Author: Michael Redlich

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for January 23rd, 2023, features news from OpenJDK, JDK 20, JDK 21, GraalVM 22.3.1, TornadoVM 0.15, Spring Cloud Azure 5.0, Spring Shell 3.0.0 and 2.1.6, Spring Cloud 2022.0.1, Quarkus 2.16 and 3.0.Alpha3, Micronaut 3.8.3, JobRunr 6.0, MicroStream 8.0-EA2, Hibernate 6.2.CR2, Tomcat 10.1.5, Groovy 4.0.8 and 2.5.21, Camel Quarkus 2.16, JDKMon 17.0.45 and Foojay.io at FOSDEM.

OpenJDK

Angelos Bimpoudis, principal member of technical staff for the Java Language and Tools team at Oracle, has updated JEP Draft 8288476, Primitive types in patterns, instanceof, and switch. This draft, under the auspices of Project Amber, proposes to enhance pattern matching by allowing primitive types to appear anywhere in patterns.

Alex Buckley, specification lead for the Java language and the Java Virtual Machine at Oracle, has introduced JEP Draft 8300684, Preview Features: A Look Back, and A Look Ahead. This draft proposes to review the preview process that was introduced as JEP 12, Preview Features, for potential continuous improvement of the process.

Wei-Jun Wang, principal member of the technical staff at Oracle, has introduced JEP Draft 8301034, Key Encapsulation Mechanism API, a feature JEP that proposes to: satisfy implementations of standard Key Encapsulation Mechanism (KEM) algorithms; satisfy use cases of KEM by higher level security protocols; and allow service providers to plug-in Java or native implementations of KEM algorithms.

Archie Cobbs, founder and CEO at PatientEXP, has introduced JEP Draft 8300786, No longer require super() and this() to appear first in a constructor. This draft, also under the auspices of Project Amber, proposes to: allow statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors.

JDK 20

As per the JDK 20 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, formally declared that JDK 20 has entered Rampdown Phase Two to signal continued stabilization for the GA release in March 2023. Critical bugs, such as regressions or serious functionality issues, may be addressed, but must be approved via the Fix-Request process.

The final set of six (6) features in JDK 20 will include:

Build 33 of the JDK 20 early-access builds was made available this past week, featuring updates from Build 32 that include fixes to various issues. More details on this build may be found in the release notes.

JDK 21

Build 7 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 6 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 20 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

GraalVM

Oracle has released the Community Edition of GraalVM 22.3.1 that aligns with the January 2023 edition of the Oracle Critical Patch Update Advisory. This release includes the updated versions of OpenJDK 19.0.2, 17.0.6 and 11.0.18, and Node.js 16.18.1. More details on this release may be found in the release notes.

TornadoVM

TornadoVM, an open-source software technology company, has released TornadoVM version 0.15 that ships with a new TornadoVM API with improvements such as: rename the TaskSchedule class to TaskGraph; and new classes, ImmutableTaskGraph and TornadoExecutionPlan, to optimize an execution plan for running a set of immutable task graphs. This release also includes an improved TornadoVM installer for Linux, an improved TornadoVM launch script with optional parameters and a new website for documentation.

Juan Fumero, research associate, Advanced Processor Technologies Research Group at The University of Manchester, introduced TornadoVM at QCon London in March 2020 and has since contributed this more recent InfoQ technical article.

Spring Framework

The release of Spring Cloud Azure 5.0 delivers: support for Spring Boot 3.0 and Spring Cloud 2022.0.0; improved security with passwordless connections; and redesigned Spring Cloud Azure documentation with improved scenarios. This version also includes upgrades to some of the deprecated APIs.

Versions 3.0.0 and 2.1.6 of Spring Shell have been released featuring compatibility with Spring Boot 3.0.2 and 2.7.8, respectively, along with backported bug fixes and improved handling of position arguments and collection types. More details on these releases may be found in the release notes for version 3.0.0 and version 2.1.6.

Spring Cloud 2022.0.1, codenamed Kilburn, has been released that ships with corresponding point releases of Spring Cloud sub-projects such as Spring Cloud Function, Spring Cloud Commons and Spring Cloud Gateway. This release is compatible with Spring Boot 3.0.2. More details on this release may be found in the release notes.

Quarkus

The release of Quarkus 2.16.0.Final delivers new features such as: support for time series operations and data preloading in the Redis extension; support for custom exception handling and xDS in the gRPC extension; improved configuration flexibility for the Cache extension; and several security-related improvements focused on improving the developer experience. More details on this release may be found in the changelog.

The third alpha release of Quarkus 3.0.0 features a third iteration of their Jakarta EE 10 stream that includes: the collective improvements of versions 2.15.0.Final, 2.15.1.Final, 2.15.2.Final, 2.15.3.Final and 2.16.0.Final; a migration to SmallRye Mutiny 2.0 and the Java Flow API; and a simplified handling of Kotlin by the Quarkus classloader designed to ease development on Kotlin-based Quarkus extensions. More details on this release may be found in the release notes.

Micronaut

The Micronaut Foundation has released Micronaut 3.8.3 featuring bug fixes and updates to modules: Micronaut OpenAPI and Micronaut Oracle Cloud. More details on this release may be found in the release notes.

JobRunr

After three milestone releases, version 6.0 of JobRunr, a utility to perform background processing in Java, has been released to the Java community. New functionality and improvements include: support for Spring Boot 3.0; Job Builders that provide a single API to configure all the aspects of a Job class via a builder pattern instead of using the @Job annotation; Job Labels such that jobs can be assigned labels that will be visible in the dashboard; allow for multiple instances of the JobScheduler class with different table prefixes inside one application; an update of all transitive dependencies; and improvements in performance and stability. More details on this release may be found in the release notes.

MicroStream

MicroStream has provided a version 8.0 preview of their Java-native object graph persistence layer. This second early-access release features: a move to JDK 11 with continued support for JDK 8; a read-only mode such that multiple processes can access the same storage; experimental implementations of ArrayList, HashMap and HashSet that are using a sharing mechanism; and improved integrations with Spring Boot and Quarkus.

Hibernate

The second release candidate of Hibernate ORM 6.2 implements a number of bug fixes based on Java community feedback from the first candidate release of Hibernate ORM 6.2. As a result, the SQL Abstract Syntax Tree, the ANTLR-based parser for their Hibernate Query Language, has been stabilized and the SQL MERGE command can now handle updates against optional tables.

Apache Software Foundation

Apache Tomcat 10.1.5 has been released with notable changes such as: correct a regression in the refactoring that replaced the use of the URL constructors; use the HTTP/2 error code, NO_ERROR, so that the client does not discard the response upon resetting an HTTP/2 stream; and change the default of the system property, GET_CLASSLOADER_USE_PRIVILEGED, to true unless the Expression Language library is running on Tomcat. More details on this release may be found in the changelog.

The release of Apache Groovy 4.0.8 delivers bug fixes and enhancements such as: improve the JaCoCo line code coverage of a Groovy assert statement; and introduce variants of the findAll() and findResults() methods to accept an optional collector argument. More details on this release may be found in the changelog.

Similarly, the release of Apache Groovy 2.5.21 ships with bug fixes and a dependency upgrade to ASM 9.4. More details on this release may be found in the changelog.

Maintaining alignment with Quarkus, version 2.16.0 of Camel Quarkus was released that aligns with Camel 3.20.1 and Quarkus 2.16.0.Final. It delivers support for four DSLs: JavaShell, Kotlin, Groovy and jOOR. More details on this release may be found in the release notes.

JDKMon

Version 17.0.45 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version fixes an issue with download dialogs.

Foojay.io at FOSDEM 2023

The Friends of OpenJDK, Foojay.io, a community platform for the Java ecosystem​, has announced that they will be hosting their own developer rooms at the upcoming FOSDEM 2023 conference scheduled for Saturday-Sunday, February 4-5, 2023.

FOSDEM, a two-day event organized by volunteers to promote the widespread use of free and open source software, will be providing a number of tracks and other developer rooms, AKA devrooms, hosted by other organizations and communities.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for January 16th, 2023, features news from JDK 20, JDK 21, Spring Cloud Gateway 4.0, Spring Boot 3.0.2 and 2.7.8, Spring Modulith 0.3, Liberica JDK versions 19.0.2, 17.0.6, 11.0.18 and 8u362, Payara Platform, Micronaut 3.8.2, WildFly 26.1.3, TomEE 8.0.14, first three milestone releases of Job Runr 6.0 and Gradle 8.0-RC2.

