Elytron configuration on the client side of a Webservices deployment is now supported, so a WS client can support the Elytron security framework available within the application server.

A new constant-headers attribute has been added to the HTTP management interface resource definition. Administrators can make use of this attribute to specify additional HTTP headers to be returned in responses to requests made against the HTTP management interface.

It is now possible to use TLS 1.3 with WildFly when running against JDK 11 or higher. However, if JDK 11 is in use and if there is a very large number of TLS 1.3 requests being made, it is possible that a drop in performance (throughput and response time) will occur compared to TLS 1.2. Upgrading to newer JDK versions should improve performance. For this reason, the use of TLS 1.3 is currently disabled by default. TLS 1.3 can be enabled by configuring the new cipher-suite-names attribute in the SSL Context resource definition in the Elytron subsystem. It is recommended to test for performance degradation prior to enabling TLS 1.3 in a production environment.

RESTEasy context parameters and providers can now be configured via attributes in the jaxrs subsystem configuration.

Expression resolution in EE security manager deployment descriptors (permissions.xml and jboss-permissions.xml) is now supported. You can now use the familiar ${foo:true} syntax in these deployment descriptors to allow customization of settings at runtime.

A JBoss Modules module can be made globally available to all deployments by simply copying one or more library artifacts or other resources to a directory and then configuring the WildFly ee subsystem with the location of that directory.