Submit Feedback
Legacy Knowledge Base
Published Jun. 30, 2025

Remote Publish is Failed After Upgrading JBoss EAP 7.0 to 7.4.13

Written By

Laura Li

How To articles are not official guidelines or officially supporteddocumentation. They are community-contributed content and may not alwaysreflect the latest updates to Liferay DXP. We welcome your feedback toimprove How to articles!

While we make every effort to ensure this Knowledge Base is accurate, itmay not always reflect the most recent updates or official guidelines.We appreciate your understanding and encourage you to reach out with anyfeedback or concerns.

Legacy Article

You are viewing an article from our legacy "FastTrack"publication program, made available for informational purposes. Articlesin this program were published without a requirement for independentediting or verification and are provided "as is" withoutguarantee.

Before using any information from this article, independently verify itssuitability for your situation and project.

Issue

  • The remote publish always failed after upgrading JBoss EAP 7.0 to 7.4.13.
    In the Staging server, the following error occur:
    ERROR [liferay/background_task-1][StagingServiceHttp:327] com.liferay.portal.kernel.exception.SystemException:
java.io.IOException: Server returned HTTP response code: 502 for URL: xxxxxx
com.liferay.portal.kernel.exception.SystemException: java.io.IOException:
Server returned HTTP response code: 502 for URL: xxxxxx
  at com.liferay.portlet.exportimport.service.http.StagingServiceHttp.updateStagingRequest(StagingServiceHttp.java:320)

    In the Live server, the following error occurs:
    ERROR [default task-141][TunnelServlet:120] java.io.InvalidClassException: filter status: REJECTED

 

Environment

  • Liferay DXP 7.0 - 7.4

 

Resolution

  • This error is due to JBoss security update. It is documented in JBoss Doc. The solution can be found here
     
    One way to work around the issue is to just disable the new feature:
    DISABLE_JDK_SERIAL_FILTER=TRUE
     
    However, given that disabling the new feature disables the protection from https://access.redhat.com/security/cve/cve-2023-3171, we would recommend to figure out the proper values for the serial filter, most likely tuning the values for maxbytes and maxarray, probably making them both the same and making them both big enough to fit a .lar (by default, maxarray is tiny).
Did this article resolve your issue ?
Legacy Knowledge Base
Did this article resolve your issue ?