – Improve logging in ConnectionPool 
  • [PAYARA-3514] – ***Community Contribution*** Typo and newline fix 


  • [PAYARA-3331] – Upgrade jackson to 2.9.7 to fix: 
  • CVE-2018-14718 
  • CVE-2018-14719 
  • CVE-2018-14720 
  • CVE-2018-14721 
  • [PAYARA-3361]  – Upgrade Mojara – Fix for CVE-2018-14371


  • [PAYARA-2890] – Payara sometimes fails to load resources due to HTTP/2 server push 
  • [PAYARA-2959] – Secured Remote EJBs (IIOP over SSL) not working in Payara 5 
  • [PAYARA-3028] – Payara 5 Monitoring is broken for all instances apart from the DAS 
  • [PAYARA-3031] – Fix HTTP/2 Trailer Issue 
  • [PAYARA-3120] – TransactionScopedCDIEventHelperImpl Injection Error 
  • [PAYARA-3160] – Minimum log file size error is ignored when set using file  
  • [PAYARA-3163] – WebAppClassLoader fails to find JAX-WS Handler class 
  • [PAYARA-3164] – Variable substitution in post boot command file doesn’t work in Payara Micro 
  • [PAYARA-3219] – Move the Spanish localisation string file to the correct location 
  • [PAYARA-3227] – JNDI Resources Can’t Be Added to Deployment Group 
  • [PAYARA-3257] – CDI Bean created (but fails) when interface has @Path annotation 
  • [PAYARA-3258] – Open API takes into account annotated interfaces without implementation 
  • [PAYARA-3260] – Metrics API produces invalid metric names for Prometheus 
  • [PAYARA-3319] – Felix gogo shell no longer works 
  • [PAYARA-3328] – Increase the default thread pool and wait-queue size for the Payara Executor Service 
  • [PAYARA-3348] – Resources and Properties Tabs have wrong name when viewing the Healthcheck Checker Tab 
  • [PAYARA-3352] – If multiple invalid options are specified for asadmin only first is reported 
  • [PAYARA-3356] – EJB Timer fails when using non-persistent flag 
  • [PAYARA-3357] – asadmin shell issues when ask for additional data 
  • [PAYARA-3358] – asadmin command stop-domains no longer works 
  • [PAYARA-3362] – get-http-listener throws NPE 
  • [PAYARA-3366] – Payara MP Config getConverters() is not thread-safe 
  • [PAYARA-3367] – Strange CDI BeanManager behavior when creating interceptor instance on domain restart 
  • [PAYARA-3373] – Certificate realms with a custom JCE provider still raise exceptions 
  • [PAYARA-3376] – Some JVM parameters are not correctly stored through the Web Admin Console 
  • [PAYARA-3384] – Possible infinitive loop 
  • [PAYARA-3424] – @Clustered Singleton not working in EAR assembly 
  • [PAYARA-3425] – asadmin recorder generates wrong command for create-network-listener 
  • [PAYARA-3432] – Setting core-pool-size of ExecutorService result in NPE 
  • [PAYARA-3443] – Allow SL4FJ to redirect all JUL statements to Logback in Payara Micro (Fix HV error) 
  • [PAYARA-3449] – list-protocol-filters command fails with NPE 
  • [PAYARA-3451] – Managed Scheduled Executor Service doesn’t execute tasks from versioned applications 
  • [PAYARA-3452] – Memory Leak with http2 enabled on Payara 5.184 and latest glassfish 
  • [PAYARA-3463] – Unable to retrieve JVM options through Rest admin endpoint 
  • [PAYARA-3478] – SO_KEEPALIVE checks for wrong port, and Enable Logic is Wrong 
  • [PAYARA-3494] – Payara 5.184: PersistentEJBTimerService not serializable  
  • [PAYARA-3511] – ClassCastException when using CircuitBreaker.delayUnit Config Property 
  • [PAYARA-3512] – CircuitBreaker Interceptor Checks for Config Override on Wrong Annotation 
  • [PAYARA-3520] – Mojarra Prints Debug Messages to Log 
  • [PAYARA-3565] – asadmin create-node-ssh install=true fails to create the ZIP 
  • [PAYARA-3567] – ***Community Contribution*** Replace Synchronised classes with unsynchronised counterparts 
  • [PAYARA-3568] – ***Community Contribution*** Prevent CPU wastage when not logging to file 
  • [PAYARA-3569] – ***Community Contribution*** Increase default queue size and add RejectedExecutionHandler CallerRunsPolicy to Payara Executor Service 
  • [PAYARA-3570] – ***Community Contribution*** Replace usage of Thread/Timer/TimerTask with PayaraExecutor in GFFileHandler 

