Bump payara-embedded-all from 5.2021.1 to 5.2021.3

[dependabot]

Bumps payara-embedded-all from 5.2021.1 to 5.2021.3.

Release notes

Sourced from payara-embedded-all's releases.

Payara Server Community Edition 5.2021.3

Release notes - Payara Platform Development - Version 5.2021.3

Notes

Metro (JAX-WS implementation) remote code vulnerability

We have fixed a remote code vulnerability in the Metro framework. If you have an application deployed on the Payara Server that makes use of the JAX-WS features, please update your environment.

Release Notes

New Feature

• [FISH-1021] - Add Support for Setting the HSTS Header

Improvement

• [FISH-1311] - (Community Contribution - AngelTG2) asadmin create-password-alias is very slow when there are many aliases created
• [FISH-1304] - (Community Contribution - avpinchuk) Basic Auth support for the remote GAV retrieval during uber jar creation for Payara Micro
• [FISH-1295] - Code cleanup in security-core module
• [FISH-1287] - Admin console responds very slowly when remote instances are slow to respond
• [FISH-1286] - Add missing JDK 11 packages to OSGI
• [FISH-987] - Add option to disable evaluating Class references in EL in JSPs

Bug Fixes

• [FISH-1297] - Payara fails to start in certain network configurations
• [FISH-1293] - Disassociate ClusteredStore from tenants
• [FISH-1289] - Race condition in Payara Micro initialization
• [FISH-1214] - Fix ConfigParser Throws Exception when Parsing Domain.xml From CLICommand.
• [FISH-84] - ELResolver cannot handle a null base Object with identifier in EAR

Component Upgrade

• [FISH-858] - Upgrade Hazelcast 4.1 > 4.2 with Tenant Control

Security

• [FISH-1274] - Vulnerability in Metro's WSDL Code Importing/Parsing - Remote Code Execution

Payara Server Community Edition 5.2021.2

Release notes - Payara Platform Development - Version 5.2021.2

Notes

Jakarta EE 9 Support

In this release, we have fixed several issues relating to our Jakarta EE 9 Web Component (Servlet, JSTL and JSF) support through Eclipse Transformer. This is as a part of our ongoing effort to close the migration gap between major Jakarta versions before we provide full support for Jakarta EE 9. We encourage users to try updating their applications to Jakarta EE 9 with Eclipse Transformer, and raising any discovered bugs on our Github issue tracker.

New Feature

• [FISH-1064] - Asadmin to clear out old job executions of JBatch in all supported databases

Improvement

... (truncated)

Commits

• d82b9aa Increment version numbers for Release
• 0858e33 Merge pull request #5213 from payara/FISH-1287
• 72eac25 Merge pull request #5212 from OndroMih/Community-FISH-84-enterprise-ear
• 792dbd7 FISH-1287 Updated copyright headers
• 7f71020 FISH-1287 Formatting
• 6e9e501 FISH-1287 Admin console shows non-running remote instance faster
• 74fd711 FISH-1287 Admin console retrieves remote instance names faster
• 1f4ff20 FISH-84 Cleanup - sanitize imports, updated copyright headers
• 1078bec FISH-84 Tests for configuring OpenID using EL in EAR
• f22514a FISH-84 - get Bean Manager from JNDI instead of from CDI
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually