WildFly's Metamorphosis: Unpacking Key Advancements from Version 18.0.1 to 36.0.1

The WildFly application server, a dynamic and open-source project by Red Hat, has undergone substantial evolution between version 18.0.1 (released around November 2019) and version 36.0.1 (released in May 2025). This period has been marked by a steadfast commitment to aligning with the latest enterprise Java standards, enhancing developer productivity, bolstering security, and embracing cloud-native paradigms. This comprehensive overview details the major functionality changes that have shaped WildFly into the modern server it is today.

Key Evolutionary Highlights

Jakarta EE & MicroProfile Alignment: WildFly has consistently upgraded its support, culminating in Jakarta EE 10 and MicroProfile 7.0 compatibility in version 36.0.1, ensuring developers have access to the latest enterprise Java specifications.
Security Modernization: A significant shift occurred with the full adoption of the Elytron security subsystem as the default, replacing legacy security frameworks and offering robust, modern security capabilities.
Enhanced Observability and Cloud Focus: The introduction of the Micrometer subsystem for metrics and improved tooling for containerization and cloud deployments (like Kubernetes/OpenShift) underscore WildFly's focus on modern operational needs.

Deep Dive into WildFly's Transformation

Embracing Jakarta EE Evolution

One of the most significant trajectories in WildFly's development has been its adoption of and alignment with the Jakarta EE specifications, the successor to Java EE.

From Jakarta EE 8 to Jakarta EE 10

WildFly 18.0.1 was a Jakarta EE 8 compatible implementation. A pivotal change across subsequent versions was the transition of API JARs from Java EE projects to their Jakarta equivalents, most notably involving the namespace change from javax.* to jakarta.*. This journey saw WildFly support intermediate specifications like Jakarta EE 9.1. By WildFly 27, the server introduced support for Jakarta EE 10 APIs. WildFly 36.0.1 provides full support for the Jakarta EE 10 Platform. Furthermore, WildFly Preview distributions (e.g., WildFly Preview 36) offer an early look at Jakarta EE 11 Core Profile support, indicating a forward-looking approach to specification adoption.

These upgrades mean that applications built on earlier Java EE or Jakarta EE versions might require updates to namespaces and dependencies to run on the latest WildFly, but they also gain access to enhanced modularity, improved concurrency, and better integration with newer Java SE features.

Advancements in MicroProfile Support

WildFly has actively integrated MicroProfile specifications to cater to microservices development and cloud-native architectures.

MicroProfile 3.0 to 7.0

WildFly 18.0.1 initiated this journey with support for MicroProfile 3.0, which included specifications like Config, Fault Tolerance, Metrics, Health, and OpenAPI. Through successive releases, WildFly consistently updated its MicroProfile components. A major leap in observability came around WildFly 28 with the introduction of the Micrometer subsystem. WildFly 36.0.1 now supports MicroProfile 7.0 APIs, along with several other MicroProfile specifications not part of the platform, including upgrades to components like SmallRye Fault Tolerance (e.g., to version 6.9.1). This evolution provides developers with robust tools for building resilient, configurable, and observable microservices.

Security Modernization: The Rise of Elytron

Security has been a central theme in WildFly's development, with a decisive shift towards the Elytron security subsystem.

Elytron as the Standard

While WildFly 18 had early Elytron integration, the period leading up to WildFly 36 saw a comprehensive migration away from legacy JBoss security layers (like PicketBox and the org.jboss.as.security extension). Starting significantly with WildFly 25, Elytron became the cornerstone of WildFly's security. By WildFly 36, legacy security subsystems were removed from standard configurations, making Elytron the sole default security provider. Elytron offers a unified, flexible framework for managing security aspects, including authentication, authorization, SSL/TLS configuration, credential storage, and integration with modern protocols like OAuth2 and OpenID Connect. This transition enhances WildFly's security posture but may require users to migrate their existing security configurations to the Elytron model.

Elytron's enhanced role management capabilities in WildFly.

Enhanced Observability and Monitoring

Understanding application behavior and performance is critical in modern deployments. WildFly has significantly boosted its observability capabilities.

Micrometer Integration and Prometheus Support

A landmark enhancement was the introduction of the Micrometer subsystem in WildFly 28. This provides a vendor-neutral application metrics facade, allowing developers to instrument their code and expose metrics through various monitoring systems. WildFly 36 further enhanced this by adding a Prometheus endpoint directly to the Micrometer extension, simplifying integration with the popular Prometheus monitoring tool. Support for OpenTelemetry is also an area of ongoing improvement, reflecting WildFly's commitment to modern observability standards.

Monitoring Undertow Subsystem in WildFly HAL Console

The WildFly management console (HAL) provides insights into subsystems like Undertow.

Core Component and Dependency Upgrades

WildFly is built upon a rich ecosystem of components, which are regularly updated to bring in new features, performance improvements, and security fixes.

