RESTEasy 6.2.16.Final and 7.0.2.Final Releases

By James R. Perkins | April 15, 2026

Today we would like to announce the release of RESTEasy 6.2.16.Final and RESTEasy 7.0.2.Final. Both releases consist mostly of bug fixes and component upgrades.

One big change to both 6.2.16.Final and 7.0.2.Final was better support for CDI. Previously, Jakarta REST resources required a public no-arg constructor, even when managed by CDI. This release relaxes that requirement, allowing CDI to fully handle resource creation. This means your resources can now use constructor injection without needing to maintain an additional no-arg constructor.

7.0.2.Final

RESTEasy 7.0.2.Final is a Jakarta REST 4.0 implementation. This release includes mostly bug fixes and component upgrades.

One notable upgrade in this release is the migration to Jackson 2.21 LTS. This is a long-term support version of Jackson, which provides better stability and extended support for users who need a more stable JSON processing foundation.

Among the bug fixes, this release addresses an IllegalAccessError that could occur when posting large entities via the Apache HTTP client engine, and fixes for Server-Sent Events (SSE) handling in Vert.x environments.

Component Upgrade

  • RESTEASY-3687 Bump org.jboss.logging:jboss-logging from 3.6.1.Final to 3.6.2.Final

  • RESTEASY-3688 Bump version.weld from 6.0.3.Final to 6.0.4.Final

  • RESTEASY-3690 Bump the fasterxml-dependencies group across 1 directory with 2 updates

  • RESTEASY-3696 Bump version.org.glassfish.jaxb from 4.0.6 to 4.0.7

  • RESTEASY-3699 Bump org.jboss.logging:jboss-logging from 3.6.2.Final to 3.6.3.Final

  • RESTEASY-3700 Bump org.jboss.arquillian:arquillian-bom from 1.10.0.Final to 1.10.1.Final

  • RESTEASY-3701 Bump org.wildfly:wildfly-channel-maven-plugin from 1.0.30 to 1.0.31

  • RESTEASY-3702 Bump version.io.undertow from 2.3.20.Final to 2.3.23.Final

  • RESTEASY-3704 Bump org.wildfly.security:wildfly-elytron-ssl from 2.6.7.Final to 2.6.8.Final

  • RESTEASY-3705 Bump org.eclipse.jetty:jetty-server from 12.0.15 to 12.0.32 in /resteasy-dependencies-bom

  • RESTEASY-3707 Upgrade Jackson to 2.21.1 LTS

  • RESTEASY-3709 Bump org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom from 3.3.4 to 3.3.5

  • RESTEASY-3710 Bump version.io.undertow from 2.3.23.Final to 2.3.24.Final

  • RESTEASY-3711 Bump com.fasterxml.jackson:jackson-bom from 2.21.1 to 2.21.2 in the fasterxml-dependencies group

  • RESTEASY-3719 Bump org.wildfly:wildfly-channel-maven-plugin from 1.0.31 to 1.0.32

  • RESTEASY-3720 Bump org.apache.httpcomponents:httpasyncclient from 4.1.4 to 4.1.5

Enhancement

  • RESTEASY-3596 Contextual scheduled executor service causes inadvertent Thread + classloader leak

  • RESTEASY-3693 Relax Constructor Requirements for CDI-Managed Jakarta REST Components

Bug

  • RESTEASY-3359 SseEventSink close does not update the request for Vert.x

  • RESTEASY-3683 EJB’s should be allowed to have annotated interface methods as well as implementation methods

  • RESTEASY-3685 Few test fails with Semeru (IBM) JDK

  • RESTEASY-3691 IllegalAccessError when POSTing entity larger than in-memory threshold via ManualClosingApacheHttpClient43Engine

Task

  • RESTEASY-3660 Deprecate the resteasy.patch.filter.legacy context parameter

  • RESTEASY-3686 Delete HeaderEmptyHostTest to unit test due to Undertow security hardening UNDERTOW-2656 and lack of core framework relevance

  • RESTEASY-3698 Remove the BASE \+ i for the ID patterns in the messages and message loggers

  • RESTEASY-3708 Refactor the FakeHttpServer in the unit tests to no use the com.sun.net.httpserver.HttpServer

Full releases notes can be found at https://github.com/resteasy/resteasy/releases/tag/7.0.2.Final.

6.2.16.Final

RESTEasy 6.2.16.Final is a Jakarta REST 3.1 implementation. This release includes mostly bug fixes and component upgrades.

While this should not affect you as a user, it should be noted that in RESTEASY-3712 we upgrade to a new minor of JBoss Logging. This was done for better support in modular environments. We did, however, keep backwards compatibility so using JBoss Logging 3.5.x should also work.

Similar to 7.0.2.Final, this release addresses an IllegalAccessError when posting large entities, fixes for Server-Sent Events (SSE) in Vert.x environments, and resolves a SecurityException in SSE when the security manager is enabled.

Component Upgrade

  • RESTEASY-3689 Bump version.weld from 5.1.6.Final to 5.1.7.Final

  • RESTEASY-3696 Bump version.org.glassfish.jaxb from 4.0.6 to 4.0.7

  • RESTEASY-3700 Bump org.jboss.arquillian:arquillian-bom from 1.10.0.Final to 1.10.1.Final

  • RESTEASY-3701 Bump org.wildfly:wildfly-channel-maven-plugin from 1.0.30 to 1.0.31

  • RESTEASY-3702 Bump version.io.undertow from 2.3.20.Final to 2.3.23.Final

  • RESTEASY-3703 Bump version.io.netty.netty4 from 4.1.128.Final to 4.1.131.Final

  • RESTEASY-3704 Bump org.wildfly.security:wildfly-elytron-ssl from 2.6.7.Final to 2.6.8.Final

  • RESTEASY-3706 Bump com.fasterxml.jackson:jackson-bom from 2.18.5 to 2.18.6 in the fasterxml-dependencies group

  • RESTEASY-3709 Bump org.jboss.shrinkwrap.resolver:shrinkwrap-resolver-bom from 3.3.4 to 3.3.5

  • RESTEASY-3710 Bump version.io.undertow from 2.3.23.Final to 2.3.24.Final

  • RESTEASY-3712 Upgrade the JBoss Logging dependency to 3.6.3.Final

  • RESTEASY-3718 Bump version.io.netty.netty4 from 4.1.131.Final to 4.1.132.Final

  • RESTEASY-3719 Bump org.wildfly:wildfly-channel-maven-plugin from 1.0.31 to 1.0.32

Enhancement

  • RESTEASY-3596 Contextual scheduled executor service causes inadvertent Thread + classloader leak

  • RESTEASY-3693 Relax Constructor Requirements for CDI-Managed Jakarta REST Components

Bug

  • RESTEASY-3359 SseEventSink close does not update the request for Vert.x

  • RESTEASY-3683 EJB’s should be allowed to have annotated interface methods as well as implementation methods

  • RESTEASY-3685 Few test fails with Semeru (IBM) JDK

  • RESTEASY-3691 IllegalAccessError when POSTing entity larger than in-memory threshold via ManualClosingApacheHttpClient43Engine

  • RESTEASY-3697 The SseEventOutputImpl will throw a security exception if the security manager is enabled when the stream is closed

Task

  • RESTEASY-3660 Deprecate the resteasy.patch.filter.legacy context parameter

  • RESTEASY-3686 Delete HeaderEmptyHostTest to unit test due to Undertow security hardening UNDERTOW-2656 and lack of core framework relevance

  • RESTEASY-3698 Remove the BASE \+ i for the ID patterns in the messages and message loggers

  • RESTEASY-3708 Refactor the FakeHttpServer in the unit tests to no use the com.sun.net.httpserver.HttpServer

Full releases notes can be found at https://github.com/resteasy/resteasy/releases/tag/6.2.16.Final.

Finally

As always, feedback is welcome. Stay safe, and, depending on where you are, stay warm or be cool.

Apache License 2.0 Security
Copyright © RESTEasy. All rights reserved. For details on our trademarks, please visit our Trademark Policy and Trademark List. Trademarks of third parties are owned by their respective holders and their mention here does not suggest any endorsement or association.