Index of Wildfly server releases

In this article we will track all changes in the application server from release 10 up to the current release (25) and details where you can download and install it.

WildFly 10

In this application server release, a major restructuring began that will continue in the 1x releases. These changes are both related to some single subsystems but also to the whole server infrastructure. Expect some further changes in the 11 release of the application server which will include a re-shaped security subsystem.

Here are the most significant changes in WildFly 10:

  • New Messaging subsystem: the new messaging provider embedded in WildFly 10 is Apache Artemis MQ which is derived from the HornetQ project, recently donated to the Apache foundation. The new messaging provides retains compatibility with the former HornetQ while providing several new features.
  • Capabilities: Beginning with WildFly 10 the application server’s management layer includes a mechanism for allowing different parts of the system to integrate with each other in a loosely coupled manner. This happens thanks to a new component called “Capability”. A Capability works out by registering a service with the WildFly’s ServiceContainer, and then dependent capabilities depend on that service. The WildFly Core management layer orchestrates registration of those services and service dependencies by providing a means to discover service names. Discussing Capabilities is beyond the scope of this book.
  • Improved ejb subsystem: the ejb pooling configuration has been revamped so that now it includes multiple self-tuning policies applicable to Stateless EJB and to Message Driven Beans. An advanced delivery policy (group based) can now be used by Message Driven Beans.
  • Migration from legacy subsystems: an automatic CLI-based migration procedure has been added to help users migrate the former legacy systems (jbossweb, messaging, jacorb) into WildFly 10.
  • Updated Hibernate API: the most relevant change for developers is the introduction of Hibernate 5 API that includes several additional improvements spanning from performance optimization (mainly due to bytecode enhancement), the use of generics in Hibernate Native, and an improved SPI for second-level cache providers. This topic, being focused on the development of applications, is not in the scope of this book.
In terms of JDK, WildFly has discontinued support for Java 7. Hence, you need a Java 8 or newer environment on your machine. If you are porting the former startup scripts, you have to replace the deprecated JVM parameter named -XX:MaxPermSize with the new -XX:MaxMetaspaceSize.

You can download and install WildFly 10 with

wget -q

WildFly 11

The release 11 of WildFly application server introduced several important changes from the new security infrastructure to simplified client naming lookup. This version includes also several management enhancements to ease server administration. More in detail, this is a break down of the latest significant news:

  • New Security Infrastructure: a long-awaited change is the new Security Provider named Elytron which will be able to unify the whole security infrastructure in a single subsystem. Elytron will bring also advanced capabilities. For example: privilege propagation across multiple service invocations, pre-request TLS verification, identity switching, pre-request TLS verification, and rich security policies. Finally, it also improves the overall extensibility with tight integration with other SSO / IDP frameworks such as KeyCloak.
  • SSL enhancements: You can switch from the JVM internal implementation of SSL to your own OpenSSL library available on your system. This library can, in turn, be used (for versions greater than 1.0.2) to support HTTP/2
  • EJB made easier: several enhancements have been included to simplify the discover of EJB resources thanks to a new naming library. Also the ejb subsystem allows more advanced strategies such as dynamic discovery or P2P communication from proxies to EJB.
  • RMI over HTTP In order to allow load balancing of EJB request through a standard HTTP request, you can now opt for a pure HTTP communication for EJBs.
  • New Load balancing Profile: If you are planning to use WildFly as front load balancer to a set of WildFly backend, then you can use one out of the box configuration named standalone-load-balancer.xml
  • Graceful shutdown of the Server: the application server is now able to start in suspend mode plus a set of improvements are available to handle distributed transactions when a graceful shutdown has been issued.
  • Management enhancements: a consistent number of enhancements have been added to the Web console in many areas plus you the CLI tab completion shell is now able to complete attributes in case a capability for it is available.
  • Remote managed deployments: you are now able to update remote managed deployments by including content items such as HTML or JSP files without a full application redeployment

You can download and install WildFly 11 with

wget -q

WildFly 12

The 12th release of WildFly includes the following enhancements:

  • Java EE 8 Profile: the application server includes now a Java EE8 configuration which can be activated at start-up
  • New thread pool strategy: A new thread pooling strategy is available. This allows reducing the number of threads active at any given time, which helps conserve system resources.
  • Other Minor enhancements: (MicroProfile REST Client 1.0 is now supported, Java 9 compatibility has been improved and CLI scripts can now take advantage of loops with variables)

You can download and install WildFly 12 with

wget -q

WildFly 13

The 13th release of WildFly includes provisioning enhancements for the application server along with some core libraries upgrades:

  • Galleon project: WildFly can now be internally provisioned using the project Galleon which allows to provision the desired installation at a specified location, install additional and/or uninstall existing feature-packs, export the currently provisioned specification to a file with the purpose to reproduce it on a different machine.
  • New Web Console: a new version of the Web management console (HAL) is available which uses PatternFly as technical stack instead of GWT. The new version of the Web console enhances the existing features and adds support for many new subsystems and attributes.
  • Other enhancements: Infinispan has been updated to version 9.2 and Hibernate to version 5.3.

You can download and install WildFly 13 with

wget -q

WildFly 14

The 14th release of WildFly includes several enhancements. The most important one is the Java EE 8 full compatibility so now all default configuration include the EE8 APIs. Additionally, the following enhancements have been included:

  • Agroal Datasource: the application server can now be configured to use a JCA-less connection pool with increased performance and low memory footprint.
  • MicroProfile Capabilities: This version of the application server includes support for some Eclipse MicroProfile capabilities such as the Configuration MicroProfile which enhances the application’s configuration capabilities, a MicroProfile for Server Health checking and an API for accessing an OpenTracing compliant Tracer object within your JAX-RS application.
  • Mod-Cluster Multiplicity: Mod-cluster has now been enhanced to support multiple web server configurations by declaring and referencing multiple mod-cluster configurations within its subsystem.

You can download and install WildFly 14 with

wget -q

WildFly 15

The 15th release of the application server contains some additions for monitoring the application server and some global security enhancements. More in detail:

  • New metrics subsystem: The application server development is happening with a view to containers. In order to observe the application server in a container environment, it is crucial to gather metrics. The new ‘metrics’ subsystem allows to collect WildFly and application metrics and make available to monitoring systems like Prometheus.
  • SNI Support for HTTPS Listeners: Java 8 has introduced for server-side SNI support, which is a feature that extends the SSL/TLS protocols to indicate what server name the client is attempting to connect to during handshaking. Now we can configure Undertow with more than 1 virtual servers. Also, users are able to use a different server certificate for each virtual server.
  • Support for registering a single JVM / server-wide default SSLContext: by registering a global SSLContext libraries used within the application server can make use of a managed SSLContext instead of relying on one automatically being created through the standard system properties.
  • JASPI Integration with Elytron: The Elytron subsystem now contains the configuration required to support JASPI to the Elytron subsystem and general JASPI integration.

You can download and install WildFly 15 with

wget -q

WildFly 16

The 16th release of the application server continues its path towards a more agile application server. There are improvements in the Galleon tool, to provide customized version, with minimal memory foot-print, of the application server. Some other notable items:

  • Messaging subsystem improvements: You can configure MDBs to join multiple delivery groups, enabling delivery when all groups are active. You can now reference remote Artemis servers through Java EE 8 resource definitions. Finally, you can impose a limit on the amount of disk space used by the Artemis journal.
  • Clustering Improvements: The load balancer can now be configured to use a ramp up period before allowing the maximum traffic. Other minor improvements in the HA Singleton deployments have been added as well.
  • Other Improvements: The command line has been enriched with a command to list modules linked by a deployed applications. It is also possible to query for long-running management operations and stop potentially locked operations. Some minor improvements have been added also in Elytron. For example, the ‘silent mode’ for HTTP Basic authentication and an utility script to migrate legacy properties files to Elytron.

