Author: Michael Redlich

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for October 17th, 2022 features news from OpenJDK, JDK 19, JDK 20, JavaFX 20, Generational ZGC Build 20, Oracle Labs, Liberica JDK and Native Image Kit, Spring milestone, point and release candidates, EclipseLink 4.0, Quarkus 2.13.3, Micronaut 3.7.2, Hibernate Reactive 1.1.9, JHipster Lite 0.20, Apache Commons CVE, Groovy 4.0.6 and 2.5.29 and the return of JavaOne.

OpenJDK

JEP 432, Record Patterns (Second Preview), was promoted from its Draft 8294078 to Candidate status this past week. This JEP updates since JEP 405, Record Patterns (Preview), to include: added support for inference of type arguments of generic record patterns; added support for record patterns to appear in the header of an enhanced for statement; and remove support for named record patterns.

Similarly, JEP 433, Pattern Matching for switch (Fourth Preview), was promoted from its Draft 8294285 to Candidate status. This JEP updates since JEP 427, Pattern Matching for switch (Third Preview), to include: a simplified grammar for switch labels; and inference of type arguments for generic type patterns and record patterns is now supported in switch expressions and statements along with the other constructs that support patterns.

JDK 19

JDK 19.0.1, the first maintenance release of JDK 19, along with security updates for JDK 17.0.5, JDK 11.0.17 and JDK 8u351 were made available as part of Oracle’s Releases Critical Patch Update for October 2022.

JDK 20

Build 20 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 19 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 20, developers are encouraged to report bugs via the Java Bug Database.

JavaFX 20

Build 4 of the JavaFX 20 early-access builds was made available to the Java community and was designed to work with the JDK 20 early-access builds. JavaFX application developers may build and test their applications with JavaFX 20 on JDK 20.

Generational ZGC

Build 20-genzgc+1-14 of the Generational ZGC early-access builds was also made available to the Java community and is based on an incomplete version of JDK 20.

Oracle Labs

Oracle Labs has announced that they will be contributing GraalVM Community Edition source code to OpenJDK. This means: ongoing GraalVM design and development will move to the OpenJDK community; moving forward, GraalVM will use the same development methodology and processes as used for Java; and GraalVM will align with the Oracle Java release and licensing models. InfoQ will follow up with a more detailed news story.

On the road to version 1.0, Oracle Labs has released versions 0.9.15 and 0.9.16 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides improvements such as: modify tests to verify that the --exclude-config command-line argument behaves as intended; fix functional tests for MacOS users; and improve the toolchain selection diagnostics. Further details on this release may be found in the changelog.

Oracle Labs has also provided a community roadmap for features in upcoming GraalVM releases planned for October 2022 and January 2023 along with features planned beyond that timeframe.

BellSoft

Also concurrent with Oracle’s Critical Patch Update (CPU) for October 2022, BellSoft has released CPU patches for versions 17.0.4.1, 11.0.16.1.1 and 8u351 of Liberica JDK, their downstream distribution of OpenJDK. In addition, Patch Set Update (PSU) versions 19.0.1, 17.0.5, 11.0.17 and 8u352, containing CPU and non-critical fixes, have also been released.

Spring Framework

On the road to Spring Framework 6.0.0, the second release candidate was made available that delivers 28 bug fixes, improvements in documentations and dependency upgrades that include: Apache Derby 10.16, GraalVM 22.3.0 and Jackson 2.14.0-RC2. More details on this release may be found in the release notes.

On the road to Spring Boot 3.0.0, the first release candidate was made available that delivers 135 bug fixes, improvements in documentations and dependency upgrades such as: Spring Framework 6.0.0-RC2, Spring GraphQL 1.0.0-RC1, Spring Security 6.0.0-RC1, Spring Web Services 4.0.0-RC1, Netty 4.1.84.Final, Micrometer 1.10.0-RC1 and Log4j2 2.19.0. Further details on this release may be found in the release notes.

Spring Framework 6.0 and Spring Boot 3.0 are scheduled for GA releases in November 2022. Developers can learn more about what to expect in this InfoQ news story.

Spring Boot 2.7.5 has been released featuring bug fixes and dependency upgrades such as: Spring Data 2021.2.5, Spring Security 5.7.4, Spring Data 2021.2.5, Hibernate 5.6.12.Final and Reactor 2020.0.24. More details on this release may be found in the release notes.

Spring Boot 2.6.13 has been released that ships with 27 bug fixes, improvements in documentation and dependency upgrades such as: Spring Data 2021.1.9, Spring Security 5.6.8, Tomcat 9.0.68, Reactor 2020.0.24 and Jetty Reactive HTTPClient 1.1.13. Further details on this release may be found in the release notes.

Versions 2022.0.0-RC1, 2021.2.5, and 2021.1.8 of Spring Data were released this past week featuring many corresponding dependency upgrades for all three versions. The release candidate delivers a revised module structure that includes eliminating Spring Data for Apache Geode and the point releases may be consumed with Spring Boot 2.7.5 and 2.6.13, respectively.

The Reactor Netty team has published CVE-2022-31684, Reactor Netty HTTP Server May Log Request Headers, a vulnerability in which logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where the WARN level is enabled. Reactor Netty 1.0.24 provided the fix for this CVE.

One week after the eighth milestone release of Spring Batch 5.0, the first release candidate has been made available featuring: improvement in the execution context meta-data to add the version of Spring Batch; and the removal of GemFire support. More details on this release may be found in the release notes.

On the road to Spring Web Services 4.0.0, the first release candidate has been made available that ships with dependency upgrades that include: Spring Framework 6.0.0-RC1, Spring Security 6.0.0-RC1, log4j2 2.19.0, slf4j 2.0.3 and Ehcache 2.10.9.2. This is the last planned release candidate that supports Spring Boot 3.0.

Versions 6.0.0-RC1 and 5.8.0-RC1 of Spring Security have been released that delivers: smarter access to the HttpSession interface; simplify configuration for the RequestMatcher interface; and XML support for the shouldFilterAllDispatcherTypes property. These release candidates also bring breaking changes. Further details on this release may be found in the release notes for version 6.0.0-RC1 and version 5.8.0.

Similarly, versions 5.7.4 and 5.6.8 of Spring Security have been released featuring bug fixes and dependency upgrades such as: Spring Framework 5.3.23, Reactor Netty 1.0.24, Jackson Databind 2.13.4.1 and Eclipse Jetty 9.4.49. Further details on this release may be found in the release notes for version 5.7.4 and version 5.6.8.

The first release candidate of Spring for GraphQL 1.1.0 has been made available featuring observability support based on metrics and distributed tracing with Micrometer. There will be no new features after this release candidate as the team will focus on bug fixes and improvements in documentation until the anticipated GA release in November 2022. Spring GraphQL 1.1.0-RC1 will also be included in Spring Boot 3.0.0-RC1. More details on this release may be found in the release notes.

As monolith- and modular-based applications development has regained popularity, Spring has introduced a new experimental project, Spring Modulith, that supports developers in “expressing these logical application modules in code and in building well-structured, domain-aligned Spring Boot applications.” InfoQ will follow up with a more detailed news story.

Andy Wilkinson, staff engineer at VMware, has announced that the Spring Initializr team will be changing their default build tool from Maven to Gradle. Wilkinson, on behalf of the team, is of the opinion that Gradle is a better build system, writing:

This is particularly true for Spring Boot 3.0-based applications where the developer experience with AOT processing is quite a bit better with Gradle. We’d like to nudge the community towards using Gradle while ensuring that Maven’s only a click away for those that prefer it.

Developers who still prefer to use Maven can easily do so via https://start.spring.io/#!type=maven-project. InfoQ will follow up with a more detailed news story.

EclipseLink

Version 4.0.0 of EclipseLink, a compatible implementation of the Jakarta Persistence specification, has been released that delivers many updates such as: *Visitor classes and interfaces have been added to the EclipseLink-ASM project; clone the appropriate fields from the clone() method in the OneToManyMapping class that fixes a ConcurrentModificationException being thrown in a multithreaded environment; and update Oracle dependencies to version 21c. More details on this release may be found in the release notes.

Quarkus

Red Hat has released Quarkus 2.13.3.Final that addresses CVE-2022-42003, a denial of service vulnerability in Jackson Databind. Developers are encouraged to upgrade to versions 2.14.0-RC1, 2.13.4.1 and 2.12.17.1. There were also dependency upgrades to the SmallRye Reactive Messaging 3.21.0, Kotlin Serialization 1.4.1 and Jackson Databind 2.13.4. Further details on this release may be found in the changelog.

Micronaut

The Micronaut Foundation has released Micronaut Framework 3.7.2 featuring bug fixes and dependency upgrades to Micronaut Data 3.8.1, JUnit 5.9.1, jackson-databind 2.13.4.2, managed-testcontainers 1.17.5, managed-swagger 2.2.3 and micronaut-gradle-plugins 5.3.15. More details on this release may be found in the release notes.

Hibernate

Hibernate Reactive 1.1.9.Final has been released featuring a performance enhancement in which type caches are avoided on checks for the ReactiveConnectionSupplier interface. Further details on this release may be found in the list of issues.

JHipster

Versions 0.20.0 and 0.19.0 of JHipster Lite were released this past week that ship with: support for Neo4j; a dependency upgrade to Angular 14.2.7; and refactoring that removes deprecations and Mustache, the logic-less template utility.

Apache Software Foundation

The Apache Software Foundation has published CVE-2022-42889, Arbitrary Code Execution in Apache Commons Text, a vulnerability that allows remote code execution when applied to untrusted input due to unsecure interpolation defaults. Developers are encouraged to upgrade to Apache Commons Text 1.10.0.

Apache Groovy 4.0.6 has been released that delivers 14 bug fixes, improvements and dependency upgrades to Jackson Databind 2.13.4, JUnit 5.9.1, ASM 9.4, Spock 2.3, junit-platform 1.9.1 and japicmp 0.4.1 More details on this release may be found in the changelog.

Similarly, Apache Groovy 2.5.19 has been released that delivers 72 bug fixes, improvements and a dependency upgrade to Spock 1.3. Further details on this release may be found in the changelog.

JavaOne

After a five year hiatus, JavaOne returned to Las Vegas, Nevada this past week at the Caesars Forum and Venetian Convention and Expo Center that featured many speakers from the Java community who presented and facilitated many session types such as Birds of a Feather, hands-on labs, lightning talks, tutorials and deep dives.

One of the many highlights was the Inside Java | JavaOne 2022 Technical Keynote. Facilitated by Chad Arimura, vice president, Java developer relations at Oracle, this keynote featured a number of special guests from Microsoft and Oracle.

• Julia Liuson, president of developer division and GitHub at Microsoft, and Mark Heckler, principal Cloud developer advocate at Microsoft, presented ongoing Java development with Microsoft Azure.
• Gavin Bierman, consulting member of technical staff at Oracle, discussed Project Amber and demonstrated how to use Record Patterns and Pattern Matching in switch.
• Mikael Vidstedt, senior director, Java Virtual Machine, at Oracle, discussed ZGC.
• Sean Mullan, consulting member of technical staff at Oracle, discussed Java security technologies.
• Ron Pressler, consulting member of technical staff at Oracle, and Tomas Langer, architect at Oracle, discussed Project Loom and demonstrated how to use virtual threads in both blocking and reactive environments. Langer also introduced Helidon Níma, a new microservices framework based on virtual threads, that offers a low-overhead, highly concurrent server while maintaining a blocking thread model.
• Denys Makogon, Java developer advocate at Oracle, presenting virtually from Ukraine, presented on how Project Loom and ZGC improved the team’s telemetry ingestion engine for the Oracle Red Bull Racing F1 simulator.

The last JavaOne took place in 2017 before it was changed to CodeOne in 2018 and 2019. There were no conferences in 2020 and 2021 due to the pandemic.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for October 10th, 2022 features news from OpenJDK, JDK 20, Spring Framework 6.0-RC1, Spring Batch 5.0-M8, Quarkus 2.13.2, Helidon 3.0.2 and 2.5.4, Project Reactor 2022.0-RC1, Piranha 22.10.0, JHipster Lite 0.18.0, Apache Tomcat 8.5.83 and 10.1.1 Apache James 3.7.2 and Devoxx Belgium.

OpenJDK

JEP 431, Sequenced Collections, was promoted from its Draft 8280836 to Candidate status this past week. This JEP proposes to introduce “a new family of interfaces that represent the concept of a collection whose elements are arranged in a well-defined sequence or ordering, as a structural property of the collection.” Motivation was due to a lack of a well-defined ordering and uniform set of operations within the Collections Framework.

JDK 20

Build 19 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 18 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 20, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

On the road to Spring Framework 6.0, the first release candidate was made available this past week that ships with baselines to JDK 17+ and Jakarta EE 9+ and a broader revision of the Spring infrastructure. This release candidate completes the foundation for Ahead-of-Time (AOT) transformations and corresponding AOT processing support for Spring application contexts. Other new features and refinements include: an HTTP interface client based on @HttpExchange service interfaces; support for RFC 7807 problem details; and Micrometer-based observability for HTTP clients. More details on this release may be found in the what’s new page.

