Author: Michael Redlich

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for April 28th, 2025 features news highlighting: four JEPs proposed to target and targeted for JDK 25; new JEPs; three new JEPs; the eighth milestone release of Spring AI 1.0.0; Quarkus 3.22.0; the first release candidate of LangChain4j 1.0.0; the release of JReleaser 1.18.0; and Wildfly joins the Commonhaus Foundation.

OpenJDK

Two JEPs have been elevated from Proposed to Target to Targeted for JDK 25, namely: JEP 512, Compact Source Files and Instance Main Methods, and JEP 511, Module Import Declarations, announced here and here, respectively.

Two JEPs have been elevated from Candidate to Proposed to Target for JDK 25, namely: JEP 513, Flexible Constructor Bodies, and JEP 505, Structured Concurrency (Fifth Preview), announced here and here, respectively. Their reviews are expected to conclude by May 8, 2025.

Details for each of these four JEPs may be found in this InfoQ news story.

JEP 517, HTTP/3 for the HTTP Client API, has been elevated from its JEP Draft 8291976 to Candidate status. This JEP proposes to “update the HTTPClient API to support the HTTP/3 protocol, so that libraries and applications can interact with HTTP/3 servers with minimal code change.“

JEP 515, Ahead-of-Time Method Profiling, has been elevated from its JEP Draft 8325147 to Candidate status. This JEP proposes to improve application warmup time by “making method-execution profiles from a previous run of an application instantly available, when the HotSpot JVM starts.” This allows the JIT compiler to immediately generate native code upon application startup as opposed to waiting for profiles to be collected.

JEP 470, PEM Encodings of Cryptographic Objects (Preview), has been elevated from its JEP Draft 8300911 to Candidate status. This JEP previews “an API for encoding objects that represent cryptographic keys, certificates, and certificate revocation lists into the widely-used Privacy-Enhanced Mail (PEM) transport format, and for decoding from that format back into objects.” This feature will support conversions between PEM text and cryptographic objects in PKCS #8 and X.509 binary formats.

JDK 25

Build 21 of the JDK 25 early-access builds was made available this past week featuring updates from Build 20 that include fixes for various issues. More details on this release may be found in the release notes.

For JDK 25, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

The eighth milestone release of Spring AI 1.0.0 features “several significant changes [that] would become breaking changes in an [upcoming] RC1 release.” This additional milestone release serves as a transition for providing the deprecated API along wit the corresponding replacement APIs. More details on this release may be found in the upgrade notes and release notes.

The first release candidate of Spring Cloud 2025.0.0, codenamed Northfields, features bug fixes and notable updates to sub-projects: Spring Cloud Kubernetes 3.3.0-RC1; Spring Cloud Function 4.3.0-RC1; Spring Cloud Stream 4.3.0-RC1; and Spring Cloud Circuit Breaker 3.3.0-RC1. This release is based on Spring Boot 3.5.0-RC1. More details on this release may be found in the release notes.

Quarkus

The release of Quarkus 3.22.0 features: Compose Dev Services that discover Compose specification files in a Quarkus application; a dedicated user interface to execute Hibernate Query Language (HQL) queries; and an improved test class loading infrastructure using a runtime classloader. More details on this release may be found in the release notes.

LangChain4j

The first release candidate (along with the fourth beta release) of LangChain4j delivers fie modules released under the release candidate, namely: langchain4j-core; langchain4j; langchain4j-http-client; langchain4j-http-client-jdk and langchain4j-open-ai wit the the remaining modules still under the milestone 4 release. Breaking changes include: a rename of the ChatLanguageModel and StreamingChatLanguageModel interfaces to ChatModel and StreamingChatModel, respectively; and a renaming and reshuffling of some internal utility classes that the team recommends that should not be directly used (even if they are public as these classes are now annotated with @Internal. More details on this release may be found in the release notes.

JReleaser

Version 1.18.0 of JReleaser, a Java utility that streamlines creating project releases, has been released to deliver: support for Forgejo, a self-hosted lightweight software forge; allow the native-image assembler to create FLAT_BINARY distributions; and support for deploying to the Sonatype Nexus 3 repository manager (NXRM3). More details on this release may be found in the release notes.

Commonhaus Foundation

The Commonhaus Foundation, a non-profit organization dedicated to the sustainability of open source libraries and frameworks, has announced that WildFly has joined the foundation this past week as a member project. In a blog post published in early-February 2025, Brian Stansberry, Senior Principal Software Engineer at Red Hat, described their rationale to transition to the foundation, writing:

WildFly has been a successful project for a long time now, and I believe that’s largely because we are passionate about serving our community. To help us continue on this path, we are considering moving WildFly to a vendor-neutral software foundation. Our hope is that by doing this we could further expand our community, improve our openness and transparency, refresh our governance model, and encourage more participation by contributors not affiliated with Red Hat.

Other notable projects that have joined the foundation include: Infinispan, Debezium, JReleaser, JBang, OpenRewrite, SDKMAN, EasyMock, Objenesis and Feign.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for April 21st, 2025 features news highlighting: the GA release of Gradle 8.14; JBang introduces Jash, a Java library for shell scripts; the first release candidate of Hibernate ORM 7.0; the April edition of Open Liberty; and the end of open-source support for Spring Cloud Data Flow.

OpenJDK

Two JEPs have been elevated from Candidate to Proposed to Target for JDK 25, announced here and here, respectively, namely: JEP 512, Compact Source Files and Instance Main Methods, and JEP 511, Module Import Declarations. Their reviews are expected to conclude on Monday, April 28, 2025 and details for each JEP may be found in this InfoQ news story.

JEP 513, Flexible Constructor Bodies, has been elevated from its JEP Draft 8344702 to Candidate status. This JEP proposes to finalize this feature, without change, after three rounds of preview, namely: JEP 492, Flexible Constructor Bodies (Third Preview), delivered in JDK 24; JEP 482, Flexible Constructor Bodies (Second Preview), delivered in JDK 23; and JEP 447, Statements before super(…) (Preview), delivered in JDK 22. This feature allows statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors. Gavin Bierman, Consulting Member of Technical Staff at Oracle, has provided an initial specification of this JEP for the Java community to review and provide feedback.

JDK 25

Build 20 of the JDK 25 early-access builds was made available this past week featuring updates from Build 19 that include fixes for various issues. More details on this release may be found in the release notes.

For JDK 25, developers are encouraged to report bugs via the Java Bug Database.

GlassFish

GlassFish 7.0.24, the twenty-fourth maintenance release, delivers bug fixes, dependency upgrades and new features such as: support for JDK 24; and faster deployment time with improved file discovery by using the walkFileTree() method defined in the Java Files class. More details on this release may be found in the release notes.