You can download and install WildFly 16 with

wget -q

WildFly 17

The 17th release of the application server contains several improvements, especially with regards to clustering. Some notable items:

  • HTTP Clustering improvements: The distributable-web subsystem has been added to ha configuration to manage a set of session management profiles that encapsulate the configuration of a distributable session manager. Also, when enabling session sharing for WARs within an EAR, you can indicate whether a distributable or non-distributable session manager should be used.
  • HA singleton service notification: Applications can register listeners to receive notifications when the HA singleton service starts and stops.
  • Messaging enhancements: It is possible for JMS Clients to address an HTTP load balancer, as an alternative to communicate directly with the servers behind the load balancer. Then, you can now configure a timeout for the embedded messaging broker when opening journal files. Finally, the configuration of connections to remote AMQ brokers has been enhanced.
  • Other Improvements: Web access logs in JSON format has been enhanced to use a formatted structure. Encoding of hashes, passwords and salts has been improved for Elytron JDBC security realms. A new option has been added to enable property resolution in the CLI. Finally, the title of the HAL management console can now be customized by the user.

Besides it, it is worth mentioning that WildFly 17.0.1 was certified as a Jakarta EE 8 compatible implementation.

You can download and install WildFly 17 with

wget -q

WildFly 18

The 18th release of the application server continues its path towards the alignment with Jakarta EE projects and Microprofile standards. A large number of updates have been added into the Elytron, the core Enterprise subsystems and in the Clustering area. Some highlights include:

  • Elytron improvements: Several improvements have been added to support SSL certificate revocation using OCSP, audit logging enhancements, mapping of X509 certificates to an underlying identity has been enhanced. Also, new CLI commands have been added to support obtaining certificates from the Let’s Encrypt certificate authority. Elytron now supports masking passwords in the Elytron client’s XML configuration. Finally, the certificate authority used by a certificate-authority-account resource is now configurable.
  • EJB improvements: It is possible now to configure at subsystem level client-side interceptors and server-side interceptors. Also, the configuration and tactics of thread pools used in the EJB3 subsystem has been improved.
  • RESTEasy improvements: An HTTP proxy can be now set up just by using properties on the Client Builder. Also, RESTEasy now gives users the ability to use optional typed parameters, and eliminate all null checks.
  • Messaging improvements: Additionally attributes are available to check whether any backup server is synchronized with the live server and to indicate the Artemis journal type being used. New statistics and metrics are also available for JMS bridges and Resource Adapter thread pools.
  • Clustering improvements: Ranked routing has been added to Clustered web applications to allow the ability to annotate the JSESSIONID with multiple routes, ranked in order of preference.

You can download and install WildFly 18 with

wget -q

WildFly 19

The 19th release of the application server is mostly focused on the new release of Microprofile (3.2) specification . Security enhancements have been included in the Elytron subsystem, in the Deployer and in Managed Executors / Thread pools statistics. More in detail:

  • MicroProfile 3.2 improvements: WildFly now includes support for the Fault Tolerance API (2.0), JWT Authentication (1.1) and OpenAPI (1.1). Besides it, the Health Check API has been updated to version 2.1, and the Metrics to the 2.2 version.
  • Deployment enhancement: You have now the ability to apply certain JBoss module libraries to all deployments running in a server.
  • Executors improved statistics: The Managed Executors / Thread pools in the EE subsystem are now capable to emit runtime statistics.
  • Elytron and Web services: It is now possible to integrate Elytron security layer with RESTEasy and SOAP Web services.
  • RESTEasy CLI configuration: This enhancement allows us to change RESTEasy settings via CLI.

You can download and install WildFly 19 with

wget -q

WildFly 20

The 20th release of the application server updates to the latest Microprofile (3.3) specification. Security enhancements have been included in the Elytron subsystem, in the ejb subsystem and in the configuration of Microprofile applications.

