Eclipse GlassFish 8.0.2 has been released with three critical security fixes including CVE-2026-24457 (9.8 CRITICAL) in OpenMQ and two undisclosed Admin Console CVEs with scores of 9.6 and 9.1. The release also upgrades the Grizzly HTTP framework to 5.0.1, fixes a Maven build dependency issue, improves localhost hostname resolution, and updates several Eclipse Foundation components (Mojarra, OpenMQ, ORB, HK2) and third-party libraries. A JAXB Impl 4.0.7 upgrade was rolled back due to TCK regressions and will be included in 8.0.3. The release achieves full Jakarta EE 11 TCK compliance. OmniFish provides commercial support for GlassFish.
Table of contents
Security fixesStability and other ImprovementsComponent upgradesConclusion – GlassFish is a platform you can trustOmniFish - Jakarta EE expertsSort: