Is there any chance that 2.7.0 missed the fix?
No, JBPORTAL-1996 has been applied to the 2.7 branch as well. But some additional leaks have been discovered, see https://jira.jboss.org/jira/browse/JBPORTAL-2476. This has been fixed in the JBP_IDENTITY_BRANCH_1_1 already.