  • Elytron improvements: adds the ability to automatically add a credential to a previously defined credential store by specifying both the store and clear-text attributes for a credential-reference. In addition, the elytron subsystem allows now to achieve a regex based mapping of security roles. Finally, new attributes (such as remote client IP address) can be used to make authorization decisions.
  • EJB enhancements: A global Stateful Bean timeout has been added to simplify the cache management of multiple EJBs in a cluster. Also, it is now possible to refresh EJB timers programmatically when using database-data-store for persistence. Finally, a large number of statistics about ejbs deployments are now exposed through the /deployment path.
  • MicroProfile tooling enhancement: Besides the update to the new version (3.3), a CLI script has been added to the server’s docs/examples directory to allow users to migrate to the standalone-microprofile.xml configuration.

You can download and install WildFly 20 with

wget -q

WildFly 21

The major enhancement added in this release is the WildFly Bootable Jar technology. That enables packaging your application and WildFly Server in a single executable unit. A WildFly Bootable Jar has the ability to shape your server distribution to your needs. By choosing just the required galleon layers. This is especially useful to run applications as Microservices in a cloud environment. You can learn more about WildFly Bootable Jar in its documentation guide. Other improvements contained in this release:

  • Elytron improvements: adds RESTEasy integration with WildFly Elytron – AuthenticationClient for Authentication / SSL. Besides, in order to migrate from the legacy security, Elytron now has the capability to use credentials established externally (e.g. mod_jk) from the server to authenticate the client with HTTP.
  • Security Realm enhancements: Two new security realms have been added: the Failover Security Realm which supports fail over to an alternative realm and the Distributed Security Realm which allows configuring a list of other security realms to allow the server to sequentially invoke them until one succeeds.
  • Encryption enhancements: adds support for TLS 1.3 when using the OpenSSL TLS provider with Elytron.
  • EJB enhancements: adds the ability to configure EJB invocations over HTTP protocol also in server-to-server configurations. Besides, it has been enabled compression on remoting at server configuration level.

You can download and install WildFly 21 with

wget -q

WildFly 22

This release includes a parallel distribution named WildFly preview which allows developers to have a preview of Jakarta EE 9. . This distribution also promotes a leaner server structure as it does not include (by default) the embedded Artemis broker. Finally, the legacy security subsystem has been deprecated and it’s not anymore available in the default configurations.

On the top of that, the following server additions are now available:

  • New Galleon layers: A Keycloak layer has been added to include Keycloak’s client-side adaptors for WildFly through a Galleon layer. The Web Passivation layer has been added to provide passivation and persistence capabilities of session data on non-clustering environments.
  • Messaging enhancements: To help mitigate the possibility of split-brain problems, the messaging subsystem includes now the ability to ping a configurable list of hosts to check the health of the broker’s network connection. Additionally, now both destinations (Queues and Topics) can be paused through the management API.
  • Command Line enhancements: a new option has been added to the CLI in order to create built-in commands for existing resources.
  • Elytron enhancements: It has been added the ability to adjust the case of a user name using an Elytron principal transformer. Also, you can now lazily generate a self-signed certificate on first use for a specified host name

You can download and install WildFly 22 with

wget -q

WildFly 23

In this release the MicroProfile platform implementations have moved from the 3.3 platform specification versions to the 4.0 versions. Several other enhancements have been included in the Security, Messaging and minor changes in other areas as well.

