The definition of the default security context was removed to be static https://github.com/wildfly/wildfly-core/pull/3892/commits/4f34c962fec06e81673c17f8f37b4122c1034623#diff-8396de3001749ce06e45825a9bea821dR439 as it could cause defective behaviour. To quote Stuart:
The 'standard' default is basically random, as it can vary based on what the first TCCL to access it is.
But removing the static default authentication context makes troubles for the transaction recovery which does not have an authentication context specified. Recovery can use only global one and while it's a workaround to the real issue of recovery has not defined any, it was a working solution. With the mentioned change this solution stopped to work.
Loading of the static authentication context should be reverted back and later fix properly.