Similarly, on the road to Spring Batch 5.0, the eighth milestone release features: an updated DefaultExecutionContextSerializer class to serialize/deserialize context to/from Base64; and an enhanced SystemCommandTasklet class with a new strategy interface, CommandRunner, to decouple the command execution from the tasklet execution. Further details on this release may be found in the release notes.

Quarkus

Red Hat has released Quarkus 2.13.2 that delivers fixes such as: prevent a possible null pointer exception while building a violations report; ensure all CLI commands work with Windows Powershell; and introduce a version of the @OidcClientFilter annotation to enhance RestClient Reactive to support registering providers via custom annotations. More details on this release may be found in the changelog.

Helidon

Oracle has released Helidon 3.0.2 that ships with updates to Helidon components such as WebServer, WebClient, DBClient and CORS. There were also dependency upgrades to Hibernate 6.1.4.Final, EclipseLink 3.0.3, GraphQL Java 17.4, SnakeYAML 1.32, Reactive Streams 1.0.4 and Oracle Cloud Infrastructure 2.45.0.

Similarly, in the 2.5 release train, Helidon 2.5.4 was made available to deliver updates to the Helidon components and dependency upgrades to Hibernate 5.6.11.Final, Hibernate Validator 6.2.5, EclipseLink 2.7.11, GraphQL Java 17.4, SnakeYAML 1.32, Reactive Streams 1.0.4,

Project Reactor

On the road to Project Reactor 2022.0.0, the first release candidate features dependency upgrades to the reactor-core 3.5.0-RC1, reactor-pool 1.0.0-RC1, reactor-netty 1.1.0-RC1, reactor-netty5 2.0.0-M2 and reactor-kafka 1.3.13 artifacts. There was also a realignment to RC1 with the reactor-addons 3.5.0-RC1 and reactor-kotlin-extensions 1.2.0-RC1 artifacts that remain unchanged.

Piranha

Piranha 22.10.0 has been released. Dubbed the “Stabilization is ongoing” edition for October 2022, this new release includes deprecations to: Piranha Micro, MicroExtension, StandardExtension and the old server distribution. There was also a dependency upgrade to Weld 5.1.0, the compatible implementation to the Jakarta Contexts and Dependency Injection specification. Further details on this release may be found in their documentation and issue tracker.

JHipster

JHipster Lite 0.18.0 has been released that ships with bug fixes, enhancements and dependency upgrades that include modules: consul 1.13.2, vite 3.1.8, prettier-plugin-svelte 2.8.0, docker/build-push-action 3.2.0 and vue-tsc 1.0.7.

Apache Software Foundation

Apache Tomcat 10.1.1 has been released that ships with an updated Eclipse JDT compiler 4.23 and fixes for: a refactoring regression that broke JSP includes; and unexpected timeouts that may appear as client disconnects when using HTTP/2 and NIO2. More details on this release may be found in the changelog.

Apache Tomcat 8.5.83 has also been released featuring: support for authenticating WebSocket clients with an HTTP forward proxy when establishing a connection to a WebSocket endpoint; various fixes for edge case bugs in expression language processing; and an enforcement of RFC 7230, Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing, such that a request with a malformed content-length header should always be rejected with a 400 response. Further details on this release may be found in the changelog.

Apache James 3.7.2 has been released that delivers bug fixes and dependency upgrades to Scala 2.13.9, slf4j 2.0.1, Netty 4.1.81.Final, Logback 1.4.0 and jsoup 1.15.3. More details on this release may be found in the release notes.

Devoxx Belgium

Devoxx Belgium 2022 was held at the Kinepolis Antwerp this past week featuring many speakers from the Java community who presented on topics such as Java, Architecture, Server-Side Java, Security and Development Practices.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for October 3rd, 2022 features news from OpenJDK, JDK 20, Spring milestone updates, Eclipse Tumerin 19, OmniFaces 4.0, PrimeFaces 12.0, Introducing OmniFish, Quarkus 2.13.1, Oracle joins Micronaut Foundation, Eclipse Vert.x 4.3.4, JobRunr 5.3, Apache Tomcat 9.0.68, Apache Camel 3.19, Apache Tika 2.5, ArchUnit 1.0 and conferences Devoxx Morocco and JAX London.