Key Upgrades Include:

WildFly Core: The underlying runtime has seen numerous updates, with WildFly 36.0.1 using WildFly Core 28.0.1.Final.
Hibernate: Hibernate ORM has been updated from versions like 5.x in older releases to 6.4.x in WildFly 31+, with WildFly Preview 36 including a beta of Hibernate ORM 7 and an alpha of Hibernate Search 8.
RESTEasy: The JAX-RS implementation has evolved, with later versions incorporating RESTEasy 6.x and previews of 7.x.
Undertow: The high-performance web server has received updates, including enhanced header manipulation configurability (e.g., reuse-x-forwarded, rewrite-host).
Netty: Upgraded to versions like 4.1.115.Final in WildFly 36.0.1, improving I/O operations.
Velocity Engine: Updated to version 2.4.1 in WildFly 36.0.1.
Arquillian: The testing framework has been kept current to support new Jakarta EE versions.

These upgrades ensure WildFly remains robust, performant, and secure, though they sometimes necessitate adjustments in application dependencies.

Java Version and JVM Support

WildFly's compatibility with Java Development Kit (JDK) versions has evolved to support modern Java releases.

Embracing Modern LTS JDKs

While WildFly 18 recommended Java 8 or Java 11 (the LTS at the time), WildFly 36.0.1 runs well on current LTS versions like JDK 17 and has shown good results on EA releases of JDK 21 and even SE 25. The quickstarts for WildFly 36 and later generally require Java SE 17.0 or newer. This shift encourages users to leverage the latest JVM features and performance improvements.

Tooling and Developer Experience Enhancements

Improving the developer experience and deployment flexibility has been a consistent focus.

Galleon, WildFly Glow, and JBang

The Galleon provisioning tool has matured, allowing users to create custom, lean WildFly installations tailored to their application's specific needs. This is particularly beneficial for cloud and containerized environments. A significant innovation is WildFly Glow, introduced around WildFly 31. Glow scans applications to identify necessary WildFly features and can provision a perfectly sized server or even create a runnable JAR. WildFly 36 also introduced the ability to run WildFly applications directly from source using JBang, further streamlining development workflows. The WildFly Server Migration Tool has also been updated to support migrations from older versions (e.g., WildFly 26, 27, 28) to WildFly 36, easing the upgrade process.

WildFly Glow simplifies provisioning optimized server distributions.

Cloud-Native and Containerization Focus

WildFly has strengthened its support for cloud-native deployments.

Kubernetes and OpenShift Integration

Enhancements have been made to WildFly's behavior in containerized environments, with improved images for Kubernetes and OpenShift. Tools like Source-to-Image (S2I) and the WildFly Operator for Kubernetes simplify deployment and management in these platforms. The ability to create lean server distributions via Galleon and WildFly Glow directly supports creating smaller, more efficient container images.

Stability, Bug Fixes, and Performance

Across the numerous releases from 18.0.1 to 36.0.1, hundreds of bugs have been fixed, and performance has been continually refined. These include addressing NullPointerExceptions (NPEs), race conditions, deployment issues (e.g., with Jakarta MVC template engines, PostgreSQL driver compatibility), and improving server startup time and resource management.

WildFly Feature Evolution at a Glance

The following radar chart provides a visual comparison of key feature areas across representative WildFly versions, illustrating the progression from version 18.0.1 through an intermediate stage (represented by WildFly 28, notable for Micrometer introduction) to the current WildFly 36.0.1. The scores (on a scale of 3 to 10) are subjective interpretations based on the described advancements, where higher scores indicate more advanced or comprehensive support.

Visualizing WildFly's Evolutionary Path

This mindmap illustrates the interconnected areas of development and key advancements in WildFly from version 18.0.1 to 36.0.1, showcasing the breadth of enhancements across its core functionalities.

mindmap root["WildFly Evolution
(v18.0.1 to v36.0.1)"] id1["Jakarta EE"] id1_1["EE 8 (WF18)"] id1_2["Namespace Shift
(javax to jakarta)"] id1_3["EE 9.1 Support"] id1_4["EE 10 Full Support (WF27+)"] id1_5["EE 11 Preview (WF Preview)"] id2["MicroProfile"] id2_1["MP 3.0 (WF18)"] id2_2["Incremental API Updates"] id2_3["Micrometer Subsystem (WF28+)"] id2_4["MP 7.0 (WF36)"] id3["Security"] id3_1["Legacy Security (PicketBox, etc.)"] id3_2["Elytron Introduction & Maturation"] id3_3["Migration to Elytron (WF25+)"] id3_4["Elytron as Default/Sole Provider (WF36)"] id3_5["Modern Protocols (OAuth2, OIDC)"] id4["Observability"] id4_1["Basic Metrics"] id4_2["Micrometer Subsystem (WF28)"] id4_3["Prometheus Endpoint (WF36)"] id4_4["OpenTelemetry Considerations"] id5["Core Components & Dependencies"] id5_1["WildFly Core Upgrades"] id5_2["Hibernate (ORM 6.4+, Search 8 Alpha)"] id5_3["RESTEasy (6.x, 7.x Alpha)"] id5_4["Undertow Enhancements"] id5_5["Netty, Velocity, Arquillian Updates"] id6["JVM & Java Support"] id6_1["Java 8, 11 (Early)"] id6_2["Support for JDK 17, 21 (EA)"] id6_3["Focus on Modern LTS JDKs"] id7["Tooling & Developer UX"] id7_1["Galleon Provisioning"] id7_2["WildFly Glow (Lean Servers, Runnable JARs)"] id7_3["JBang Integration"] id7_4["Server Migration Tool"] id8["Cloud-Native & Containers"] id8_1["Improved Kubernetes/OpenShift Images"] id8_2["WildFly Operator"] id8_3["Source-to-Image (S2I)"] id8_4["Lean Distributions for Containers"]

Summary of Key Functional Changes by Version Milestones

The table below provides a comparative snapshot of key functional areas across different WildFly versions, highlighting the progression.

Feature Area	WildFly 18.0.1 Status (circa 2019)	Intermediate Milestones (e.g., WildFly 26-28)	WildFly 36.0.1 Status (May 2025)
Jakarta EE Support	Jakarta EE 8 certified	Transition to Jakarta EE 9.1, early EE 10 work	Full Jakarta EE 10 Platform support; WildFly Preview with EE 11 Core Profile
MicroProfile Support	MicroProfile 3.0	Ongoing updates; Micrometer subsystem introduced (WF28)	MicroProfile 7.0 APIs and other MP specifications
Security Subsystem	Legacy security (PicketBox) with initial Elytron support	Major migration to Elytron; legacy security deprecation (WF25+)	Elytron as the sole, default security framework; legacy removed
Observability	Basic JMX metrics, some MicroProfile Metrics	Micrometer subsystem added for advanced metrics	Micrometer integration with Prometheus endpoint; OpenTelemetry focus
Java Version Recommended	Java 8, Java 11	Support for Java 17 emerging	Java 17, 21 (EA tested), aims for recent LTS; quickstarts require SE 17+
Provisioning & Tooling	Standard tooling, early Galleon	Galleon improvements	Mature Galleon, WildFly Glow, JBang integration, Server Migration Tool
Cloud-Native Features	Initial Kubernetes/OpenShift efforts	Enhanced container images, operator improvements	Optimized for cloud, strong Kubernetes/OpenShift support, lean runtimes
Component Upgrades (Example: Hibernate)	Hibernate ORM 5.x	Hibernate ORM ~6.x	Hibernate ORM 6.4.x, Preview with ORM 7 Beta / Search 8 Alpha

Developer Experience with Java Servers (Contextual Video)

While not specific to WildFly version changes, the following video discusses the broader context of developer experience with various Java application servers, including WildFly. This can provide a perspective on how WildFly fits into the larger Java ecosystem and the importance of the enhancements discussed.

Frequently Asked Questions (FAQ)

What are the primary drivers for the changes between WildFly 18.0.1 and 36.0.1?

The main drivers include alignment with evolving Jakarta EE and MicroProfile specifications, the need for enhanced security (leading to Elytron), improved observability for modern distributed systems, better cloud-native support, and continuous performance optimization and bug fixing.

Is it difficult to migrate applications from WildFly 18 to WildFly 36?

Migration complexity depends on the application. Key areas to consider are the Jakarta EE namespace change (javax.* to jakarta.*), security configuration (migrating from legacy to Elytron), and updates to dependencies. WildFly provides a Server Migration Tool to assist with configuration changes for supported upgrade paths (e.g., from WF26+ to WF36).

How has MicroProfile support evolved in WildFly during this period?

WildFly has consistently updated its MicroProfile support, moving from MicroProfile 3.0 in version 18 to MicroProfile 7.0 in version 36.0.1. This includes significant enhancements in areas like fault tolerance, health checks, metrics (notably with the Micrometer subsystem), configuration, and OpenAPI.

What is Elytron, and why was it adopted as the main security subsystem?

Elytron is WildFly's modern, unified security framework. It was adopted to replace older, disparate security mechanisms, providing a more flexible, extensible, and maintainable approach to security for authentication, authorization, secure communication (TLS/SSL), and credential management.

What are WildFly Glow and Galleon, and how do they benefit developers?

Galleon is a provisioning tool that allows users to create custom WildFly installations by selecting only the necessary features ("layers" or "feature-packs"). WildFly Glow builds upon this by analyzing an application to determine its required WildFly capabilities and then provisioning an optimally sized server or even a bootable JAR. Both tools help create lean, efficient deployments, especially for containerized and cloud environments.

Conclusion

The journey from WildFly 18.0.1 to 36.0.1 reflects a significant transformation, positioning WildFly as a modern, robust, and highly capable application server. Key themes include the full embrace of Jakarta EE 10 and MicroProfile 7.0, a complete overhaul of the security infrastructure with Elytron, substantial improvements in observability through Micrometer, and enhanced tooling for developer productivity and cloud-native deployments. These advancements ensure WildFly remains a competitive and relevant platform for developing and deploying enterprise Java applications in diverse environments, from traditional servers to scalable cloud infrastructures.