Red Hat ramps up security and containerisation for JBoss EAP 7.3

Red Hat ramps up security and containerisation for JBoss EAP 7.3

Red Hat’s middleware team has put the finishing touches to the latest JBoss Enterprise Application Platform release, pushing out a more secure, Jakarta-EE-8-supporting version 7.3.

Security seems to have been high up on the agenda, also topping the new features and enhancements section of the current documentation. The JBoss team for example changed the platform to automatically detect a number of keystore types, and has added a way for users to derive server certificates from Let’s Encrypt. They can also use the online certificate status protocol to check certificates are valid during authentication, and server-ssl-sni-context for matching host names to SSL contexts.

Additionally, there’s now a constant-headers attribute in the HTTP management interface resource definition, so that administrators can specify custom HTTP headers. The platform will then return those when it answers requests made against said management interface.

Another focal point of the release was messaging. Version 7.3 allows message-driven beans “to be assigned to multiple delivery groups” only receiving messages when all groups are active. It also includes support for load balancers using mod_cluster and messaging to clusters behind load balancers, as well as attributes to control the global resources usage for messaging servers, and enhanced metrics reporting for the Java Messaging Service.

To make the OpenShift image of JBoss EAP more helpful, there’s now a new Kubernetes operator which can be used to automate deployment-related tasks. According to the release notes, it also “ensures safe transaction recovery in your application cluster by verifying that all transactions are completed before scaling down the replicas and marking the pod as clean for termination”. 

Admins will surely appreciate the newly available option to view a list of modules according to deployment and logging enhancements such as the ability to format syslog messages and implement custom log filters.

Starting with the new release, admins have the option to configure the EAP image in such a way that only required capabilities are included, leaving more memory available for other things. Other OpenShift related changes include a capability to calculate default JVM memory settings for cases in which container limits are below JVM memory setting, and the platform requiring secure URLs for artifact repository mirror URLs. 

Aside from being compatible with Jakarta EE 8 web profile and full platform specifications, the release is now meant to work with MySQL 8, Oracle 19c, PostgreSQL 11, EnterpriseDB Postgres Plus Advanced Server 11, SQL Server 2017, and Eclipse OpenJ9 (JDK 11). Additional information can be found in Red Hat’s documentation.