JDK 20

Build 32 of the JDK 20 early-access builds was made available this past week, featuring updates from Build 31 that include fixes to various issues. More details on this build may be found in the release notes.

JDK 21

Build 6 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 5 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 20 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

Spring Cloud Gateway 4.0 has been released featuring new filters that enhance caching, request headers and JSON processing.

The release of Spring Boot 3.0.2 delivers bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 6.0.4, Spring Data 2022.0.1, Apache Tomcat 10.1.5 and Micrometer 1.10.3. More details on this release may be found in the release notes.

Similarly, the release of Spring Boot 2.7.8 delivers bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.25, Spring Data 2021.2.7, Apache Tomcat 9.0.71 and ​​Micrometer 1.9.7. It is also important to note that the coordinates of the MySQL JDBC driver has changed from mysql:mysql-connector-java to com.mysql:mysql-connector-j. More details on this release may be found in the release notes.

Spring Modulith 0.3 has been released with new features such as: instances of the PublishedEvents interface may now see events published from asynchronous event listeners; a new dedicated interface, ApplicationModuleInitializer, to be executed on application startup to demarcate components in modules-specific order; and allow information exposed by the JSON actuator to be statically rendered. More details on this release may be found in the release notes.

BellSoft

BellSoft has released a Critical Patch Update (CPU) for versions 17.0.5.0.1, 11.0.17.0.1 and 8u361 of Liberica JDK, their downstream distribution of OpenJDK. CPU releases include patches for Common Vulnerabilities and Exposures (CVE). In addition, a Patch Set Update (PSU) for versions 19.0.2, 17.0.6, 11.0.18 and 8u362 of Liberica JDK, containing non-critical fixes and general improvements, was also made available. Overall, this release features 778 bug fixes and backports of which 24 issues were addressed by BellSoft.

Payara

Payara has released their January 2023 edition of the Payara Platform that includes Community Edition 6.2023.1 and Enterprise Edition 5.47.0.

The Community Edition delivers bug fixes, component upgrades, and the ability to use an environment variable when using the create-connector-connection-pool command with the asadmin utility. More details on this release may be found in the release notes.

Similarly, the Enterprise Edition delivers bug fixes, component upgrades and improvements such as: the ability to use an environment variable when using the create-connector-connection-pool command with the asadmin utility; Java Native Access (JNA) is now compatible on Apple Silicon chips; and the Start-Up, Post-Boot, Deployment and Post-Start-Up phases have been streamlined for consistent behavior. More details on this release may be found in the release notes.

For both editions, an upgrade to OpenSSL 1.1.1q provides a security fix in Payara Docker images.

Micronaut

The Micronaut Foundation has released Micronaut 3.8.2 featuring bug fixes and updates to modules: Micronaut Security 3.9.2, Micronaut Views 3.8.1, Micronaut Micrometer 4.7.1, and Micronaut Servlet 3.3.5. More details on this release may be found in the release notes.

WildFly

WildFly 26.1.3 is a maintenance release that addresses CVE-2022-46364, a vulnerability in which a Server-Side Request Forgery (SSRF) attack is possible from parsing the href attribute of XOP:Include in Message Transmission Optimization Mechanism (MTOM) requests. Dependency upgrades include: Jackson Databind 2.12.7.1, Apache CXF 3.4.10 and Eclipse Implementation of Jakarta XML Binding 2.3.3. More details on this release may be found in the release notes.

TomEE

TomEE 8.014 has been released featuring bug fixes and dependency upgrades such as: Hibernate 5.6.14, Tomcat 9.0.71, Apache CXF 3.4.10 and HSQLDB 2.7.1. More details on this release may be found in the release notes.

JobRunr

Three milestone releases of JobRunr 6.0 were made available this past week.

The first milestone release features new functionality and improvements such as: Job Builders that provide a single API to configure all the aspects of a Job class via a builder instead of using the @Job annotation; Job Labels such that jobs can be assigned labels that will be visible in the dashboard; support for Spring Boot 3.0; and improvements in stability.

The second milestone release allows for multiple instances of the JobScheduler class with different table prefixes inside one application and an update of all transitive dependencies.

The third milestone release provides a bug fix related to Amazon DocumentDB.

Gradle

The second release candidate of Gradle 8.0.0 features improvements to the Kotlin DSL and buildSrc, the latter of which will now behave more like included builds, such as running buildSrc tasks directly, skipping tests, having init tasks and including other builds with buildSrc. There were also performance improvements with enhancements to the configuration cache such as loading tasks from the cache entry and running tasks as isolated and in parallel. More details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for January 9th, 2023, features news from JDK 20, JDK 21, Spring Framework 6.0.4 and 5.3.25, Spring Data 2022.0.1 and 2021.2.7, Spring Shell 2.1.5 and 3.0.0-RC1, MicroProfile 6.0, Quarkus 2.15.3, Micronaut 3.8.1, Micrometer Metrics 1.10.3, Micrometer Tracing 1.0.1, Project Reactor 2022.0.2, Piranha 23.1.0, Apache Tomcat 9.0.71, JHipster Lite 0.26.0 and Kotlin 1.8.0.

JDK 20

Build 31 of the JDK 20 early-access builds was made available this past week, featuring updates from Build 30 that include fixes to various issues. More details on this build may be found in the release notes.

JDK 21

Build 5 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 3 that include fixes to various issues.

For JDK 20 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

The release of Spring Framework 6.0.4 delivers new features such as: Kotlin DSL support for the MockMvc class and the andExpectAll() method defined in the ResultActions interface; a new ExecutingResponseCreator class to delegate request and response; compatibility with Hibernate ORM 6.2; and native support for the @Convert annotation on JPA entities. This version will be included in the upcoming release of Spring Boot 3.0.2. More details on this release may be found in the release notes.

The release of Spring Framework 5.3.25 ships with new features such as: optimize object creation in the handleNoMatch() method defined in the RequestMappingHandlerMapping class; and add a title to factory methods of the SockJSFrame class for accessibility compliance. This version will be included in the upcoming release of Spring Boot 2.7.8. More details on this release may be found in the release notes.

Spring Data 2022.0.1 and 2021.2.7 have been released featuring mostly bug fixes and dependency upgrades to sub-projects such as: Spring Data MongoDB versions 4.0.1 and 3.4.7; Spring Data Neo4j versions 7.0.1 and 6.3.7; and Spring Data Elasticsearch 5.0.1 and 4.4.7. These releases will be consumed by upcoming releases of Spring Boot.

Versions 2.1.5 and 3.0.0-RC1 of Spring Shell have been released. Version 2.1.5 features an upgrade to Spring Boot 2.7.7 and a backport of some recent bug fixes. Version 3.0.0-RC1 features: an upgrade to Spring Boot 3.0.1; a better model of defining error handling with annotations; the CommandParser interface now reports errors for unrecognized options; and the CommandRegistration.Builder interface now has a shared configurable instance. More details on these releases may be found in release notes for version 2.1.5 and version 3.0.0-RC1.

MicroProfile

The MicroProfile Working Group has released MicroProfile 6.0 featuring alignment with Jakarta EE 10 and a new specification, Telemetry 1.0, that replaces the original Open Tracing specification. Updated specifications provided in this version are: Metrics 5.0, JWT Authentication 2.1, Open API 3.1, Reactive Messaging 3.0 and Reactive Streams Operators 3.0. The Open Tracing 3.0 specification, having been placed in the set of standalone specifications, is still available to developers. The Jakarta EE Core Profile, new for Jakarta EE 10 and now included in MicroProfile, contains the historical JSR- and Jakarta EE-based specifications, namely CDI, JAX-RS, JSON-P and JSON-B. More details on this release may be found in the release notes and InfoQ will follow up with a more detailed news story.

Quarkus

Red Hat has released Quarkus 2.15.3.Final that delivers bug fixes and enhancements such as: ensure proper operation with the Kotlin implementation of the QuarkusApplication interface; introduce a JSON Stream parser for the Reactive REST Client; the ability to automatically enable/disable GraphQL Federation; and throw an IllegalStateException with basic information about the provider that failed to provide a resource. More details on this release may be found in the changelog.

Micronaut

The Micronaut Foundation has released Micronaut 3.8.1 featuring bug fixes, updates in testing and dependency upgrades to modules: Micronaut Servlet 3.3.3, Micronaut Data 3.9.4 and Micronaut AWS 3.10.5. More details on this release may be found in the release notes.

Micrometer

The release of Micrometer Metrics 1.10.3 delivers bug fixes and a number of dependency upgrades such as: Dropwizard Metrics 4.1.35, Gradle Enterprise Gradle Plugin 3.12, Reactor 2020.0.26, Reactor Netty 1.0.26 and AWS Cloudwatch SDK 2.18.41.

Similarly, the release of Micrometer Tracing 1.0.1 ships with bug fixes and a number of dependency upgrades such as: Gradle Wrapper 7.6, Testcontainers 1.17.6, Mockito 4.11.0 and Micrometer BOM 1.10.3.

Project Reactor

Project Reactor 2022.0.2, a second maintenance release, provides dependency upgrades to reactor-core 3.5.2 and reactor-netty 1.1.2.

Piranha

Piranha 23.1.0 has been released. Along with the many bug fixes, this latest release delivers new features such as: integrate Eclipse Exousia 1.0.0, the compatible implementation of Jakarta Authorization, and MicroProfile Config; split the Jakarta Security module; add support for login configuration to SecurityManager API; and mark FileAuthenticationFilter as asynchronous. More details on this release may be found in their documentation and issue tracker.

Apache Software Foundation

Apache Tomcat 9.0.71 has been released with notable changes such as: correct a regression in the refactoring that replaced the use of the URL constructors; use the HTTP/2 error code, NO_ERROR, so that the client does not discard the response upon resetting an HTTP/2 stream; and change the default of the system property, GET_CLASSLOADER_USE_PRIVILEGED, to true unless the Expression Language library is running on Tomcat. More details on this release may be found in the changelog.

JHipster

JHipster Lite 0.26.0 has been released featuring a number of bug fixes and enhancements such as: a new annotation, @ExcludeFromGeneratedCodeCoverage, to replace the existing @Generated annotation in places where it was explicitly added to skip a code coverage check; a refactored generate.sh script for Spring Boot; and add git information for generated Spring Boot applications.

Kotlin

JetBrains has released Kotlin 1.8.0 featuring: new experimental functions for JVM to recursively copy or delete directory content; improved performance in the kotlin-reflect artifact; compatibility with Gradle 7.3; and a new -Xdebug compiler option for a better debugging experience. More details on this release may be found in the what’s new page.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for January 2nd, 2023, features news from JDK 20, JDK 21, Ideal Graph Visualizer open-sourced, Spring Tools 4.17.1, Open Liberty 23.0.0.1, Quarkus 2.15.2, Quarkus OpenAPI Generator 2.0, Apache Tomcat CVE, Apache TomEE certification, Apache James 3.7.3, Apache Camel 3.20.1, MyFaces Core 4.0-RC3, Ktor 2.2.2, JHipster Lite 0.25, JobRunr 5.3.3, SourceBuddy 2.1, CircleCI CVE.

By Michael Redlich

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for December 19th, 2022 features news from OpenJDK, JDK 20, JDK 21, Spring Cloud 2022.0.0, point releases for other Spring projects, Open Liberty 22.0.0.13, Quarkus 2.15.1, Micronaut 3.7.5, Helidon 3.1.0, Hibernate 6.2.CR1, Eclipse Vert.x 4.3.7, point releases for Groovy, Camel 3.20, MicroStream joins Eclipse, Kotlin 1.8-RC2, and introducing SourceBuddy, Jarviz and Just.

OpenJDK

Ioi Lam, consulting member of technical staff at Oracle, has proposed improved support for archived Java heap objects in class data sharing (CDS) because Project Leyden will, more-than-likely, make extensive use of archived Java heap objects.

Due to a number of defined limitations in the G1, SerialGC and ParallelGC garbage collection algorithms related to CDS, the goals in this proposal are: uniform support of CDS for all collectors; and minimize the code needed for each collector to support CDS.

Recently submitted and subsequently updated issues already related to proposal are:

InfoQ will monitor progress on this proposal.

JDK 20

Build 29 of the JDK 20 early-access builds was made available this past week, featuring updates from Build 28 that include fixes to various issues. More details on this build may be found in the release notes.

JDK 21

Build 3 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 2 that include fixes to various issues.

For JDK 20 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

The release of Spring Cloud 2022.0.0, codenamed Kilburn, delivers GA updates to Spring Cloud sub-projects such as: Spring Cloud OpenFeign 4.0.0, Spring Cloud Commons 4.0.0, Spring Cloud Function 4.0.0 and Spring Cloud Starter Build 2022.0.0. There are, however, breaking changes with the removal of sub-projects: Spring Cloud CLI, Spring Cloud for Cloud Foundry and Spring Cloud Sleuth. Spring Cloud 2022.0.0 builds upon Spring Framework 6.x and Spring Boot 3.x and includes compatibility with Jakarta EE and requires a Java 17 baseline. Further details on this release may be found in the release notes and InfoQ will follow up with a more detailed news story.

Versions 6.0.1, 5.8.1, 5.7.6 and 5.6.10 of Spring Security have been released featuring bug fixes and improvements in documentation. In all four releases, the deprecated set-state and set-output commands defined in GitHub Actions have been replaced, presumably with the recommended $GITHUB_STATE and $GITHUB_OUTPUT environment files. More details on these releases may be found in the release notes for version 6.0.1, version 5.8.1, version 5.7.6 and version 5.6.10.

Spring Boot 3.0.1 has been released featuring 54 bug fixes, improvements in documentation and dependency upgrades such as: Spring Security 6.0.1, Spring Integration 6.0.1, Reactor 2022.0.1, Tomcat 10.1.4 and Jetty 11.0.13. Further details on this release may be found in the release notes.

Spring Boot 2.7.7 has also been released featuring 24 bug fixes, improvements in documentation and dependency upgrades such as: Spring Security 5.7.6, Spring Integration 5.5.16, Reactor 2020.0.26, Tomcat 9.0.70 and Jetty 9.4.50.v20221201. More details on this release may be found in the release notes.

The release of Spring for GraphQL 1.1.1 ships with new features such as: new builder customizers to customize the QuerydslDataFetcher and QueryByExampleDataFetcher repository classes by allowing these repositories to implement customizer interfaces; and relaxing the generic type check in @Argument Map as it was determined that this was too strict. There were also dependency upgrades to: Micrometer 1.10.2, Reactor 2022.0.1, Spring Framework 6.0.3 and Spring Security 6.0.1. Further details on this release may be found in the release notes.

Spring Modulith 0.2 has been released that delivers: a new @ApplicationModuleListener annotation to ease the declaration of asynchronous, transactional event listeners that run in a transaction; the application module dependency structure is now also exposed as Spring Boot actuator; and the Postgres event publication registry schema now follows Postgres best practices. More details on this release may be found in the release notes.

Open Liberty

IBM has released Open Liberty 22.0.0.13 featuring: the ability to configure the maximum age of their First Failure Data Capture (FFDC) application data collection system; and fixes for CVE-2022-3509 and CVE-2022-3171, both of which have parsing issues with text data and binary data, respectively, in the Protocol Buffers Java core and lite versions prior to 3.21.7, 3.20.3, 3.19.6 and 3.16.3 that can lead to a denial of service attack.

Quarkus

Red Hat has released Quarkus 2.15.1.Final that ships with bug fixes, improvements in documentation and dependency upgrades to Vert.x 4.3.6, Infinispan 14.0.3.Final, Dekorate 3.1.3 and mongo-client.version 4.8.1. Further details on this release may be found in the changelog.

Micronaut

The Micronaut Foundation has released Micronaut 3.7.5 featuring bug fixes and improvements such as: a change in the resulting Health status output from “Health monitor failed check with status {}” to “Health monitor check with status {}” since Health status only reports UP or DOWN; and an instance of the TextStreamCodec class now requires a bean of type ByteBufferFactory to fix a loading issue. More details on this release may be found in the release notes.

Helidon

Oracle has released Helidon 3.1.0 featuring: new Exponential and Fibonacci strategies defined in the Retry interface; support for the MicroProfile Config specification via a new MPConfigSourceProvider interface; a new relativeUris property in the OidcConfig class to allow an OIDC web client to use a relative path on the request URI; and dependency upgrades such as GraalVM 22.3.0, Netty 4.1.86.Final and PostgreSQL JDBC driver 42.4.3.

Hibernate

The first release candidate of Hibernate ORM 6.2 provides: support for Java records, mapping composite/struct types, and the Jakarta Persistence 3.1 specification; UUID support for MariaDB 10.7 and SQL Server 2008; allow the @SqlInsert, @SqlUpdate, @SqlDelete annotations to refer to a SecondaryTable class; and a new @PartitionKey annotation to identify a field of an entity that holds the partition key of a table.