OpenJDK

Two JEP Drafts, 8294285, Pattern Matching for switch (Fourth Preview), and 8294078, Record Patterns (Second Preview), have been submitted by Gavin Bierman, programming language designer at Oracle. Under the auspices of Project Amber, These JEP drafts propose a fourth and second preview, respectively, of their corresponding predecessor JEPs that were delivered in JDK 19. Preview features allow for refinements based upon continued experience and feedback.

For JEP Draft 8294285, updates since JEP 427, Pattern Matching for switch (Third Preview), include: a simplified grammar for switch labels; and inference of type arguments for generic type patterns and record patterns is now supported in switch expressions and statements along with the other constructs that support patterns.

For JEP Draft 4294087, updates since JEP 405, Record Patterns (Preview), include: added support for inference of type arguments of generic record patterns; added support for record patterns to appear in the header of an enhanced for statement; and remove support for named record patterns.

JEP Draft 8294992, 64 bit object headers, was submitted by Roman Kennke, principal engineer at Amazon Web Services. Under the auspices of Project Lilliput, the JEP draft proposes to reduce the size of Java object headers from 96 or 128 bits to 64 bits. Project Lilliput, created by Kennke, marked a milestone 1 in May 2022 by achieving 64-bit headers.

JDK 20

Build 18 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 17 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 20, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

On the road to Spring Cloud 2022.0.0, codenamed Kilburn, the fifth milestone release has been made available featuring updates to version 4, milestone 5 versions of Spring Cloud sub-projects such as Spring Cloud Consul, Spring Cloud Gateway, Spring Cloud OpenFeign and Spring Cloud Commons. Spring Cloud Netflix 4.0.0-M1 features a dependency upgrade to Eureka 2.0.0 that allows Spring Cloud Netflix to be compatible with the upcoming GA releases of Spring Framework 6.0 and Spring Boot 3.0. More details on this release may be found in the release notes.

Point and milestone releases of Spring Shell have been released to the Java community. Version 2.1.2 is built on Spring Boot 2.7.4 and back ports bug fixes. Notable changes in version 3.0.0-M1 include: a dependency upgrade to Spring Boot 3.x; support for GraalVM that is mostly complete; and Spring Shell is now built with Gradle. Further details on these releases may be found in the release notes for version 2.1.2 and version 3.0.0-M1.

On the road to Spring Batch 5.0.0, the seventh milestone release features: support to use any type as a job parameter; and improved conversion of job parameters. More details on this release may be found in the release notes.

Eclipse Tumerin

The Adoptium Working Group has released Eclipse Tumerin 19, their downstream distribution of OpenJDK 19.

OmniFaces

OmniFaces has released version 4.0 of their utility library for Faces that introduces a new method, addFacesScriptResource(), defined in the Components class to allow compatibility with Jakarta Faces 3.0 and 4.0. Breaking changes include minimal dependency upgrades to JDK 11 and Jakarta EE 9 specifications, namely Faces 3.0, Expression Language 4.0, Servlet 5.0, Contexts and Dependency Injection 3.0, Enterprise Web Services 2.0 and Bean Validation 3.0. Further details on this release may be found in the what’s new document.

PrimeFaces

PrimeFaces 12.0.0 was released featuring numerous dependency upgrades to modules such as hibernate-validator 6.2.1.Final, tomcat.version 9.0.58, slf4j-api 1.7.33, mockito-core 4.2.0, hazelcast 4.2.4 and other Maven-related modules.

Introducing OmniFish

OmniFish, a new Jakarta EE consulting and support company, have introduced themselves to the Java community. Focusing on support for Jakarta EE, Eclipse GlassFish and Piranha Cloud, OmniFish has also joined the Jakarta EE Working Group as a Participant Member. Co-founders Arjan Tijms, Ondro Mihályi and David Matějček along with web engineer Bauke Scholtz, have many years of experience with GlassFish, Jakarta EE, Java application development and Java middleware production support. They are also leading members of the Eclipse GlassFish project. InfoQ will follow up with a more detailed news story.

Quarkus

Red Hat has released Quarkus 2.13.1.Final that ships with bug fixes and improvements in documentation. The SmallRye implementations of the MicroProfile OpenTracing and Metrics specifications have been deprecated due to changes in the MicroProfile specifications. More details on this release may be found in the changelog.

Micronaut

The Micronaut Foundation has announced that Oracle has joined the Micronaut Foundation as an Engineering Partner, a new program that “recognizes partner organizations that sponsor the full-time work of one or more members of the Micronaut framework core committer team, with a focus on the critical shared and common portions of the code base.” Since 2020, Oracle has been providing open source contributions to Micronaut projects such as Micronaut AOT and Micronaut Serialization.

Eclipse Vert.x

In response to a number of reported issues in version 4.3.3, Eclipse Vert.x 4.3.4 has been released featuring fixes to those bugs along with documenting deprecations and breaking changes. There is also continued support for the virtual threads incubation project. Further details on this release may be found in the release notes.

Hibernate

Hibernate ORM 6.1.4.Final has been released featuring bug fixes and an enhancement in which an unnecessary multi-table insert is no longer generated upon executing an INSERT from a SELECT statement containing an assigned identifier.

JobRunr

JobRunr 5.3.0 has been released that ships with support for Kotlin 1.7.20, Spring Boot 3.0.0-M5 and the Spring Boot Context Indexer, a utility that allows for generating a Spring component index for faster startup times. More details on this release may be found in the release notes.

Apache Software Foundation

Apache Tomcat 9.0.68 has been released with notable bug fixes such as: a refactoring regression that broke JSP includes; and unexpected timeouts that appeared upon client disconnects when using HTTP/2 and NIO2. This release also includes an enforcement of RFC 7230, Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing, such that a request with a malformed content-length header should always be rejected with a 400 server response. Further details on this release may be found in the changelog.

Apache Camel 3.19.0 has been released that ships with 259 bug fixes, improvements and dependency upgrades that include: gRPC 1.48.1, Spring Boot 2.7.3, JUnit 5.9.x and Artemis 2.25.x. The hadoop-common module was upgraded to version 3.3.3 to address CVE-2022-26612, a vulnerability in which a TAR entry may create unresolved symlinks that point to an external directory under the expected extraction directory. More details on this release may be found in the release notes.

Apache Tika 2.5.0 released featuring: improved extraction of PDF subset information for PDF/UA, PDF/VT and PDF/X; avoid an infinite loop in bookmark extraction from PDFs; and enable the configuration of digests through the AutoDetectParserConfig class. Further details on this release may be found in the release notes. As of September 30, 2022, the Apache Tika 1.x release train has reached its End of Life and is no longer supported.

ArchUnit

TNG Technology Consulting has released version 1.0.0 of ArchUnit, an open-source extensible library for checking the architecture of Java code by checking dependencies between packages and classes, layers and slices, and checking for cyclic dependencies. Enhancements in this release include: ignored rules defined in the archunit_ignore_patterns.txt file no longer populate an instance of the ViolationStore interface in conjunction with the FreezingArchRule class. There are breaking changes due to renaming numerous “getter” methods to remove any ambiguities. InfoQ will follow up with a more detailed news story.

JHipster

JHipster Lite 0.17.0 has been released that ships with bug fixes, enhancements and dependency upgrades that include modules: keycloak 19.0.3, mongodb 1.17.5, react-hook-form 7.37.0 and vite 3.1.6.

Conferences

Devoxx Morocco 2022 was held at the Hilton Taghazout Bay Beach Resort & Spa, Taghazout in Agadir, Morocco this past week featuring many speakers from the Java community who presented on tracks such as: Java & Programming Languages; Architecture & Security; Devops, Cloud, Containers & Infrastructure; and Data & AI.

Similarly, Jax London 2022 was held at the Business Design Centre in London, England this past week featuring many speakers from the Java community who presented sessions and workshops.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for September 19th, 2022 features news from OpenJDK, JDK 19, JDK 20, Amazon Corretto 19, BellSoft Liberica JDK 19, Jakarta EE 10, multiple Spring Framework updates, Quarkus 2.12.3, Payara Platform updates, Micronaut 3.7.0, GraalVM Native Build Tools 0.9.14, JobRunr 5.2.0, PrimeFaces point releases, Failsafe 3.3.0, Apache Groovy 3.0.13 and Apache Log4j2 2.19.0.

OpenJDK

JEP 430, String Templates (Preview), was promoted from its JEP Draft 8273943 to Candidate status. This preview JEP, under the auspices of Project Amber, proposes to enhance the Java programming language with string templates, string literals containing embedded expressions, that are interpreted at runtime where the embedded expressions are evaluated and verified.

JDK 19

Oracle has released version 19 of the Java programming language and virtual machine this past week, which ships with a final feature set of seven JEPs. More details may be found in this InfoQ news story.

Amazon Corretto

Amazon has released Amazon Corretto 19, their downstream distribution of OpenJDK 19, that is available on Linux, Windows, and macOS. Developers may download this latest version from this site.

Liberica JDK

Similarly, BellSoft has released LibericaJDK 19, their downstream distribution of JDK 19. Developers may download this latest version from this site.

JDK 20

Build 16 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 15 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 20, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE

The Jakarta EE Working Group has released Jakarta EE 10, the third major, and fourth overall, release since Oracle donated Java EE 8 to the Eclipse Foundation in 2017. This release provides new functionality in over 20 component specifications through version updates. Also new for Jakarta EE 10 is the Core profile that joins the existing Platform and Web profiles, all of which have compatible implementations. InfoQ will follow up with a more detailed news story.

Spring Framework

It was a very busy week for the Spring teams as they released point and milestone versions for a number of their projects along with publishing a common vulnerability and exposure (CVE).

The Spring Data REST team has published CVE-2022-31679, Potential Unintended Data Exposure for Resource Exposed by Spring Data REST, a vulnerability in which an attacker can craft HTTP requests that expose hidden entity attributes within applications that allow HTTP PATCH access to resources exposed by Spring Data REST.

Versions 2.7.4 and 2.6.12 of Spring Boot were made available to the Java community. Both versions support JDK 19 and feature numerous bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.23, Hibernate 5.6.11.Final, Netty 4.1.82.Final, Rector 2020.0.23, Groovy 3.0.13, Dropwizard Metrics 4.2.12 and Postgresql 42.3.7. More details on each release may be found in the release notes for version 2.7.4 and version 2.6.12.

On the road to Spring Boot 3.0, the fifth milestone release was made available with notable new features such as: improved Ahead-of-Time processing and native image support; improved sanitation of actuator endpoints; and a reinstatement of support for Eclipse Jersey after fixing an issue with the common-core module. Further details on this release may be found in the release notes.

Versions 2022.0.0-M6, 2021.2.3, and 2021.1.7 of Spring Data have been released that ship with bug fixes and dependency upgrades to the corresponding versions of Spring Data sub-projects such as: Spring Data REST, Spring Data JPA, Spring Data MongoDB, Spring Data for Apache Cassandra, Spring Data Neo4j and Spring Data KeyValue. These releases also include the fix to address the aforementioned CVE-2022-31679 vulnerability.

Versions 6.0.0-M7 and 5.8.0-M3 of Spring Security have been released. New features in version 6.0.0-M7 include: support for native-image in the @PreAuthorize annotation; a performance enhancement in the HttpSessionRequestCache class; and the removal of the FilterSecurityInterceptor class, now deprecated, from the WebSecurity class in favor of the AuthorizationFilter class. New features for version 5.8.0-M3 include: new interfaces for CSRF request processing; AspectJ support to the @EnableMethodSecurity annotation; and support for lazy reading of an implementation of the CsrfToken interface by the LazyCsrfTokenRepository class to complement the existing lazy saving of a token. It is worth noting that there are breaking changes for version 6.0.0-M7. More details on these releases may be found in the release notes for version 6.0.0-M7 and version 5.8.0-M3.

The second milestone release of Spring Cloud Dataflow 2.10.0 has been made available featuring dependency upgrades to Spring Boot 2.7.3, Spring Framework 5.3.22 and Spring Cloud 2021.0.3. Support for MySQL 5.7+, using the MariaDB JDBC driver, has been restored after it was briefly removed in Spring Cloud Dataflow 2.10.0-M1. Further details on this release may be found in the release notes.

Versions 5.0.0-M6 and 4.3.7 of Spring Batch have been released. Version 4.3.7 delivers bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.23; Spring Data 2.5.12; Spring Integration 5.5.15; and Spring Kafka 2.7.14. Version 5.0.0-M6 delivers new features such as: support for native-image in the AbstractJobRepositoryFactoryBean class; support to configure the transaction manager in the SimpleJobOperator and SimpleJobExplorer classes; and revisit the configuration of infrastructure beans with the @EnableBatchProcessing annotation. More details on these releases may be found in the release notes for version 5.0.0-M6 and version 4.3.7.

The second milestone release of Spring Authorization Server 1.0.0 merges enhancements from 0.4.x release train along with dependency upgrades to Spring Framework 6.0.0-M6, Spring Security 6.0.0-M7, mockito-core 4.8.0, jackson-bom 2.13.4 and nimbus-jose-jwt 9.24.4. Further details on this release may be found in the release notes.