Spring Framework

It was a busy week over at Spring as the various teams have delivered first release candidates of Spring Boot, Spring Data 2025.0.0, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring Modulith and Spring Web Services. There were also second milestone releases of Spring Data 2025.1.0 and Spring for Apache Kafka and a first milestone release of Spring Vault. Further details may be found in this InfoQ news story.

The Spring Cloud Data Flow team has announced the end of open-source support for this project along with Spring Cloud Deployer and Spring Statemachine. The reasoning for this includes:

Spring Cloud Data Flow came out of the roots for Spring XD eight years ago for orchestrating both batch and streaming workloads and has shown great success with our customers over those years. However, in order to keep Spring Cloud Data Flow and related ecosystem projects going into the future in a way that is sustainable, we have made the decision to only release Spring Cloud Data Flow as a commercial offering.

Future releases, after versions 2.11.x, 2.9.x and 4.0.x, respectively, will only be made available to Tanzu Spring customers.

Open Liberty

IBM has released version 25.0.0.4 of Open Liberty featuring: support for Java 24; the ability to collect Liberty audit logs, via their Audit 2.0 feature, and send them to a configured OpenTelemetry exporter; and InstantOn support for the J2EE Management 1.1, Application Client Support for Server 1.0, Jakarta Application Client Support for Server 2.0 and Web Security Service 1.1 features. There were also resolutions to CVE-2025-25193 and CVE-2025-23184 that may cause a denial-of-service due to vulnerabilities from Netty versions up to and including 4.1.118.Final and Apache CXF versions before 3.5.10, 3.6.5 and 4.0.6, respectively.

Quarkus

Quarkus 3.21.4, the fourth maintenance release, ships with notable changes such as: a resolution to a StackOverflowError using a retry policy from the SmallRye implementation of MicroProfile Fault Tolerance specification; and the addition of a warning or error when attempting to create an instance of the HttpSecurityPolicy interface with a duplicated name. More details on this release may be found in the release notes.

Helidon

The release of Helidon 4.2.1 provides bug fixes and notable changes such as: the use of base units from the Timer interface for improved metrics reporting, in JSON format, in the toString() method defined in the MTimer class; and support for configurable buffering added to the TcpClientConnection class to to prevent small write chunks. More details on this release may be found in the release notes.

Hibernate

The first candidate release of Hibernate ORM 7.0.0 delivers new features such as: a new QuerySpecification interface that provides a common set of methods for all query specifications that allow for iterative, programmatic building of a query; and a migration from Hibernate Commons Annotations (HCANN) to the new Hibernate Models project for low-level processing of an application domain model. There is also support for the Jakarta Persistence 3.2 specification, the latest version targeted for Jakarta EE 11. The team anticipates this as the only release candidate before the GA release. More details on this release may be found in the release notes and the migration guide.

JBang

The JBang team has introduced Jash, a new Java library that provides a way to execute process or shell scripts that are “fluent, predictable and with a great developer experience.” Jash, pronounced “Jazz,” handles the behind-the-scenes tasks with the complexities of using multiple threads. More details on this initial release may be found in the release notes and InfoQ will follow up with a more detailed news story.

Gradle

After three release candidates, the release of Gradle 8.14 delivers new features such as: support for JDK 24; an introduction to lazy dependency configuration initialization for improved configuration performance and use of memory; and a new integrity check mode for improved debugging in the configuration cache. More details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

There was a flurry of activity in the Spring ecosystem during the week of April 21st, 2025, highlighting first release candidates of Spring Boot, Spring Data 2025.0.0, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring Modulith and Spring Web Services. There were also second milestone releases of Spring Data 2025.1.0 and Spring for Apache Kafka and a first milestone release of Spring Vault.

Spring Boot

The first release candidate of Spring Boot 3.5.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: new annotations, @ServletRegistration and @FilterRegistration, as an annotation-based alternative to registering servlet and filter beans using the ServletRegistrationBean and FilterRegistrationBean classes; and new classes that support Docker credential stores and helpers. More details on this release may be found in the release notes.

The release of Spring Boot 3.4.5 and 3.3.11 (announced here and here, respectively) provide bug fixes, improvements in documentation and dependency upgrades. More importantly, the Spring Boot team has disclosed that these two releases, along with versions 3.2.14, 3.1.16 and 2.7.25, address CVE-2025-22235, a vulnerability in which the overloaded to() method, defined in the EndpointRequest class creates an incorrect null/** matcher, under certain conditions, if the actuator endpoint is not exposed. Further details on these releases may be found in the release notes for version 3.4.5 and version 3.3.11.

Spring Data

The first release candidate of Spring Data 2025.0.0 features: refinements to the Hibernate Query Language (HQL), Elastic Query Language (EQL) and Jakarta Persistence Query Language (JPQL) to resolve various query issues; and new deprecation warnings for intended breaking changes, such as the removal of support for JMX, planned for Spring Data 4.0. This version aligns with Spring Boot 3.5.0-RC1 and the Spring Data team plans a GA release in May 2025.

The second milestone release of Spring Data 2025.1.0 ships with support for JSpecify on sub-projects: Spring Data Commons, Spring Data JPA, Spring Data MongoDB, Spring Data LDAP, Spring Data Cassandra, Spring Data KeyValue, and Spring Data Elasticsearch. There was also a breaking change with a significant rewrite of the QueryEnhancer interface such that configuration via the the spring.data.jpa.query.native.parser property is no longer available. Configuration is now possible via the @EnableJpaRepositories annotation. More details on this release may be found in the release notes.

Spring Security

The first release candidate of Spring Security 6.5.0 delivers bug fixes, dependency upgrades and new features such as: refinements to the implementation of the OAuth 2.0 Demonstrating Proof of Possession (DPoP) specification that include a new AuthenticationEntryPoint interface that returns the WWW-Authenticate header upon failure of a DPoP authentication; and refinements to the PathPatternRequestMatcher class to use a servlet in the path pattern instead of implementing the RequestMatcher interface for the servlet. Further details on this release may be found in the release notes and what’s new guide.

The release of Spring Security 6.4.5 and 6.3.9 (announced here and here, respectively) provide bug fixes, improvements in documentation and dependency upgrades. More importantly, the Spring Security team has disclosed that these two releases, along with versions 6.2.11, 6.1.15, 6.0.17, 5.8.19 and 5.7.17, address CVE-2025-22234, a follow up to CVE-2025-22228, whee the the timing attack mitigation, implemented in DaoAuthenticationProvider class, had been inadvertently broken. More details on these releases may be found in the release notes for version 6.4.5 and version 6.3.9.

Spring Authorization Server

The first release candidate of Spring Authorization Server 1.5.0 provides dependency upgrades and new features such as: the addition of authorization server metadata for the OAuth 2.0 DPoP and Pushed Authorization Requests (PAR) specifications; and a new REQUEST_URI constant, defined in the Spring Security OAuth2ParameterNames class, to facilitate flow in PAR. Further details on this release may be found in the release notes.