Eclipse Vert.x

In response to a number of reported bugs found in version 4.3.6, Eclipse Vert.x 4.3.7 has been released featuring a dependency upgrade to Netty 4.1.86 to address CVE-2022-41881, HAProxyMessageDecoder Stack Exhaustion DoS, and CVE-2022-41915, HTTP Response Splitting from Assigning Header Value Iterator. Further details on this release may be found in the release notes.

Apache Software Foundation

A maintenance release of Apache Groovy 3.0.14 features bug fixes, dependency upgrades and two improvements: the static type checker does not recognize closure input parameter when implementing an interface with a map; and the evaluateExpression() method defined in the StaticTypeCheckingSupport class can now provide lightweight evaluation for simple expressions. More details on this release may be found in the release notes.

Apache Groovy 2.5.20, also a maintenance release, features bug fixes, dependency upgrades and the same type checker improvement as described in version 3.0.14. Further details on this release may be found in the release notes.

The release of Apache Camel 3.20.0 delivers over 200 bug fixes, improvements, dependency upgrades and new features such as: provide completion for positional file path parameters (camel-jbang component); added support for Event Resources (camel-kubernetes component); provide a prefixId to the route model such that generated IDs of the route is prefixed (camel-core component); and a new camel-etcd component. More details on this release may be found in the release notes.

MicroStream

MicroStream has announced that they have joined the Eclipse Foundation as a member. With MicroStream already integrated with Helidon and Micronaut, their goal is to closely collaborate with the Eclipse community and actively contribute to Eclipse projects. InfoQ will follow up with a more detailed news story.

Kotlin

The second releases candidate of Kotlin 1.8.0 delivers fixes such as: an IllegalStateException upon reading a class that delegates to a Java class with a definitely non-nullable type with a flexible upper bound; an argument for the UseSerializers class does not implement an instance of the KSerializer interface or does not provide serializer for a concrete type; and no mapping for symbol, VALUE_PARAMETER SCRIPT_IMPLICIT_RECEIVER, on the JVM IR backend.

SourceBuddy

SourceBuddy, a new utility that compiles Java source code dynamically created in a Java application, was introduced by Peter Verhas, architect at EPAM Systems, this past week and has also quickly released version 2.0 featuring: a major restructuring of the class loading structure; hidden and non-hidden classes may now be mixed; and removal of the loadHidden() method in favor of the hidden() method for each added source separately. As the latter feature is a breaking change, it was necessary to provide a major release within the short timeframe. InfoQ will follow up with a more detailed news story.

Jarviz

Jarviz, a new JAR file analyzer utility, has been introduced by Andres Almiray to the Java community. Version 0.1.0 delivers: GAV support to resolve JARs; streamline manifest commands; and resolve the output directory before invoking URL-based processors. Further details on this release may be found in the release notes and InfoQ will follow up with a more detailed news story.

Just

Just, a command Line toolkit for developing Spring Boot applications, was introduced by Maciej Walkowiak, freelance architect & developer, earlier this month. Version 0.12.0, released this past week, features: a significant improvement to the just kill command such that it stops/kills a running Docker container, instead of killing the Docker process, when it learns that there is a Docker container running on a chosen port; two new configuration properties, just.build.extra-args and just.build.maven.profiles, for the just build command to simplify the build configuration; and the value, SPRING_BOOT, can be set to the just.framework property if the framework autodetection fails. InfoQ will follow up with a more detailed news story.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for December 12th, 2022 features news from OpenJDK, JDK 20, JDK 21, GlassFish 7.0, Spring Framework 6.0.3, Spring Cloud Data Flow 2.10 Spring for Apache Pulsar 0.1, Payara Platform, Quarkus 2.15, WildFly 27.0.1, Helidon 2.5.5, Piranha Cloud 22.12, NetBeans 16, Apache Camel, 3.14.7, JobRunr 5.3.2, JDKMon 17.0.43, Reactor 2022.0.1, JHipster Lite 0.24 and Ktor 2023 roadmap.

OpenJDK

Doug Simon, research director at Oracle has proposed the creation of a new project, named Galahan, with a primary goal to contribute Java-related GraalVM technologies to the OpenJDK Community and prepare them for possible incubation in a JDK main-line release. More details may be found in this more detailed InfoQ news story.

JDK 20

Build 28 of the JDK 20 early-access builds was made available this past week, featuring updates from Build 26 that include fixes to various issues. Further details on this build may be found in the release notes.

JDK 21

Build 2 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 1 that include fixes to various issues. More details on this build may be found in the release updates.

For JDK 20 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

GlassFish

The Eclipse Foundation has released GlassFish 7.0 delivering support for the MicroProfile Config, MicroProfile JWT Propagation and Jakarta MVC 2.0 specifications. Other new features include: implementation of new Jakarta Authentication methods; update the Jakarta Standard Tag Library API and corresponding implementation to version 3.0; an update to the JSON components; and allow for tuning of the interval for monitoring concurrent tasks. GlassFish 7.0 is a compatible implementation of Jakarta EE 10 that requires JDK 11 as a minimal version, but also works on JDK 17.

Spring Framework

Spring Framework 6.0.3 has been released delivering bug fixes, improvements in documentation and new features such as: additional constructors in the MockClientHttpRequest and MockClientHttpResponse classes to align the mocks with the test fixtures; improve options to expose formatted errors in the MessageSource interface for a ProblemDetail response; and optimize object creation in the handleNoMatch() method defined in the RequestMappingHandlerMapping class. Further details on this release may be found in the release notes.

Spring Cloud Data Flow 2.10.0 has been released featuring dependency upgrades to Spring Boot 2.7.6, Spring Framework 5.3.24, Spring Cloud 2021.0.5 and Spring Shell 2.1.4. Also included in this release are scripts for: creating containers when running on an ARM platform; and the ability to launch a local Kuberenetes cluster and install Spring Cloud Data Flow with MariaDB and RabbitMQ or Kafka. More details on this release may be found in the release notes.

The first minor release of Spring for Apache Pulsar 0.1.0 features support for Reactive and GraalVM Native Image. Further details on this release may be found in the release notes.

Payara

Payara has released their December 2022 edition of the Payara Platform that includes Community Edition 6.2022.2, Community Edition 5.2022.5 and Enterprise Edition 5.46.0.

Payara 6 Community Edition provides bug fixes, security fixes, improvements and component upgrades such as: Jackson 2.13.4, Eclipse Payara Transformer 0.2.9, Felix Web Console 4.8.4 and OSGi Util Function 1.2.0. More details on this release may be found in the release notes.

Payara 5 Community Edition, the final release in the Payara 5 release train, provides bug fixes, security fixes, improvements and component upgrades such as: EclipseLink 2.7.11, MicroProfile JWT Propagation 1.2.2, Yasson 1.0.11 and JBoss Logging 3.4.3.Final. Further details on this release may be found in the release notes.

Payara 6 Edition provides bug fixes, security fixes and component upgrades such as: MicroProfile Config 2.0.1, MicroProfile Metrics 3.0.1, Hibernate Validator 6.2.5.Final and Weld 3.1.9.Final. More details on this release may be found in the release notes.

For all three editions, the security fixes are: an upgrade to Apache Commons Byte Code Engineering Library (BCEL) 6.6.1 that addresses CVE-2022-42920, Apache Commons BCEL Vulnerable to Out-of-Bounds Write, a vulnerability in which changing specific class characteristics may provide an attacker more control over the resulting bytecode than otherwise expected; and authorization constraints that were ignored when using a ./ path traversal after the Java Authorization Contract for Containers (JACC) authentication check had already occurred.

Quarkus

Red Hat has released Quarkus 2.15.0.Final that ships new features such as: support for AWS Lambda SnapStart; move gRPC extension to a new Vert.x gRPC implementation; support for Apollo Federation in SmallRye GraphQL; support for continuous testing in the CLI test command; add @ClientQueryParam annotation to Reactive REST Client; and use of the -XX:ArchiveClassesAtExit command line argument that simplifies the process of generating the AppCDS creation in JDK 17+. Further details on this release may be found in the changelog.

WildFly

Red Hat has also released Wildfly 27.0.1 featuring bug fixes and component upgrades such as: WildFly Core 19.0.1.Final, Bootable JAR 8.1.0.Final and RESTEasy Spring 3.0.0.Final. There were also upgrades to: Woodstox 6.4.0 that resolves CVE-2022-40152, a vulnerability in which a Denial of Service (DoS) attack is possible from parsing XML data if DTD is enabled; and Apache CXF 3.5.2-jbossorg-4 that resolves CVE-2022-46364, a vulnerability in which a Server-Side Request Forgery (SSRF) attack is possible from parsing the href attribute of XOP:Include in Message Transmission Optimization Mechanism (MTOM) requests.