Here is an overview of the core enhancements:

  • MicroProfile API: Updated specifications for the following Microprofile API: Config (2.0), Fault Tolerance (3.0), Health (3.0), JWT Authentication (1.2), Metrics (3.0), OpenAPI (2.0), OpenTracing (2.0), Rest Client (2.0), WildFly now provides Tech Preview support for MicroProfile Reactive Messaging. This includes providing a connector for interaction with Kafka streams.
  • Start up scripts: WildFly distribution now includes a common shell script that can be used to set variables used by all other start up scripts. It is also possible to use a non-graceful startup mode to allow requests to be handled earlier in the boot process.
  • Command Line enhancements: a new option has been added to the CLI in order to create built-in commands for existing resources.
  • Elytron enhancements: It has been added the ability to adjust the case of a user name using an Elytron principal transformer. Also, you can now lazily generate a self-signed certificate on first use for a specified host name, which was available only when using legacy security.
  • Messaging: You can now get a dump of the embedded Artemis broker’s journal from the management API and investigate it. Also, the journal can be retained when corrupted before deleting it. Then, you have now the ability to configure a feature of the embedded broker named critical-analyzer. Finally, a call-timeout attribute has been added to the Jakarta Messaging core bridge configuration.
  • Other enhancements: The Jakarta Concurrency managed executors can be configured to detect and automatically or manually terminate tasks that have been executing for an unexpectedly long time. The transaction subsystem now supports configuring a maximum timeout for transactions. The undertow subsystem can now be configured to obfuscate the server instance-id data included as part of the request and response JSESSION_ID cookie.

You can download and install WildFly 23 with

wget -q

WildFly 24

WildFly 24 has been primarily oriented toward bug fixing. Here are some highlights for this version:

  • MicroProfile API: Reactive Streams Operators subsystem has been updated to support version 2.0.
  • Security: it is now possible to configure a client or server SSL context using the SSLv2Hello protocol. Also, it is now possible to configure multiple certificate revocation lists in Elytron. It is now possible to specify the character set and hash encoding strings to verify client-supplied passwords against passwords stored in a Properties Realm, Filesystem Realm, JDBC Realm and LDAP realm in the Elytron subsystem.
  • Java Serialization: the Codehaus Jackson libraries have been removed from the server distribution, along with support for the Jakarta RESTful Web Services provider that used Codehaus Jackson.

You can download and install WildFly 24 with

wget -q

WildFly 25

The most significant change introduced in this release is the transition from legacy security to Elytron. Some significant updates are also available in the MicroProfile subsystems. Besides, WildFly 25 introduces support for Java 17. Here’s more in detail:

  • Legacy security: all standard configuration files no longer include legacy security realms. Elytron subsystem resources are now used as replacement. Also, the Picketbox-based security vault is no longer supported. Elytron credential stores should be used instead.
  • MicroProfile API: the opentelemetry is now available to instrument, generate, capture and export telemetry data. You are encouraged to switch the existing MicroProfile OpenTracing applications to OpenTelemetry. Besides it, the MicroProfile Health 3.1 allows using the new @Startup probe for your applications. Finally, the MicroProfile Reactive Messaging subsystem now supports additional configuration of messages sent to Kafka such as certificates for secure connections.
  • Identity Management: A new subsystem (“elytron-oidc-client”) has been added to secure deployments using OpenID Connect, without needing to install the Keycloak client adapter.
  • WildFly core: As the cloud use-cases rely more on container environment variables vars than system properties, it is now possible to use environment variables as fallback solution when a system property is not available. This is much similar to what happens for MicroProfile Config properties.

You can download and install WildFly 25 with:

wget -q

WildFly 26

The main focus of this server release is the upgrade to a new MicroProfile major version (5.0) which bridges the API from Jakarta EE 8 to EE 9.1. Also, a more powerful option has been added to simplify Cloud configuration of WildFly image.

Here is in detail:

MicroProfile API: This server releases brings MicroProfile 5.0 compatibility. The focus of the new major release is updating APIs and dependencies from Jakarta EE 8 (javax.* namespace) to to EE 9.1 ( jakarta.* namespace).

Cloud environment: So far WildFly supports a limited number of environment variables to configure its Cloud image. In the new server release it is possible to override management attributes through a naming convention. This allows to tune every configuration resource with environment variables.

Elytron: The JAAS security realm type is now available in the elytron subsystem. This realm allows to configure custom Login Modules in the Elytron for credential verification.

You can download and install WildFly 26 with:

wget -q