Spring Session

The first release candidate of Spring Session 3.5.0 ships with bug fixes, dependency upgrades and new features: a new CompositeHttpSessionIdResolver class, an implementation of the HttpSessionIdResolver interface, that iterates over a given collection of delegate instances of the HttpSessionIdResolver; and an optimization of the JdbcIndexedSessionRepository class to only start JDBC transactions only when there are session updates with a JDBC-based repository. More details on this release may be found in the release notes.

Spring Integration

The first release candidate of Spring Integration 6.5.0 provides bug fixes, improvements in documentation, dependency upgrades and new features such as: discontinued use of the logger.error() method in the TcpSendingMessageHandler class that was deemed unnecessary; and a new LockRequestHandlerAdvice class, based on the LockRegistry interface, that maintains mutual access to underlying services. Further details on this release may be found in the release notes.

Spring Modulith

The first release candidate of Spring Modulith 1.4.0 delivers bug fixes, dependency upgrades and improvements such as: performance improvements in use of the DefaultEventPublicationRegistry class and the publishEvent() method defined in the Spring Framework AbstractApplicationContext class; and state change detection for instances of the Scenario class should only accept non-empty collections by default. More details on this release may be found in the release notes.

Spring for Apache Kafka

The second milestone release of Spring for Apache Kafka 4.0.0 provides bug fixes, improvements in documentation, dependency upgrades and new features such as: client dependency upgrades to Apache Kafka 4.0.0; and an optimization in the MessagingMessageListenerAdapter class that now returns null from the invoke() method, defined in the DelegatingInvocableHandler class, that avoids an unnecessary instance return of the InvocationResult class. Further details on this release may be found in the release notes.

Spring Web Services

The first release candidate of Spring Web Services 4.1.0 ships with bug fixes, improvements in documentation, dependency upgrades and new features such as: support for configuring arbitrary options for Apache Web Services Security for Java (WSS4J) via the Wss4jSecurityInterceptor class; and the ability to create custom implementations of the MethodArgumentResolver and MethodReturnValueHandler interfaces. More details on this release may be found in the release notes.

Spring Vault

The first milestone release of Spring Vault 3.2.0 available delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: support for Instance Metadata Service Version 2 (IMDSv2) on AWS EC2; and the ability to use the Github token authentication mechanism. Further details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for April 14th, 2025 features news highlighting: the JDK 25 release schedule; the fourth milestone release of Spring Framework 7.0.0; the April 2025 edition of the Payara Platform; the release of JobRunr 7.5.0 and Jox 1.0.0; and Kroxylicious having joined the Commonhaus Foundation.

OpenJDK

Oracle has released versions 23.0.2, 21.0.6, 17.0.14, 11.0.26, and 8u441 of the JDK as part of the quarterly Critical Patch Update Advisory for April 2025. More details on this release may be found in the release notes for version 23.0.2, version 21.0.6, version 17.0.14, version 11.0.26 and version 8u441.

It was a busy week in the OpenJDK ecosystem during the week of April 14th, 2025, highlighting eight new JEPs having been elevated from their JEP Drafts to Candidate status. Four of these will be finalized after their respective rounds of preview. Further details may be found in this InfoQ news story.

JDK 25

Build 19 of the JDK 25 early-access builds was made available this past week featuring updates from Build 18 that include fixes for various issues. More details on this release may be found in the release notes.

After its review has concluded, Mark Reinhold, Chief Architect, Java Platform Group at Oracle, formally declared the release schedule for JDK 25 as follows:

• Rampdown Phase One (fork from main line): June 5, 2025
• Rampdown Phase Two: July 17, 2025
• Initial Release Candidate: August 7, 2025
• Final Release Candidate: August 21, 2025
• General Availability: September 16, 2025

For JDK 25, developers are encouraged to report bugs via the Java Bug Database.

BellSoft

Concurrent with Oracle’s Critical Patch Update (CPU) for April 2025, BellSoft has released CPU patches for versions 21.0.6.0.1, 17.0.14.0.1, 11.0.26.0.1, 8u451, 7u461 and 6u461 of Liberica JDK, their downstream distribution of OpenJDK, to address this list of CVEs. In addition, Patch Set Update (PSU) versions 24.0.1, 21.0.7, 17.0.15, 11.0.27 and 8u452, containing CPU and non-critical fixes, have also been released.

With an overall total of 740 fixes and backports, BellSoft states that they have participated in eliminating 38 issues in all releases.

Spring Framework

The fourth milestone release of Spring Framework 7.0.0 delivers improvements in documentation, dependency upgrades and new features such as: a new OptionalToObjectConverter class to automatically convert an Optional to its contained object; and a new ClassFileMetadataReader class that supports JEP 484, Class-File API, for reading and writing classes as Java bytecode. Further details on this release may be found in the release notes.

The first release candidate of Spring for GraphQL 1.4.0 ships with improvements in documentation, dependency upgrades and new features such as: a new graphql.dataloader observation that measures data loading operations so that recorded traces are much more precise; and improvements to the server transports so that reactive data fetcher operations will be cancelled in-flight and further data fetching calls (blocking or reactive) will be avoided. More details on this release may be found in the release notes.

Payara

Payara has released their April 2025 edition of the Payara Platform that includes Community Edition 6.2025.4, Enterprise Edition 6.25.0 and Enterprise Edition 5.74.0. All three releases deliver dependency upgrades and new features: the ability to customize logs sent to the remote system log servers for more control over log management; and the addition of a new connection pool property to disable the verification of client information properties when pooling is set to false. Further details on these releases may be found in the release notes for Community Edition 6.2025.4 and Enterprise Edition 6.25.0 and Enterprise Edition 5.74.0.

Micronaut

The Micronaut Foundation has released version 4.8.2 of the Micronaut Framework featuring Micronaut Core 4.8.11, bug fixes and patch updates to modules: Micronaut Maven Plugin; Micronaut JSON Schema; Micronaut Micrometer; and Micronaut Servlet. More details on this release may be found in the release notes.

JobRunr

The release of JobRunr 7.5.0 features: support for Quarkus 3.20.0 and Micronaut 4.8.0; improved detection of misconfiguration between JobRequest and JobRequestHandler interfaces; and the ability to configure an instance of the InMemoryStorageProvider class using properties. There is a breaking change for developers who use Quarkus and Micronaut. The behavior to automatically fall back to the InMemoryStorageProvider class if no instance of the StorageProvider interface has been removed. Developers will need to explicitly configure this by setting the jobrunr.database.type property to mem or by providing a custom bean. Further details on this release may be found in the release notes.