New WildFly Source to Image (S2I) and runtime multi-arch images, designed for linux/arm64 and linux/amd64, were given a different naming convention that the regular WildFly images for improved handling of multiple versions of the JDK and to better align with tags used in the centos7 Docker images built on Eclipse Temurin. The new image names are:

• quay.io/wildfly/wildfly-runtime: (runtime image)
• quay.io/wildfly/wildfly-s2i: (S2I builder image)

It is important to note that the previous WildFly images are now deprecated and will no longer be updated.

Helidon

Oracle has released Helidon 2.5.5 that ships with bug fixes and improvements such as: media support methods with Supplier variants in the WebServer.Builder class; additional strategies defined in the @Retry annotation; use Hamcrest assertions instead of JUnit in the Config component; and provide support for MicroProfile Config in the application.yaml file.

Piranha

Piranha 22.12.0 has been released. Dubbed the “Welcome Spring Boot” edition for December 2022, this new release includes: add setting of HTTP server implementation, and port and contextPath variables for Spring Boot starter; and TCK fixes by upgrading to Jakarta Servlet 6.0.1. More details on this release may be found in their documentation and issue tracker.

Apache Software Foundation

The release of Apache NetBeans 16 delivers many improvements that support Gradle, Maven, Java, Groovy and C++, VS Code Extension and Language Server Protocol. Other new features in the editor and user interface include: fixes for when IllegalArgumentException and NullPointerException are thrown; improvements in support for YAML, Docker, TOML and ANTLR; and the ability to load custom FlatLaf properties from user configuration. Further details on this release may be found in the release notes.

Apache Camel 3.14.7 has been released featuring bug fixes and improvements to the camel-hdfs, camel-report-maven-plugin, camel-sql and camel-ldap modules. More details on this release may be found in the release notes.

The Apache Software Foundation has announced the end of life for Apache Tomcat 8.5.x scheduled for March 31, 2024. This means that after that date: releases from the 8.5 branch are highly unlikely; bugs affecting only the 8.5 branch will not be addressed; and security vulnerability reports will not be checked against the 8.5 branch. Then, after June 30, 2024: the 8.5 download pages will be removed; the latest 8.5 release will be removed from the CDN; the 8.5 branch will be made read-only; links to the 8.5 documentation will be removed from the Apache Tomcat website; and the bugzilla project for 8.5 will be made read-only.

JobRunr

JobRunr 5.3.2 has been released featuring: better handling of deadlocks in MySQL and MariaDB; a bug fix with serialization when using JSONB; and a bug fix when JobRunr is used in a shared cloud environment (e.g., Amazon ECS) and the JVM halts completely due to shifting the CPU to other processes.

JDKMon

Version 17.0.43 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version ships with an updated scanning for vulnerabilities of GraalVM and JavaSE.

Project Reactor

The first maintenance release of Project Reactor 2022.0.1 provides dependency upgrades to reactor-core 3.5.1, reactor-netty 1.1.1, reactor-kafka 1.3.15 and reactor-kotlin-extensions 1.2.1.

JHipster

JHipster Lite 0.24.0 has been released featuring: bean validation error handler in Spring Boot; a Java module to add the Enums class in applications; and add JHipster Lite error messages.

JetBrains

JetBrains has published a 2023 roadmap for Ktor, the asynchronous framework for creating microservices and web applications. Developers can expect: a version 3.0; a new simplified routing API; a migration to Tomcat 11, Jetty 11 and an upgrade to Apache HttpClient 5; and an extraction of the IO functionality into a separate library.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for November 28th, 2022 features news from OpenJDK, JDK 20, JavaFX 20, Spring Integration 6.0, Spring Vault 3.0, Spring Cloud 2022.0.0-RC3, AWS introduces Lambda SnapStart, Quarkus 2.14.2, 2.13.5 and 2.15.0.CR1, Apache Camel 3.18.4 and progress on JHipster upgrade to Spring Boot 3.0.

OpenJDK

JEP 432, Record Patterns (Second Preview), was promoted from Proposed to Target to Targeted status for JDK 20. This JEP updates since JEP 405, Record Patterns (Preview), to include: added support for inference of type arguments of generic record patterns; added support for record patterns to appear in the header of an enhanced for statement; and remove support for named record patterns.

JEP 433, Pattern Matching for switch (Fourth Preview), was promoted from Proposed to Target to Targeted status for JDK 20. This JEP updates since JEP 427, Pattern Matching for switch (Third Preview), to include: a simplified grammar for switch labels; and inference of type arguments for generic type patterns and record patterns is now supported in switch expressions and statements along with the other constructs that support patterns.

JEP 434, Foreign Function & Memory API (Second Preview), was promoted from Proposed to Target to Targeted status for JDK 20. This JEP, under the auspices of Project Panama, evolves: JEP 424, Foreign Function & Memory API (Preview), delivered in JDK 19; JEP 419, Foreign Function & Memory API (Second Incubator), delivered in JDK 18; and JEP 412, Foreign Function & Memory API (Incubator), delivered in JDK 17. It proposes to incorporate refinements based on feedback and to provide a second preview in JDK 20. Updates include: the MemorySegment and MemoryAddress interfaces are now unified, i.e., memory addresses are modeled by zero-length memory segments; and the sealed MemoryLayout interface has been enhanced to facilitate usage with JEP 427, Pattern Matching for switch (Third Preview).

JEP 429, Scoped Values (Incubator), was promoted from Candidate to Proposed to Target for JDK 20. This incubating JEP, formerly known as Extent-Local Variables (Incubator) and under the auspices of Project Loom, proposes to enable sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads.

JEP 436, Virtual Threads (Second Preview), was promoted from Candidate to Proposed to Target for JDK 20. This JEP, under the auspices of Project Loom, proposes a second preview from JEP 425, Virtual Threads (Preview), delivered in JDK 19, to allow time for additional feedback and experience for this feature to progress. It is important to note that no changes are within this preview except for a small number of APIs from JEP 425 that were made permanent in JDK 19 and, therefore, not proposed in this second preview.

JEP 437, Structured Concurrency (Second Incubator), was promoted from Candidate to Proposed to Target for JDK 20. This JEP, also under the auspices of Project Loom, proposes to reincubate this feature from JEP 428, Structured Concurrency (Incubator), delivered in JDK 19, to allow time for additional feedback and experience. The only change is an updated StructuredTaskScope class to support the inheritance of scoped values by threads created in a task scope. This streamlines the sharing of immutable data across threads.

The reviews for these three JEPs conclude on December 6, 2022.

JDK 20

Build 26 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 25 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 20, developers are encouraged to report bugs via the Java Bug Database.

JavaFX 20

Build 10 of the JavaFX 20 early-access builds was made available to the Java community. Designed to work with the JDK 20 early-access builds, JavaFX application developers may build and test their applications with JavaFX 20 on JDK 20.

Spring Framework

Spring Integration 6.0 has been released featuring: a JDK 17 and Jakarta EE 9 baseline; support for native images with GraalVM and Spring AOT engine; observability instrumentation with Micrometer and Micrometer Tracing; and support for Jakarta EE 10. Further details on this release may be found in the what’s new page.

Spring Vault 3.0 has been released featuring: a JDK 17 baseline; support for additional HTTP Clients, including the reactive JDK HTTP Client; and support for Vault Repositories using versioned Key/Value secrets engines. More details on this release may be found in the release notes.

The third release candidate of Spring Cloud 2022.0.0, codenamed Kilburn, has been made available to the Java community. This version provides updates to the RC3 versions of Spring Cloud sub-projects such as: Spring Cloud OpenFeign 4.0.0, Spring Cloud Commons 4.0.0, Spring Cloud Function 4.0.0 and Spring Cloud Starter Build 2022.0.0. There are, however, breaking changes with the removal of sub-projects: Spring Cloud CLI, Spring Cloud for Cloud Foundry and Spring Cloud Sleuth. Spring Cloud 2022.0.0-RC3 requires Spring Boot 3.0.0. Further details on this release may be found in the release notes.

Amazon Web Services

At the recent re:Invent conference, Amazon Web Services (AWS) introduced a new feature for their AWS Lambda project, Lambda SnapStart, designed to reduce the cold start for Java functions and to accelerate lambda functions. Support for Lambda SnapStart has already been implemented by Quarkus and Micronaut. More details may be found in this InfoQ news story and AWS blog post.

