Skip to content

7.1.1

Choose a tag to compare

@OndroMih OndroMih released this 02 Jul 17:49

Eclipse GlassFish is an application server, implementing Jakarta EE. This release is corresponding with the Jakarta EE 10 specification, which is a major feature release. Jakarta EE 10 requires JDK 11 as a minimum, but also officially works on JDK 17 and JDK 21.

GlassFish 7.1.0 is a final release, containing final Jakarta EE 10 APIs. It compiles and runs on JDK 17 to JDK 25.

Since version 7.1.1, the GlassFish 7.1.x branch is in active maintenance mode, getting applicable fixes and improvements from the main branch, while active development focuses on the main GlassFish 8.x branch.

GlassFish 7.1.0

Release overview

This update fixes known vulnerabilities and some regressions introduced in GlassFish 7.1.0. It backports most of the applicable fixes and improvements from GlassFish 8.0.2 and some from 8.0.3, including the fix of a memory leak in Jersey and a performance improvement for Jakarta Faces rendering.

What's Changed

Security Fixes

  • Fixes CVE-2026-2586 9.1 CRITICAL - A critical Remote Code Execution (RCE) vulnerability in Admin Console
  • Fixes CVE-2026-2587 9.6 CRITICAL - An authenticated Remote Code Execution (RCE) vulnerability in Admin Console
  • Fixes CVE-2020-27511 - HIGH, 7.5 - Upgrade Woodstock to 6.0.3 with a security fix for prototype
  • Not exploitable by CVE-2022-46337 CRITICAL, 9.8. GlassFish not affected because bundled Derby DB does not authenticate database users via LDAP

Improvements

  • Cache isInterceptor per deployment and streamline WeldUtils.isValidAnnotation (port to 7.x) by @OndroMih in #26084
  • Fixed stopping domain - we have to bound to 4848 before we ask server to stop by @dmatej in #25827
  • Extract console-mail-plugin and add button "send test email" by @bvfalcon in #25997

Bug Fixes

Component Upgrades

Maintenance

Full Changelog: 7.1.0...7.1.1