Jox

The release of Jox 1.0.0, a virtual threads library that implements an efficient Channel data structure in Java designed to be used with virtual threads, features many dependency upgrades and notable changes: the removal of the collectAsView() method from the Source interface and the CollectSource class as this functionality is offered from the Flows class; and configuration of the newly integrated Renovate automated dependency update tool. More details on this release may be found in the release notes.

Micrometer

The first release candidate of Micrometer Metrics 1.15.0 provides bug fixes and new features such as: enhancements to the OtlpMetricsSender interface that provides an immutable Request inner class and a corresponding builder for convenience; and the addition of metrics for the newVirtualThreadPerTaskExecutor() method defined in the Java Executors class. Further details on this release may be found in the release notes.

The first release candidate of Micrometer Tracing 1.5.0 ships with a dependency upgrade to Micrometer Metrics 1.15.0-RC1 and a new feature that removes the dependency on the incubation of the OpenTelemetry Java Instrumentation API. (opentelemetry-instrumentation-api-incubator). More details on this release may be found in the release notes.

Project Reactor

The second milestone release of Project Reactor 2025.0.0 provides dependency upgrades to reactor-core 3.8.0-M2, reactor-netty 1.3.0-M2, reactor-pool 1.2.0-M2. There was also a realignment to version 2025.0.0-M2 with the reactor-addons 3.5.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23 artifacts that remain unchanged. Further details on this release may be found in the release notes.

Similarly, Project Reactor 2024.0.5, the fifth maintenance release, provides dependency upgrades to reactor-core 3.7.5 and reactor-netty 1.2.5. There was also a realignment to version 2024.0.5 with the reactor-addons 3.5.2, reactor-pool 1.1.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23 artifacts that remain unchanged. More details on this release may be found in the release notes.

Commonhaus Foundation

The Commonhaus Foundation, a non-profit organization dedicated to the sustainability of open source libraries and frameworks, has announced that Kroxylicious has joined the foundation this past week. Kroxylicious is an “early-stage project which seeks to lower the cost of developing Kafka proxies by providing a lot of the common requirements out-of-the-box.” This allows developers to focus on the required logic to get their proxies to perform their tasks.

Article originally posted on InfoQ. Visit InfoQ

There was a flurry of activity in the OpenJDK ecosystem during the week of April 14th, 2025, highlighting eight new JEPs having been elevated from their JEP Drafts to Candidate status. Four of these will be finalized after their respective rounds of preview.

JEP 512, Compact Source Files and Instance Main Methods, has been elevated from its JEP Draft 8344699 to Candidate status. Formerly known as Simple Source Files and Instance Main Methods, this JEP proposes to finalize this feature, with improvements, after four rounds of preview, namely: JEP 495, Simple Source Files and Instance Main Methods (Fourth Preview), delivered in JDK 24; JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), delivered in JDK 23; JEP 463, Implicitly Declared Classes and Instance Main Methods (Second Preview), delivered in JDK 22; and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This feature aims to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. Gavin Bierman, Consulting Member of Technical Staff at Oracle, has published the first draft of the specification document for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.

JEP 511, Module Import Declarations, has been elevated from its JEP Draft 8344700 to Candidate status. This JEP proposes to finalize this feature, without change, after two rounds of preview, namely: JEP 494, Module Import Declarations (Second Preview), delivered in JDK 24; and JEP 476, Module Import Declarations (Preview), delivered in JDK 23. This feature will enhance the Java programming language with the ability to succinctly import all of the packages exported by a module with a goal to simplify the reuse of modular libraries without requiring to import code to be in a module itself.

JEP 510, Key Derivation Function API, has been elevated from its JEP Draft 8353275 to Candidate status. This JEP proposes to finalize this feature, without change, after one round of preview, namely: JEP 478, Key Derivation Function API (Preview), delivered in JDK 24. This features introduces an API for Key Derivation Functions (KDFs), cryptographic algorithms for deriving additional keys from a secret key and other data, with goals to: allow security providers to implement KDF algorithms in either Java or native code; and enable the use of KDFs in implementations of JEP 452, Key Encapsulation Mechanism.

JEP 509, JFR CPU-Time Profiling (Experimental) has been elevated from its JEP Draft 8337789 to Candidate status. This experimental JEP proposes to enhance the JDK Flight Recorder (JFR) to allow for capturing CPU-time profiling information on Linux OS.

JEP 508, Vector API (Tenth Incubator), has been elevated from its JEP Draft 8353296 to Candidate status. This JEP proposes a tenth incubation in JDK 25, with no API changes and no substantial implementation changes since JDK 24, after nine rounds of incubation, namely: JEP 489, Vector API (Ninth Incubator), delivered in JDK 24; JEP 469, Vector API (Eighth Incubator), delivered in JDK 23; JEP 460, Vector API (Seventh Incubator), delivered in JDK 22; JEP 448, Vector API (Sixth Incubator), delivered in JDK 21; JEP 438, Vector API (Fifth Incubator), delivered in JDK 20; JEP 426, Vector API (Fourth Incubator), delivered in JDK 19; JEP 417, Vector API (Third Incubator), delivered in JDK 18; JEP 414, Vector API (Second Incubator), delivered in JDK 17; and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. This feature introduces an API to “express vector computations that reliably compile at runtime to optimal vector instructions on supported CPU architectures, thus achieving performance superior to equivalent scalar computations.” The Vector API will continue to incubate until the necessary features of Project Valhalla become available as preview features. At that time, the Vector API team will adapt the Vector API and its implementation to use them, and will promote the Vector API from Incubation to Preview.

JEP 507, Primitive Types in Patterns, instanceof, and switch (Third Preview), has been elevated from its JEP Draft 8349215 to Candidate status. This JEP, under the auspices of Project Amber, proposes a third round of preview, without change, to gain additional experience and feedback from the previous two rounds of preview, namely: JEP 488, Primitive Types in Patterns, instanceof, and switch (Second Preview), delivered in JDK 24; and JEP 455, Primitive Types in Patterns, instanceof, and switch (Preview), delivered in JDK 23. This feature enhances pattern matching by allowing primitive type patterns in all pattern contexts, and extending instanceof and switch to work with all primitive types. More details may be found in this draft specification by Aggelos Biboudis, Principal Member of Technical Staff at Oracle.

JEP 506, Scoped Values, has been elevated from its JEP Draft 8352695 to Candidate status. Formerly known as Extent-Local Variables (Incubator), this JEP proposes to finalize this feature, without change, after four rounds of preview, namely: JEP 487, Scoped Values (Fourth Preview), delivered in JDK 24; JEP 481, Scoped Values (Third Preview), delivered in JDK 23; JEP 464, Scoped Values (Second Preview), delivered in JDK 22; JEP 446, Scoped Values (Preview), delivered in JDK 21; and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads.