Quarkus

Red Hat has released versions 2.14.2 and 2.13.5 of Quarkus that primarily provide a fix for CVE-2022-4116, a vulnerability in the Dev UI Config Editor that is vulnerable to drive-by localhost attacks leading to remote code execution. This release also hardens handling of Cross-Origin Resource Sharing (CORS) to include changing 200 OK to 403 FORBIDDEN when a CORS request is rejected because of an invalid origin. Further details on these releases may be found in the release notes for version 2.14.2 and version 2.13.5.

On the road to Quarkus 2.15.0, the first release candidate was also made available that delivers new features such as: integration with Quarkus CRaC/Firecracker; a migration of the gRPC extension to the new Vert.x gRPC implementation; support for filtering by named queries in REST Data using the Panache extension; and dependency upgrades to GraalVM 22.3.0, Mandrel 2.13 and SmallRye GraphQL 1.9.0.

Apache Camel

Apache Camel 3.18.4 has been released featuring 27 bug fixes, improvements and dependency upgrades to Spring Boot 2.7.6 and HyperSQL DB 2.7.1. More details on this release may be found in the release notes.

JHipster

Over at JHipster, work has begun to upgrade the platform to Spring Boot 3.0. Matt Raible, developer advocate at Okta, Java Champion and member of the JHipster development team, provided an update on issues the team has encountered so far, namely: BlockHound needs a new entry for WebFlux; Health Check doesn’t work in Elasticsearch 8+; and MongoDB and WebFlux deadlocks with JUnit and MongoDB driver 4.2+. Further details on these issues may be found in this GitHub pull request.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for November 7th, 2022 features news from OpenJDK, JDK 20, OpenSSL CVEs, Build 20-loom+20-40, Spring Framework 6.0-RC4, Spring Boot 3.0-RC2, Spring Security 6.0-RC2, Spring Cloud 2021.0.5, WildFly 27, WildFly Bootable JAR 8.1, Quarkus 2.14.0 and 2.13.4, Project Reactor 2022.0, Micrometer Metrics 1.10 and Tracing 1.0, JHipster Lite 0.22.0 and Camel Quarkus 2.14 and 2.13.1.

OpenJDK

JEP 432, Record Patterns (Second Preview), was promoted from Candidate to Proposed to Target status for JDK 20. This JEP updates since JEP 405, Record Patterns (Preview), to include: added support for inference of type arguments of generic record patterns; added support for record patterns to appear in the header of an enhanced for statement; and remove support for named record patterns.

JEP 433, Pattern Matching for switch (Fourth Preview), was promoted from Candidate to Proposed to Target status for JDK 20. This JEP updates since JEP 427, Pattern Matching for switch (Third Preview), to include: a simplified grammar for switch labels; and inference of type arguments for generic type patterns and record patterns is now supported in switch expressions and statements along with the other constructs that support patterns.

The next step in a long history of addressing the inherently unsafe stop() and stop(Throwable) methods defined in the Thread and ThreadGroup classes , has been defined in JDK-8289610, Degrade Thread.stop. This proposes to degrade the stop() method in the Thread class to unconditionally throw an UnsupportedOperationException and deprecate the ThreadDeath class for removal. This will require updates to section 11.1.3 of the Java Language Specification and section 2.10 of the Java Virtual Machine Specification where asynchronous exceptions are defined.

JDK 20

Build 23 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 22 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 20, developers are encouraged to report bugs via the Java Bug Database.

OpenSSL

OpenSSL, a commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication project, has published two Common Vulnerabilities and Exposures (CVE) reports that affect OpenSSL versions 3.0.0 through 3.0.6 that may lead to a Denial of Service or Remote Code Execution.

CVE-2022-3602, X.509 Email Address 4-byte Buffer Overflow, would allow an attacker to use a specifically crafted email address that can overflow four bytes on the stack.

CVE-2022-3786, X.509 Email Address Variable Length Buffer Overflow, would allow an attacker to create a buffer overflow caused by a malicious email address abusing an arbitrary number of bytes containing the “.” character (decimal 46) on the stack.

BellSoft has reported that OpenJDK distributions, that include Liberica JDK, are not affected by these vulnerabilities as they use their own implementation of TLS. Developers are encouraged to upgrade to OpenSSL version 3.0.7.

Project Loom

Build 20-loom+20-40 of the Project Loom early-access builds was made available to the Java community and is based on Build 22 of JDK 20 early-access builds. This build also includes a snapshot of the ScopedValue API, currently being developed in JEP 429, Scoped Values (Incubator). It is important to note that JEP 429, originally named Extent-Local Variables (Incubator), was renamed in mid-October 2022.

Spring Framework

The fourth release candidate of Spring Framework 6.0.0 ships with new features such as: support for the Jakarta WebSocket 2.1 specification; introduce the DataFieldMaxValueIncrementer interface for SQL Server sequences; and introduce a variant of the findAllAnnotationsOnBean() method on the ListableBeanFactory interface for maintenance and potential reuse in retrieving annotations. There were also dependency upgrades to Micrometer 1.10.0, Micrometer Context Propagation 1.0.0 and Jackson 2.14.0. More details on this release may be found in the release notes.

The second release candidate of Spring Boot 3.0.0 features changes to /actuator endpoints and dependency upgrades to Jakarta EE specifications such as: Jakarta Persistence 3.1, Jakarta Servlet 6.0.0, Jakarta WebSocket 2.1, Jakarta Annotations 2.1, Jakarta JSON Binding 3.0, and Jakarta JSON Processing 2.1. Further details on this release may be found in the release notes.

The second release candidate of Spring Security 6.0.0 delivers: a new addFilter() method to the SpringTestContext class which allows a Spring Security test to specify a filter; the createDefaultAssertionValidator() method in the OpenSaml4AuthenticationProvider class should make it easier to add static parameters for the ValidationContext class; and numerous improvements in documentation. More details on this release may be found in the release notes.

Spring Cloud 2021.0.5, codenamed Jubilee, has been released featuring upgrades to the sub-projects such as: Spring Cloud Kubernetes 2.1.5, Spring Cloud Config 3.1.5, Spring Cloud Function 3.2.8, Spring Cloud Config 3.1.5 andSpring Cloud Openfeign 3.1.5. Further details on this release may be found in the release notes.

Red Hat

Red Hat has provided major and point releases to WildFly and Quarkus.

The release of WildFly 27 delivers support for Jakarta EE 10, MicroProfile 5.0, JDK 11 and JDK 17. There are also dependency upgrades to Hibernate ORM 6.1, Hibernate Search 6.1, Infinispan 14, JGroups 5.2, RESTEasy 6.2 and Weld 5. WildFly 27 is a compatible implementation for Jakarta EE 10 having passed the TCKs in the Platform, Web and Core profiles. Jakarta EE 8 and Jakarta EE 9.1 will no longer be supported. InfoQ will follow up with a more detailed news story.

WildFly Bootable JAR 8.1 has been released featuring support for JDK 11, examples having been upgraded to use Jakarta EE 10, and a remote dev-watch. More details on Bootable JAR may be found in the documentation.

Red Hat has released Quarkus 2.14.0.Final that ships with: support for Jandex 3, the class and annotation indexer; new Redis commands that support JSON, graph and probabilistic data structures; and caching annotations for Infinispan. Further details on this release may be found in the changelog.

Red Hat has also released Quarkus 2.13.4.Final featuring: a minimum version of GraalVM 22.3; dependency upgrades to JReleaser 1.3.0 and Mockito 4.8.1; and improvements such as support programmatic multipart/form-data responses. More details on this release may be found in the changelog.

On the road to Quarkus 3.0, Red Hat plans to support: Jakarta EE 10; MicroProfile 6.0; Hibernate ORM 6.0; HTTP/3; improved virtual threads and structured concurrency support based on their initial integration; a new gRPC server; and a revamped Dev UI. InfoQ will follow up with a more detailed news story.

Project Reactor

Project Reactor 2022.0.0 has been released featuring upgrades to subprojects: Reactor Core 3.5.0, Reactor Addons 3.5.0, Reactor Pool 1.0.0, Reactor Netty 1.1.0, Reactor Kafka 1.3.13 and Reactor Kotlin Extensions 1.2.0.

Micrometer

The release of Micrometer Metrics 1.10.0 features support for: Jetty 11; creating instances of the KeyValues class from any iterable; Kotlin Coroutines, allow for different metric prefixes in the StackdriverMeterRegistry class; and a message supplier in the WarnThenDebugLogger class to reduce String instance creation when the debug level is not enabled.

The release of Micrometer Tracing 1.0.0 features: establishing the Context Propagation library as a compile-time dependency to avoid explicitly having to define it in the classpath; support for RemoteServiceAddress in Sender/Receiver contexts; a handler that allows tracing data available for metrics; and setting an error status on an OpenTelemetery span when recording an exception.

JHipster Lite

JHipster Lite 0.22.0 has been released featuring an upgrade to Spring Boot 3.0, a new PostgreSQL dialect module; a refactor of the AsyncSpringLiquibaseTest class; fix the dependency declaration of the database drivers and developer tools; and remove the JPA properties that do not alter defaults.

Apache Software Foundation

Maintaining alignment with Quarkus, version 2.14.0 of Camel Quarkus was released that aligns with Camel 3.19.0 and Quarkus 2.14.0.Final. It delivers full support for new extensions, CloudEvents and Knative, and brings JVM support to the DSL Modeline. Further details on this release may be found in the list of issues.

Similarly, Camel Quarkus 2.13.1 was released that ships with Camel 3.18.3, Quarkus 2.13.3.Final and several bug fixes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for October 31st, 2022 features news from OpenJDK, JDK 20, JavaFX 20, GZC 20, Spring Framework milestone, point and release candidates, Payara Platform 6, Micronaut 3.7.3, MicroProfile 6.0-RC2, Hibernate ORM point releases, Apache TomEE 9.0-RC1, Apache Camel 3.18.3, GraalVM Native Build Tools 0.9.17, JReleaser 1.3.1, JobRunr 5.3.1, JDKMon 17.0.39 and J-Fall 2022.

OpenJDK

JEP 435, Asynchronous Stack Trace VM API, was promoted from its Draft 8284289 to Candidate status this past week. This HotSpot JEP, proposes to define a well-tested, efficient and reliable API to asynchronously collect stack traces and include information on both Java and native stack frames.

JDK 20

Build 22 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 21 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 20, developers are encouraged to report bugs via the Java Bug Database.

JavaFX 20

Build 6 and Build 5 of the JavaFX 20 early-access builds were made available to the Java community. Designed to work with the JDK 20 early-access builds, JavaFX application developers may build and test their applications with JavaFX 20 on JDK 20.

Generational ZGC

Build 20-genzgc+2-20 of the Generational ZGC early-access builds was also made available to the Java community and is based on an incomplete version of JDK 20.

Spring Framework

On the road to Spring Framework 6.0.0, the third release candidate was made available that delivers 22 bug fixes and improvements that include: support for @RequestPart arguments in the methods defined in the @HttpExchange annotation; introduce the SimpleValueStyler class for use with the ToStringCreator class; and provide AOT support for clients of the HttpServiceProxyFactory class. This is the last release candidate before the planned GA release in November 2022. More details on this release may be found in the release notes.

The second release candidate of Spring Data 2022.0.0, codenamed Turing, was made available featuring numerous bug fixes and a refined integration of observability through Micrometer for the Spring Data MongoDB, Spring Data Redis, and Spring Data for Apache Cassandra modules. All of the modules were also upgraded to their RC2 equivalents. Further details on this release may be found in the release notes.

Versions 5.7.5 and 5.6.9 of Spring Security have been released featuring fixes for: the AuthorizationFilter class incorrectly extending the OncePerRequestFilter class; and incorrect scope mapping. More details on this release may be found in the release notes for version 5.7.5 and version 5.6.9.

On the road to Spring Cloud 2022.0.0, the first release candidate was made available that ships with upgrades to the RC1 equivalents of all of the subprojects except Spring Cloud CLI, Spring Cloud for Cloud Foundry and Spring Cloud Sleuth which were removed from the release train. Further details on this release may be found in the release notes.

The first release candidate of Spring Authorization Server 1.0.0, was made available with new features that include: a requirement in which the @Configuration annotation in used in conjunction with the @EnableWebSecurity annotation; replace the loadContext() method with loadDeferredContext() method defined in the SecurityContextRepository interface; and merge enhancements from the 0.4 release train into main. More details on this release may be found in the release notes.

Similarly, the first release candidate of Spring Authorization Server 0.4.0 was made available featuring improvements to custom endpoints related to the OidcUserInfoEndpointFilter and OidcClientRegistration classes. Further details on this release may be found in the release notes.

On the road to Spring Modulith 0.1, the second milestone release delivers new features such as: the removal of the obsolete spring.factories property in the observability module; and ensuring that test autoconfiguration is ordered first. InfoQ will follow up with a more detailed news story on Spring Modulith that was introduced in late October 2022.

VMware has published three Common Vulnerabilities and Exposures (CVEs) this past week:

• CVE-2022-31691, Remote Code Execution via YAML editors in STS4 extensions for Eclipse and VSCode, a vulnerability reported for Spring Tools, would allow an attacker, under certain conditions, to potentially execute harmful remote code execution from within special YAML syntax.
• CVE-2022-31692, Authorization Rules Can Be Bypassed via Forward or Include Dispatcher Types in Spring Security, a vulnerability reported for Spring Security that affects the AuthorizationFilter class.
• CVE-2022-31690, Privilege Escalation in spring-security-oauth2-client, a vulnerability also reported for Spring Security, would allow an attacker, under certain conditions, to can modify a request initiated by the the browser to the authorization server which can lead to a privilege escalation on the subsequent approval.

Developers are encouraged to upgrade to Spring Tools 4.16.1 and Spring Security versions 5.7.5 and 5.6.9.

Payara

Payara has released their November 2022 edition of the Payara Platform that introduced Payara Community 6.2022.1 as the first stable release of Payara 6 Community and serves as a compatible implementation for the Jakarta EE 10 Platform, Web Profile and Core Profile. Payara 6 will now serve as the updated, current version of Payara Platform Community. More details on this release may be found in the release notes.

Payara Community 5.2022.4 is the second-to-last release in Payara 5 Community. Further details on this release may be found in the release notes.

Payara Enterprise 5.45.0 delivers five bug fixes, one security fix and two improvements. More details on this release may be found in the release notes.

All these new versions address a zero-day vulnerability in which attackers can explore the contents of the WEB-INF and META-INF folders if an application is deployed to the root context.

Micronaut

The Micronaut Foundation has released Micronaut 3.7.3 featuring bug fixes and patch releases of Micronaut Test Resources, Micronaut Servlet, Micronaut Security, Micronaut Kafka, and Micronaut Redis. There were also dependency upgrades to SnakeYAML 1.33 and Netty 4.1.84. Further details on this release may be found in the release notes.

MicroProfile

On the road to MicroProfile 6.0, the MicroProfile Working Group has provided the second release candidate of MicroProfile 6.0 that delivers updates to all the specifications. It is also important to note that the MicroProfile OpenTracing specification has been replaced with the new MicroProfile Telemetry specification. The anticipated GA release of MicroProfile 6.0 is expected by late-November/early-December 2022.

Hibernate

A particular pattern of code that triggers a severe performance penalty on large multi-core servers has been identified by the Red Hat performance team. Many libraries, including Hibernate ORM, have been affected. The release of Hibernate ORM 6.1.5.Final ships with some patches as an initial step in mitigating this issue. The Hibernate team claims that early tests are promising.

Hibernate ORM 5.6.13.Final has been released featuring bug fixes and enhancements such as the access modifier of the getOp() method defined in the SimpleExpression class was changed from protected to public to assist developers in migrating from the legacy Criteria API. There were also dependency upgrades to ByteBuddy 1.12.18 and Byteman 4.0.20.

Shortly after the release of Hibernate ORM 5.6.13, a critical regression was discovered in which a ClasscastException was thrown via a check for an implementation of the Managed interface rather than an implementation of the ManagedEntity interface. Hibernate ORM 5.6.14.Final has been released to address this issue.

Apache Software Foundation

The release of Apache TomEE 9.0.0-RC1 ships with full compatibility with MicroProfile 5.0 and dependency upgrades such as: Eclipse Mojarra 3.0.2, HSQLDB 2.7.1, Hibernate 6.1.4.Final, Log4J2 2.18.0, Tomcat 10.0.27 and Jackson 2.13.4. More details on this release may be found in the release notes.

Apache Camel 3.18.3 has been released featuring 52 bug fixes, improvements and dependency upgrades that include: Spring Boot 2.7.5, camel-hbase 2.5.0 and kamelets 0.9.0 in the camel-jbang module. Further details on this release may be found in the release notes.