Component Upgrade 

  • [PAYARA-3292] – Upgrade Tyrus to 1.14 
  • [PAYARA-3293] – Upgrade snakeyaml to 1.23 
  • [PAYARA-3294] – Upgrade javax.mail to 1.6.2 
  • [PAYARA-3296] – Upgrade jsonp ( javax.json, javax.json-api, jsonp-jaxrs ) to 1.1.4 
  • [PAYARA-3297] – Upgrade MIME Streaming Extension (mimepull) to 1.9.10 
  • [PAYARA-3299] – Upgrade GlassFish MBean Annotation Library (gmbal) to 4.0.0 
  • [PAYARA-3300] – Upgrade commons-io to 2.6 
  • [PAYARA-3301] – Upgrade wsdl4j to 1.6.3 
  • [PAYARA-3302] – Upgrade metainf-services to 1.8 
  • [PAYARA-3303] – Upgrade javax.servlet.jsp.jstl-api to 1.2.2, javax.servlet.jsp.jstl (impl) to 1.2.5 
  • [PAYARA-3308] – Upgrade PrototypeJS version used in the Admin Console 
  • [PAYARA-3334] – Upgrade org.apache.felix.main to 6.0.1 
  • [PAYARA-3335] – Upgrade org.apache.felix.webconsole to 4.3.8 
  • [PAYARA-3336] – Upgrade org.apache.felix.eventadmin to 1.5.0 
  • [PAYARA-3337] – Upgrade to 1.4.3 
  • [PAYARA-3338] – Upgrade org.apache.felix.gogo.runtime to 1.1.0 
  • [PAYARA-3339] – Upgrade to 1.1.0 
  • [PAYARA-3340] – Upgrade org.apache.felix.configadmin to 1.9.10 
  • [PAYARA-3341] – Upgrade org.apache.felix.scr to 2.1.14 
  • [PAYARA-3388] – Upgrade maven-compiler-plugin to 3.8.0 
  • [PAYARA-3389] – Upgrade maven-clean-plugin to 3.1.0 
  • [PAYARA-3390] – Upgrade maven-resources-plugin to 3.1.0 
  • [PAYARA-3391] – Upgrade maven-jar-plugin to 3.1.1 
  • [PAYARA-3392] – Upgrade maven-war-plugin to 3.2.2 
  • [PAYARA-3393] – Upgrade maven-surefire-plugin to 3.0.0-M3 
  • [PAYARA-3394] – Upgrade maven-dependency-plugin to 3.1.1 
  • [PAYARA-3395] – Upgrade maven-site-plugin to 3.7.1 
  • [PAYARA-3396] – Upgrade maven-remote-resources-plugin to 1.6.0 
  • [PAYARA-3397] – Upgrade maven-invoker-plugin to 3.1.0 
  • [PAYARA-3398] – Upgrade maven-jaxb2-plugin to 0.14.0 
  • [PAYARA-3399] – Upgrade antlr-maven-plugin to 2.2 
  • [PAYARA-3400] – Upgrade maven-enforcer-plugin to 3.0.0-M2 
  • [PAYARA-3401] – Upgrade maven-install-plugin to 3.0.0-M1 
  • [PAYARA-3403] – Upgrade build-helper-maven-plugin to 3.0.0 
  • [PAYARA-3404] – Upgrade jaxws-maven-plugin to 2.5 
  • [PAYARA-3405] – Upgrade maven-deploy-plugin to 3.0.0-M1 
  • [PAYARA-3406] – Upgrade maven-bundle-plugin to 4.1.0 
  • [PAYARA-3407] – Upgrade findbugs components to 1.7 
  • [PAYARA-3413] – Upgrade org.glassfish.annotations:logging-annotation-processor to 1.8 
  • [PAYARA-3414] – Upgrade javax.el to 3.0.1-b11 
  • [PAYARA-3416] – Upgrade hazelcast to 3.11.1 
  • [PAYARA-3418] – Upgrade maven-plugin-api to 3.6.0 
  • [PAYARA-3420] – Upgrade jsftemplating to 2.1.3 

Known issues can be seen on our GitHub issues page here:

Due to some changes in the following areas, you might encounter some small functionality changes:

  • Executor Service – Some pool size settings for the internal executor service were changed, and it was changed so that the pool won’t immediately reject tasks when exhausted. We also made a fix to the managed scheduled executor service that now allows it to properly execute tasks from versioned applications.
  • CDI Events – EE contexts for CDI TransactionScoped extension invocations where added and now the implicit discovery of CDI beans are set on application deployment.
  • EJB Timers – The EJB Timer service was made serialisable, and we added a fix to a failure involving non-persistent flags.
  • Security – We made it so you can restrict the permitted HTTP methods for form-based authentication, and also made a fix to secured remote EJBs which involved overriding a couple of methods.
  • Access Log – A couple of rotation-based features to access logging were added.

If you are uncertain if this might impact your application, please feel free to ask for more information.

There are new asadmin commands for the configuration of the health check feature, the old ones are still valid but are deprecated.

The Remote EJB over HTTP protocol is in technical preview.

Back to top