JEP 505, Structured Concurrency (Fifth Preview), has been elevated from its JEP Draft 8340343 to Candidate status. This JEP proposes a fifth preview, with several API changes, to gain more feedback from the previous four rounds of preview, namely: JEP 499, Structured Concurrency (Fourth Preview), delivered in JDK 24; JEP 480, Structured Concurrency (Third Preview), delivered in JDK 23; JEP 462, Structured Concurrency (Second Preview), delivered in JDK 22; and JEP 453, Structured Concurrency (Preview), delivered in JDK 21. This feature simplifies concurrent programming by introducing structured concurrency to “treat groups of related tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability.” One of the proposed API changes involves the StructuredTaskScope interface to be opened via static factory methods rather than public constructors.

JDK 25 Feature Set (So Far) and Release Schedule

The JDK 25 release schedule, as approved by Mark Reinhold, Chief Architect, Java Platform Group at Oracle, is as follows:

• Rampdown Phase One (fork from main line): June 5, 2025
• Rampdown Phase Two: July 17, 2025
• Initial Release Candidate: August 7, 2025
• Final Release Candidate: August 21, 2025
• General Availability: September 16, 2025

With less than two months before the scheduled Rampdown Phase One, where the feature set for JDK 25 will be frozen, these are the two JEPs included in the feature set so far:

Despite not having been formally targeted at this time, it has already been determined that JEP 508, Vector API (Tenth Incubator), will be included in the feature set for JDK 25.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for March 31st, 2025 features news highlighting: the formal release of the Jakarta EE 11 Web Profile; the eleventh milestone release of GlassFish 8.0.0; point releases TornadoVM 1.1.0, Micronaut 4.8.0 and JHipster 8.10.0; and a new JEP candidate to remove the Applet API.

OpenJDK

JEP 504, Remove the Applet API, was elevated from its JEP Draft 8345525 to Candidate status. This JEP proposes to remove the Applet API, deprecated in JDK 17, due it’s continued obsolescence since applets are no longer supported in web browsers.

JDK 25

Build 17 of the JDK 25 early-access builds was made available this past week featuring updates from Build 16 that include fixes for various issues. More details on this release may be found in the release notes.

For JDK 25, developers are encouraged to report bugs via the Java Bug Database.

GlassFish

The eleventh milestone release of GlassFish 8.0.0 delivers bug fixes, dependency upgrades and improved specification compatibility for various new features of Jakarta EE 11. This relese passes the final Jakarta EE 11 Web Profile TCK. Further details on this release may be found in the release notes.

Jakarta EE 11

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, provided an update on Jakarta EE 11, writing:

Jakarta EE 11 Web Profile is released! It’s a little later than planned, but we’re finally there, and Jakarta EE 11 Web Profile joins Jakarta EE 11 Core Profile among the released specifications. It has been a tremendous effort to refactor the TCK.

Eclipse GlassFish was used as the ratifying compatible implementation of Jakarta EE 11 Web Profile. I would expect other implementations, such as Open Liberty, WildFly, Payara, and more to follow suit over the next weeks and months. Check out the expanding list of compatible products of Jakarta EE 11.

The road to Jakarta EE 11 included four milestone releases, the release of the Core Profile in December 2024, the release of Web Profile in April 2025, and a fifth milestone and first release candidate of the Platform before its anticipated release in 2Q 2025.

TornadoVM

The release of TornadoVM 1.1.0 provides bug fixes and improvements such as: support for mixed precision FP16 to FP32 computations for matrix operations; and a new method, mapOnDeviceMemoryRegion(), defined in the TornadoExecutionPlan class that introduces a new Mapping On Device Memory Regions feature that offers device buffer mapping for different buffers. More details on this release may be found in the release notes.

Micronaut

The Micronaut Foundation has released version 4.8.0 of the Micronaut Framework featuring Micronaut Core 4.8.9 that include: improvements to the Micronaut SourceGen module that now powers bytecode generation of internal metadata and expressions; and the ability to activate dependency injection tracing so that developers can better understand what Micronaut is doing at startup and when a particular bean is created. There were also updates to many of Micronuat’s modules. Further details on this release may be found in the release notes.

Quarkus

Quarkus 3.21.1, the first maintenance release, ships with bug fixes, dependency upgrades and improvements such as: allow execution model annotations (@Blocking, @NonBlocking, etc.) on methods annotated with SmallRye GraphQL @Resolver due to the resolver throwing an error; and a resolution to a Java UnsupportedOperationException when using the TlsConfigUtils class to configure TLS options in a Quarkus project using the Application-Layer Protocol Negotiation (ALPN) extension. More details on this release may be found in the release notes.

JHipster

The release of JHipster 8.10.0 provides notable changes such as: a workaround to a ClassCastException using Spring Boot and Hazelcast upon logging in to a JHipster application; numerous dependency upgrades, most notably Spring 3.4.4; and many internal improvements to the code base. Further details on this release may be found in the release notes.

The release of JHipster Lite 1.31.0 ships with a dependency upgrades to Vite 6.2.4 that resolves two CVEs affecting previous versions of Vite 6.2.4 and 6.2.3, namely: CVE-2025-31125, a vulnerability, resolved in version 6.2.4, in which Vite exposes content of non-allowed files using URL expressions ?inline&import or ?raw?import, to the development server; and CVE-2025-30208, a vulnerability, resolved in version 6.2.3, where the restrictions imposed by the Vite /@fs/ filesystem variable can be bypassed by adding expressions, ?raw?? or ?import&raw??, to the URL and returns file content if it exists. More details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for March 24th, 2025 features news highlighting: updates for Jakarta EE 11 and Spring AI; the first beta release of WildFly 36.0; the third alpha release of Hibernate Search 8.0; the March 2023 release of Open Liberty; and point releases for Quarkus, Infinispan, JHipster and OpenXava.

OpenJDK

JEP 503, Remove the 32-bit x86 Port, has been elevated from Proposed to Target to Targeted for JDK 25. This JEP proposes to “remove the source code and build support for the 32-bit x86 port.” This feature is a follow-up from JEP 501, Deprecate the 32-bit x86 Port for Removal, delivered in JDK 24.

JDK 25

Build 16 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 15 that include fixes for various issues. More details on this release may be found in the release notes.

For JDK 25, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, provided an update on Jakarta EE 11 and Jakarta EE 12, writing:

The Release Review for Jakarta EE 11 Web Profile has started! According to the process, it will conclude on April 7 at the latest. When I write this, seven out of ten members have voted “+1,” which means that super-majority is reached and Jakarta EE 11 Web Profile in practice has passed the release review.

So, what about the Jakarta EE 11 Platform? The status, as of Wednesday [March 26, 2025] is that we are down to ~50 test failures, most of which pass for Jakarta EE 11 Web Profile. This is an indication that there is some configuration or setting for the CI jobs that may be the problem.

Plan reviews for the component specifications targeting Jakarta EE 12 are ongoing. So far eight specifications have completed, or are in the process of completing their plan reviews. More are expected to follow as we get closer to April 15, the deadline communicated by the Jakarta EE Platform project. Check out the Jakarta EE 12 Plan Reviews Project Board for a complete overview.

The road to Jakarta EE 11 included four milestone releases, the release of the Core Profile in December 2024, and the potential for release candidates as necessary before the GA releases of the Web Profile in 1Q 2025 and the Platform in 2Q 2025.

Eclipse JNoSQL

The release of Eclipse JNoSQL 1.1.6, the compatible implementation of the Jakarta NoSQL and Jakarta Data specifications, provides bug fixes, performance improvements and new features such as: a new GraphTemplate interface that supports NoSQL Graph databases; and enhancement to CDI Lite for improved performance and compatibility. More details on this release may be found in the release notes.

BellSoft

In conjunction with the release of JDK 24 and GraalVM for JDK 24, BellSoft has also released version 24.2.0 of Liberica Native Image Kit. Enhancements include: experimental support for the jcmd diagnostic tool on Linux and macOS that complements the existing Native Image monitoring capabilities such as the JDK Flight Recorder (JFR).

Spring Framework

The Spring AI team has posted important changes and updates for using version 1.0.0-SNAPSHOT. These include artifact IDs, dependency management and autoconfiguration. The most significant change is the naming pattern for Spring AI starter artifacts: for model starters, the spring-ai-{model}-spring-boot-starter artifact has been renamed to spring-ai-starter-model-{model}; for vector store starters, the spring-ai-{store}-store-spring-boot-starter artifact has been renamed to spring-ai-starter-vector-store-{store}; and for MCP starters, the spring-ai-mcp-{type}-spring-boot-starter artifact has been renamed to spring-ai-starter-mcp-{type}.

The Spring AI team offers two methods for developers to update their projects: update automatically using AI tools or update manually.

Quarkus

Versions 3.21.0 and 3.20.0 of Quarkus (announced here and here, respectively), the former designated as a new LTS version, with bug fixes, dependency upgrades and new features such as: support for the MongoDB Client extension in their TLS Registry; and enable the Jakarta RESTful Web Services ClientRequestFilter interface run on the same Vert.x context as other handlers to resolve a context propagation issue with blocking REST Clients. More details on this release may be found in the release notes.

Open Liberty

IBM has released version 25.0.0.3 of Open Liberty with new features such as: the ability to configure a shared library using a new configuration element, path, that complement the existing file, folder and fileset configuration elements in an XML file; and compliance with FIPS 140-3, Security Requirements for Cryptographic Modules, for the IBM SDK, Java Technology Edition 8.

WildFly

The first beta release of WildFly 36.0.0 delivers big fixes, dependency upgrades and enhancements such as: the jboss.as.jpa.classtransformer persistence unit is now enabled by default for improved performance; and a warning is now logged should more than one metrics system be enabled. More details on this release may be found in the release notes.

Hibernate

The third alpha release of Hibernate Search 8.0.0 ships with: an alignment with Hibernate ORM 7.0.0.Beta5 that implements the Jakarta Persistence 3.2 specification; and a migration to the Hibernate Models ClassDetailsRegistry interface, based on the Jandex index, to replace the deprecated getJandexView() method defined in the BootstrapContext interface. Further details on this release may be found in the release notes.

Infinispan

The release of Infinispan 15.2.0.Final, codenamed Feelin’ Blue, ships with bug fixes, many dependency upgrades and new features such as: an implementation of the Redis JSON API; and a new look and feel to the console based on the recent upgrade to PatternFly 6. More details on this release may be found in the release notes.

Apache Software Foundation

Apache TomEE 10.0.1, the first maintenance release, provides dependency upgrades and resolutions to notable issues such as: Jakarta Expression Language expressions in Jakarta Faces not working with Eclipse Mojarra, the compatible implementation of Jakarta Faces specification; and the addition of the missing service-jar.xml file in the Serverless Builder API and Embedded Scenarios due to the file being omitted from the BOMs when the TomEE webapp was removed. More details on this release may be found in the release notes.

JHipster

The release of JHipster Lite 1.30.0 ships with bug fixes, improvements in documentation and new features such as: the use of colors to identify modules by rank; and a new display to filter the rank options in the frontend. More details on this release may be found in the release notes.

OpenXava

The release of OpenXava 7.5 released delivers bug fixes, dependency upgrades and new features such as: support for hot code reloading during development without affecting performance in production; and UI improvements that include rounded corners for various widgets; and a flat design applied to most UI elements, thus removing shadows. More details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for March 17th, 2025, features news highlighting: the GA releases of JDK 24 and Apache Kafka 4.0; the March 2025 edition of the Payara Platform; Spring Security CVEs; and JavaOne 2025.

JDK 24

Oracle has released version 24 of the Java programming language and virtual machine, which ships with a final feature set of 24 JEPs. More details may be found in this InfoQ news story.

JDK 25

Build 15 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 14 that include fixes for various issues. Further details on this release may be found in the release notes.

For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.

GraalVM

In conjunction with the release of JDK 24, the released of GraalVM for JDK 24 by Oracle Labs delivers new features such as: Graal Neural Network (GNN), a new static profiler that “provides a new generation of machine learning-powered profile inference” (available only on Oracle GraalVM); SkipFlow, a new experimental extension to Native Image static analysis that “tracks primitive values and evaluates branching conditions dynamically during the analysis process;” and an optimized Foreign Function and Memory API in Native Image with new specialized upcalls for direct method handles. More details on this release may be found in the release notes and the upcoming GraalVM for JDK 24 release stream on YouTube. InfoQ will follow up with a more detailed news story.

BellSoft Liberica

The release of Liberica JDK 24, BellSoft’s downstream distribution of OpenJDK 24, includes 2,597 bug fixes in the JDK and 175 bug fixes in JavaFX. Developers may download this latest version from this website.

Project Loom

Build 25-loom+1-11 of the Project Loom early-access builds was made available to the Java community this past week and is based on Build 13 of the JDK 25 early-access builds. This build improves the implementation of Java monitors (synchronized methods) for enhanced interoperability with virtual threads.

Spring Framework

It was a busy week over at Spring as the various teams have delivered milestone releases of Spring Boot, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Integration, Spring AMQP, Spring for Apache Kafka and Spring Web Services.There were also point releases of Spring Batch and Spring for Apache Pulsar. Further details may be found in this InfoQ news story.

The Spring team has disclosed two CVEs that affect Spring Security:

Josh Long, Spring developer advocate at Broadcom, has tweeted that March 24, 2025 marks 21 years since the formal GA release of Spring Framework 1.0.

Payara

Payara has released their March 2025 edition of the Payara Platform that includes Community Edition 6.2025.3, Enterprise Edition 6.24.0 and Enterprise Edition 5.73.0. All three releases provide bug fixes, security fixes, dependency upgrades and two improvements: the ability to specify the global context root for any deployed application using the payaramicro.globalContextRoot property; and a CORBA update to use the new implementation of Jakarta Concurrency 3.1 instead of synchronized blocks.

This edition also delivers Payara 7.2025.1.Alpha1 featuring full support for the Jakarta EE 11 Core Profile, released in December 2024, along with the same improvements in Payara Platform 6. More details on these releases may be found in the release notes for Community Edition 6.2025.3 and Enterprise Edition 6.24.0 and Enterprise Edition 5.73.0.

Apache Software Foundation

The release of Apache Kafka 4.0.0 delivers bug fixes, many improvements and new features such as: client support for subscribing with the new SubscriptionPattern class; and the ability for developers to rebootstrap clients based on timeout or error code. Further details on this release may be found in the release notes.

Hibernate

The fifth beta release of Hibernate ORM 7.0.0 features: a migration to the Jakarta Persistence 3.2 specification, the latest version targeted for Jakarta EE 11; a baseline of JDK 17; improved domain model validations; and a migration from Hibernate Commons Annotations (HCANN) to the new Hibernate Models project for low-level processing of an application domain model. More details on this release may be found in the release notes and the migration guide.

The second alpha release of Hibernate Search 8.0.0 ships with: fixes discovered in the Alpha1 release; an alignment with Hibernate ORM 7.0.0.Beta4 that implements the Jakarta Persistence 3.2 specification; and dependency upgrades to Lucene 10.1.0, OpenSearch 2.19 and Elasticsearch Client 8.17.3. Further details on this release may be found in the release notes.

Kotlin

The release of Kotlin 2.1.20 provides new features such as: a new K2 compiler kapt plugin that is enabled by default for all the projects; and an experimental DSL that replaces the Gradle Application plugin that is no longer compatible with the Kotlin Multiplatform Gradle plugin. More details on this release may be found in the release notes.

RefactorFirst

Jim Bethancourt, principal software consultant at Improving, an IT services firm offering training, consulting, recruiting, and project services, has released version 0.7.0 of RefactorFirst, a utility that prioritizes the parts of an application that should be refactored. This release delivers: improved rendering of class maps and cycles using the 3D Force-Directed Graph; and limiting the cycle analysis to 10 cycles that will be parameterized in the future. Further details on this release may be found in the release notes.

JavaOne 2025

JavaOne 2025 was held on March 18-20, 2025, at the Oracle Conference Center in Redwood Shores, California. This three-day event consisting of keynotes, presentations and hands-on labs, is organized by Oracle and the developer relations team. The session catalog provides all of the details. Details on Day One of JavaOne, in conjunction with the formal release of JDK 24, may be found in this InfoQ news story. InfoQ will follow-up with additional news stories.

Article originally posted on InfoQ. Visit InfoQ

There was a flurry of activity in the Spring ecosystem during the week of March 17th, 2025, highlighting milestone releases of: Spring Boot, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Integration, Spring AMQP, Spring for Apache Kafka and Spring Web Services.

Spring Boot

The third milestone release of Spring Boot 3.5.0 delivers bug fixes, improvements in documentation, dependency upgrades and many new features such as: a new LLdapDockerComposeConnectionDetailsFactory class that adds ServiceConnection support for Light LDAP Implementation for Authentication; improved support for OpenTelemetry by correctly using the service.namespace service attribute; and improved support for Spring Batch with enhancements and new properties. More details on this release may be found in the release notes.

Similarly, the release of Spring Boot 3.4.4 and 3.3.10 (announced here and here, respectively) provides bug fixes, improvements in documentation, dependency upgrades and an important change where support for the Apache Portable Runtime (APR) for Tomcat is now disabled by default with applications running on JDK 24 and above to prevent the JDK from issuing warnings. Further details on these releases may be found in the release notes for version 3.4.4 and version 3.3.10.

Spring Framework

The release of Spring Framework 6.2.5 provides bug fixes, improvements in documentation, one dependency upgrade and new features such as: the comment() method, defined in the ServerResponse.SseBuilder interface, now allows an empty comment; and an instance of the FormHttpMessageConverter class should throw HttpMessageNotReadableException when the HTTP form data is invalid because it is a more specific exception that will allow developers to better target and react to invalid request payloads. More details on this release may be found in the release notes.

Spring Cloud

The release of Spring Cloud 2024.0.1, codenamed Mooregate, features bug fixes and notable updates to sub-projects: Spring Cloud Kubernetes 3.2.1; Spring Cloud Function 4.2.2; Spring Cloud OpenFeign 4.2.1; Spring Cloud Stream 4.2.1; and Spring Cloud Gateway 4.2.1. This release is based upon Spring Boot 3.4.3. Further details on this release may be found in the release notes.

Spring Security

The third milestone release of Spring Security 6.5.0 delivers bug fixes, dependency upgrades and new features such as: support for RFC 9068, JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens; deprecation of the ConfigAttribute interface as modern Spring Security APIs no longer share a common interface to represent configuration values; and support for automatic context-propagation with Micrometer. More details on this release may be found in the release notes.

Spring Authorization Server

The second milestone release of Spring Authorization Server 1.5.0 ships with bug fixes, dependency upgrades and new features such as: improvements to the JdbcOAuth2AuthorizationService class that define and use constants for the SQL parameter mapping values; and support for RFC 9126, OAuth 2.0 Pushed Authorization Requests. Further details on this release may be found in the release notes.

Spring for GraphQL

The first milestone release of Spring for GraphQL 1.4.0 provides dependency upgrades and new features such as: an alignment with the GraphQL over HTTP draft specification; and improved Federation support by upgrading to Apollo GraphQL Federation 5.3.0. More details on this release may be found in the release notes.

Spring Integration

The third milestone release of Spring Integration 6.5.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: enabling the LastModifiedFileListFilters class to discard files that have aged out; and removal of the deprecated getSendTimeout() and setSendTimeout() methods, previously defined in the PollerMetadata class. Further details on this release may be found in the release notes.

Spring Modulith

The third milestone release of Spring Modulith 1.4.0 delivers bug fixes, dependency upgrades and new features such as: integration tests using the @ApplicationModuleTest annotation may now consume bean instances of classes declared in test sources; and registration of the AssertablePublishedEvents interface in tests using the Spring Framework ApplicationContext interface if AssertJ is on the classpath. More details on this release may be found in the release notes.

Similarly, the release of Spring Modulith 1.3.4 and 1.2.10 provide dependency upgrades and a resolution to a severe performance regression in JavaPackage class when testing an instance of the Documenter class. Further details on these releases may be found in the release notes for version 1.3.4 and version 1.2.10.