GraalVM Native Build Tools

On the road to version 1.0, Oracle Labs has released version 0.9.17 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides improvements such as: a new requiredVersion property to check for a minimal version of GraalVM; and make the GraalVM installation check lazy. More details on this release may be found in the changelog.

JReleaser

Version 1.3.1 of JReleaser, a Java utility that streamlines creating project releases, has been released featuring a fix of the Nexus2 query status after close/release/drop operations were not reported if those remote operations failed. Further details on this release may be found in the release notes.

JobRunr

JobRunr 5.3.1 has been released featuring fixes for: JobRunr does not fail on null values for an instance of the MDC class; DB Migration is applied multiple times if the time to execute the first run takes an excessive amount of time; and inheritance in background jobs not always working.

JDKMon

Version 17.0.39 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version ships with a CVE detection tool for builds of GraalVM in which the CVEs are sorted by severity.

J-Fall Conference

J-Fall 2022, sponsored by the Nederlandse Java User Group (NLJUG), was held at the Pathé Ede in Ede, Netherlands this past week featuring speakers from the Java community who presented keynotes, technical sessions, workshops and hands-on labs.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for October 24th, 2022 features news from OpenJDK, JDK 20 release schedule, Build 20-loom+20-34, Spring Integration 6.0-RC1, Spring Tools 4.16.1, GraalVM 22.3, Open Liberty 22.0.0.11 and 22.0.0.12-beta, Eclipse Vert.x 3.9.14, Apache TomEE 8.0.13, JReleaser 1.3.0, Hibernate Search 5.11.11 and 5.10.13, PrimeFaces point releases, JDKMon 17.0.37 and EclipseCon 2022.

OpenJDK

JEP 434, Foreign Function & Memory API (Second Preview), was promoted from its Draft 8293649 to Candidate status this past week. This JEP, under the auspices of Project Panama, evolves: JEP 424, Foreign Function & Memory API (Preview), delivered in JDK 19; JEP 419, Foreign Function & Memory API (Second Incubator), delivered in JDK 18; and JEP 412, Foreign Function & Memory API (Incubator), delivered in JDK 17. It proposes to incorporate refinements based on feedback and to provide a second preview in JDK 20. Updates include: the MemorySegment and MemoryAddress interfaces are now unified, i.e., memory addresses are modeled by zero-length memory segments; and the sealed MemoryLayout interface has been enhanced to facilitate usage with JEP 427, Pattern Matching for switch (Third Preview).

JEP Draft 8295817, Virtual Threads (Second Preview), has been promoted to Submitted status this past week. This JEP, also under the auspices of Project Loom, proposes a second preview from JEP 425, Virtual Threads (Preview), delivered in JDK 19, to allow time for additional feedback and experience for this feature to progress. It is important to note that no changes are within this preview except for a small number of APIs from JEP 425 that were made permanent in JDK 19 and, therefore, not proposed in this second preview.

Similarly, JEP Draft 8296037, Structured Concurrency (Second Incubator), has been promoted to Submitted status. This JEP, also under the auspices of Project Loom, proposes to reincubate this feature from JEP 428, Structured Concurrency (Incubator), delivered in JDK 19, in JDK 20 to allow time for additional feedback and experience. The only change is an updated StructuredTaskScope class to support the inheritance of scoped values by threads created in a task scope. This streamlines the sharing of immutable data across threads.

JDK 20

Build 21 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 20 that include fixes to various issues. Further details on this build may be found in the release notes.

Mark Reinhold, chief architect, Java Platform Group at Oracle, formally announced the release schedule for JDK 20 as follows:

• Rampdown Phase One (fork from main line): December 8, 2022
• Rampdown Phase Two: January 19, 2023
• Initial Release Candidate: February 9, 2023
• Final Release Candidate: February 23, 2023
• General Availability: March 21, 2023

For JDK 20, developers are encouraged to report bugs via the Java Bug Database.

Project Loom

Build 20-loom+20-34 of the Project Loom early-access builds was made available to the Java community and is based on Build 20 of JDK 20 early-access builds.

Spring Framework

On the road to Spring Integration 6.0.0, the first release candidate was made available featuring support for: RabbitMQ Streams, Kotlin Coroutines and GraalVM polyglot JavaScript invocations. This version also includes the removal of Spring Data for Apache Geode. More details on this release may be found in the release notes.

Spring Tools 4.16.1 for Eclipse, Visual Studio Code, and Theia has been released featuring early access builds available for Spring Tools 4 on Eclipse 2022-12 milestones. Developers who plan to upgrade from Spring Tools 4.15.3 should follow this migration guide due to a major update in m2e 2.0 that ships with Eclipse 2022-09. Further details on this release may be found in the release notes.

GraalVM

Oracle Labs has released GraalVM 22.3 featuring: support for JDK 19 and jlink; and Native Image monitoring and developer experience updates. As announced at JavaOne, the GraalVM CE Java code will become part of OpenJDK. This is the last feature release of 2022. More details on this release may be found in the release notes and this YouTube video. InfoQ will follow up with a more detailed news story.

Open Liberty

IBM has promoted Open Liberty 22.0.0.11 from its beta release to deliver: support for JDK 19 and distributed security caching so that multiple Liberty servers can share caches by using a JCache provider. This version also addresses CVE-2022-24839, a vulnerability out of Nokogiri (Rubygem), a fork of the now-defunct org.cyberneko.html, that raises a OutOfMemoryError exception when parsing ill-formed HTML markup.

Open Liberty 22.0.0.12-beta has also been released that offers support for six new Jakarta EE 10 specifications: Jakarta Batch 2.1, Jakarta XML Web Services 4.0, Jakarta Server Pages 3.1, Jakarta Standard Tag Library 3.0, Jakarta Messaging 3.1 and Jakarta WebSocket 2.1. There is also support for two updated specifications in the upcoming release of MicroProfile 6.0: JWT Propagation 2.1 and MicroProfile Metrics 5.0.

Eclipse Vert.x

Eclipse Vert.x 3.9.14 has been released that ships with dependency upgrades to GraphQL Java 19.2, Netty 4.1.84.Final, Protocol Buffers Java 3.21.7 and Jackson Databind that addresses CVE-2022-42003, a denial of service vulnerability in Jackson Databind. The 3.9 release train is scheduled to reach end of life by the end of 2022, so developers are encouraged to upgrade to Vert.x 4.x. Further details on this release may be found in the release notes.

Apache Software Foundation

Apache TomEE 8.0.13 has been released featuring: an example on how to work with properties providers; and dependency upgrades that include Jakarta Faces 2.3.18, MyFaces 2.3.10, Hibernate Integration 5.6.9.Final, BatchEE 1.0.2, Tomcat 9.0.68 and SnakeYAML 1.33. More details on this release may be found in the release notes.

JReleaser

Version 1.3.0 of JReleaser, a Java utility that streamlines creating project releases, has been made available featuring: a new WorkflowListener extension that reacts to workflow events; an option to install additional native-image components; and support for deploying JARs and POMs to Maven compatible repositories. Further details on this release may be found in the changelog.

Hibernate

Versions 5.11.11.Final and 5.10.13.Final of Hibernate Search have been released that feature dependency upgrades to Hibernate ORM versions 5.4.33.Final and 5.3.28.Final, respectively. Version 5.10.13 also provides a fix for a ClassCastException being thrown when creating a FullTextSession interface from an EntityManager interface created by Spring Boot 2.4.0+ and Spring Framework 5.3+.

PrimeFaces

PrimeFaces, a provider of open-source UI component libraries, has provided point releases of PrimeFaces 7.0.30, 8.0.22, 10.0.17, 11.0.9 and 12.0.1. New features and enhancements include: implement an IN match mode, i.e., filterMatchMode="in", for the JpaLazyDataModel class; and ensure that the emptyLabel attribute when using the SelectCheckboxMenu class doesn’t display text.

PrimeVue 3.18.0 has also been released that delivers: accessibility enhancements to all menu components; templating support for FileUpload; and a responsive Paginator. More details on this release may be found in the changelog.

JDKMon

Version 17.0.37 of JDKMon, a tool that monitors and updates installed JDKs, has been made available to the Java community this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version ships with a fix for the detection of GraalVM builds.

EclipseCon

EclipseCon 2022 was held at the Forum am Schlosspark in Ludwigsburg, Germany this past week featuring speakers from the Java community that presented on topics such as Java, The Open Source Way, Cloud Native Technologies and All Things Quality & Security. The conference included the annual Community Day that precedes the conference.