Spring Batch

The release of Spring Batch 5.2.2 provides bug fixes, improvements in documentation, dependency upgrades and improvements such as: the addition of AOT hints in infrastructure artifacts and core listeners that were previously missing; and an improved ChunkProcessor interface as it is now annotated with the Java @FunctionalInterface. More details on this release may be found in the release notes.

Spring AMQP

The second milestone release of Spring AMQP 4.0.0 delivers bug fixes, dependency upgrades and new features such as: support for the AMQP 1.0 protocol on RabbitMQ with a new spring-rabbitmq-client module; and support for RPC in the new RabbitAmqpTemplate class. Further details on this release may be found in the release notes.

Spring for Apache Kafka

The first milestone release of Spring for Apache Kafka 4.0.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: a migration of all the former org.springframework.lang nullability annotations to the JSpecify-based null safety improvements; and improved performance of the acknowledge(int index) method and an override of the createRecordList() methods, defined in the KafkaMessageListenerContainer class. This version is compatible with Spring Framework 7.0.0-M3. More details on this release may be found in the release notes.

Spring for Apache Pulsar

The release of Spring for Apache Pulsar 1.2.4 and 1.1.10 provides notable respective dependency upgrades to: Spring Framework 6.2.4 and 6.1.18; Project Reactor 2024.0.4 and 2023.0.16; and Micrometer 1.14.5 and 1.13.12. These releases are included in Spring Boot 3.4.4 and 3.3.10, respectively. Further details on these releases may be found in the release notes for version 1.2.4 and version 1.1.10.

Spring Web Services

The first milestone release of Spring Web Services 4.1.0 delivers bug fixes, dependency upgrades and new features such as: a reinstatement of support for Apache Axiom as the recent release of Axiom 2.0.0 now supports Jakarta EE; and the deprecation of the WsConfigurerAdapter class as it is no longer needed due to the introduction of default methods. More details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for March 3rd, 2025, features news highlighting: milestone releases of Spring Cloud 2025.0.0, GlassFish 8.0.0 and Grails 7.0.0; point releases of Spring gRPC 0.4.0, Helidon 4.2.0, Quarkus 3.19.2 and JHipster 1.29.1 and 1.29.0; the fourth release candidate of Netty 4.2.0; and Devnexus 2025.

JDK 24

Build 36 remains the current build in the JDK 24 early-access builds. Further details may be found in the release notes.

JDK 25

Build 13 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 12 that include fixes for various issues. More details on this release may be found in the release notes.

For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.

GlassFish

The tenth milestone release of GlassFish 8.0.0 delivers bug fixes, dependency upgrades and new features such as: various updates to support the upcoming release of JDK 24; disable the deprecated TLS 1.0 and TLS 1.1 specifications by default; and a migration away from deprecated WeldListener class in favor of the WeldInitialListener class. Further details on this release may be found in the release notes.

Spring Framework

The second milestone release of Spring Cloud 2025.0.0, codenamed Northfields, features bug fixes and notable updates to sub-projects: Spring Cloud Kubernetes 3.3.0-M2; Spring Cloud Function 4.3.0-M2; Spring Cloud Stream 4.3.0-M2; and Spring Cloud Circuit Breaker 3.3.0-M2. This release is based upon Spring Boot 3.5.0-M2. More details on this release may be found in the release notes.

The release of Spring gRPC 0.4.0 provides bug fixes, improvements in documentation, dependency upgrades and new features such as: a new ChannelBuilderOptions class used for customizers, graceful channel shutdowns and interceptors that was added to the GrpcChannelFactory and GrpcChannelBuilderCustomizer interfaces; and a rename of the GrpcChannelConfigurer interface to GrpcChannelBuilderCustomizer to “more accurately represent its purpose and for consistency with the server-side terminology.” Further details on this release may be found in the release notes.

Helidon

The release of Helidon 4.2.0 delivers bug fixes, improvements in documentation, dependency upgrades and new preview features:

• Helidon Service Inject, an extension to the core service registry that adds concepts of injection into a constructor, instances of scoped service instances, and an intercept method invocation. This change removes the original Helidon Inject, i.e., modules under the inject/ endpoint, and replaces all usages with the service registry.
• A LangChain4j integration with the service registry and an OpenAI provider and Oracle embedding store provider.
• Support for Coordinated Restore at Checkpoint (CRaC).

More details on this release may be found in the changelog.

Quarkus

Quarkus 3.19.2, the first maintenance release (version 3.19.0 was skipped), ships with bug fixes, dependency upgrades and new features such as: a much improved Quarkus update utility for stability and aesthetics; and improved interoperability between an instance of the QuarkusUnitTest class and the JUnit @TestFactory annotation. Further details on this release may be found in the changelog.

Netty

The fourth release candidate of Netty 4.2.0 provides bug fixes, dependency upgrades and new features such as: support for a new property, IORING_SETUP_CQSIZE, that allows a larger completion queue (CQ) ring without changing the size of the submission queue (SQ) ring; and a requirement that an instance of the ThreadExecutorMap class must restore old instance of the EventExecutor interface to eliminate losing the current EventExecutor. More details on this release may be found in the issue tracker.

Grails

The third milestone release of Grails 7.0.0 delivers bug fixes, dependency upgrades and new features such as: an updated ContainerGebSpec class to support cross-platform file input and inclusion of the Geb ScreenshotReporter by default; and a consolidation of various projects and profiles to reduce the time to publish a release. With the transition of Grails to the Apache Foundation, the next milestone is planned to be released as Apache Grails 7.0.0-M4. Further details on this release may be found in the release notes.

JHipster

The release of JHipster Lite 1.29.1 and 1.29.0 features an upgrade to Axios 1.8.2 that resolves a critical security issue as described in CVE-2025-27152, a vulnerability in Axios, up to and including version 1.8.1, where passing absolute URLs, rather than protocol-relative URLs, to Axios even if the baseURL property is defined. The request to the specified absolute URL is sent with the potential to cause a server-side request forgery (SSRF) and a leakage of credentials. More details on these releases may be found in the release notes for version 1.29.1 and version 1.29.0.

Devnexus 2025

The 21st edition of Devnexus 2025, held at the Georgia World Congress Center in Atlanta, Georgia, this past week, featured speakers from the Java community who delivered workshops and talks on topics such as: Jakarta EE, Java Platform, Core Java, Architecture, Cloud Infrastructure and Security.

Hosted by the Atlanta Java Users Group (AJUG), Devnexus has a rich history that dates back to 2004 when the conference was originally called DevCon. The Devnexus name was introduced in 2010.

The conference also featured on-site live interviews with speakers interested in participating. Entitled Unfiltered Developer Insights and Everyday Heroes, these interviews were facilitated by employees representing Neo4j and HeroDevs, respectively. Also, a new episode of OffHeap was recorded featuring Erin Schnabel, Ivar Grimstad and Bob Paulin.