The third milestone release of Spring Session 2022.0.0 has been made available that ships with updates to sub-projects: Spring Session Core 3.0.0-M4, Spring Session Data Redis 3.0.0-M4, Spring Session JDBC 3.0.0-M4, and Spring Session Hazelcast 3.0.0-M4.

Similarly, the second milestone release of Spring Authorization Server 0.4.0 ships with new features such as: the ability to add implementations of the AuthenticationProvider and AuthenticationConverter interfaces as an alternative to overriding default ones; and a check to verify that the client secret has not expired in ClientSecretAuthenticationProvider class. More details may be found in the release notes.

Versions 6.0.0-M5 and 5.5.15 of Spring Integration have been made available. Version 5.5.15 features critical bug fixes and resolutions to deprecations of upstream dependencies. Notable changes in version 6.0.0-M5 include: support for Spring AOT, GraphQL and Apache Camel; the removal of the Remote Method Invocation (RMI) module in favor of more secure protocols; a new PostgresSubscribableChannel class to rely on the native PostgreSQL push notifications; and a new ClientManager interface to allow sharing the same MQTT client for different channel adapters. Developers are encouraged to read this migration guide for breaking changes and more details.

Spring for Apache Pulsar 0.1.0-M1, an experimental Spring project, has been released featuring numerous bug fixes and improvements. This version is based on JDK 17, Spring Boot 3.0.0-M5 and Spring Framework 6.0.0-M5. Further details on this release may be found in the release notes.

Spring for GraphQL 1.0.2 has been released that ships with new features such as: support for the @Arguments annotation with Java’s Map interface; support for path variables for redirect to a GraphiQL path; and new introspect controller methods on startup to determine if they need validation. More details on this release may be found in the release notes.

The first milestone release of Spring for GraphQL 1.1 was made available featuring support for JDK 17, Jakarta EE, and a Spring Framework 6.0 baseline. There was also an upgrade to GraphQL Java 19.x, the Java implementation of GraphQL, and new Micrometer Context Propagation library that replaces their internally developed context propagation mechanism.

Quarkus

Quarkus 2.12.3.Final has been released featuring: a dependency upgrade to Hibernate Search 6.1.7.Final; fixes for the request context leak in the Funqy Knative runtime and the MongoDB driver failing a DNS Lookup; and properly support generic bounds for implementations of the ParamConverterProvider interface. Further details on this release may be found in the release notes.

Payara

Payara has released their September 2022 edition of the Payara Platform. Payara 6 Community Alpha 4 provides preview support for Jakarta EE 10 and includes 15 bug fixes, six component upgrades, three improvements and two security fixes. Payara is targeting a beta release for the Payara 6 Community edition to pass the Jakarta EE TCK. More details on this release may be found in the release notes.

Payara Enterprise 5.43.0 brings four bug fixes, a component upgrade to Eclipse Jersey 2.36, and an improvement to support an OpenID Connect token issuer field in Active Directory Federation Services (ADFS). Further details on this release may be found in the release notes.

Micronaut

The Micronaut Foundation has released Micronaut Framework 3.7.0 featuring improvements to numerous modules such as Micronaut for Spring, Micronaut Gradle Plugin, Micronaut GCP, Micronaut Test and Micronaut Reactor. This version also introduces two new modules, Micronaut CRaC and Micronaut Object Storage, to provide support for the Coordinated Restore at Checkpoint (CRaC) and a uniform API to create, read and delete objects within major cloud providers, respectively. More details on this release may be found in the release notes.

Oracle Labs

On the road to version 1.0, Oracle Labs has released version 0.9.14 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides improvements such as: argument files are now stored in the build directory of the Gradle Plugin and the target directory of the Maven Plugin to address the workaround for an absolute path issue on Windows with older versions of GraalVM; and adding a native:compile forking goal that can be initiated from the command line such as mvn native:compile. Further details on this release may be found in the changelog.

Oracle Labs has also provided a community roadmap for features in upcoming GraalVM releases planned for October 2022 and January 2023 along with features planned beyond that timeframe.

JobRunr

Ronald Dehuysser, founder and primary developer of JobRunr, a utility to perform background processing in Java, has released version 5.2.0 that deliver improvements such as: the recurring jobs dashboard is now paged; and the query that returns counters for the dashboard and metrics uses 2-10 times less CPU cycles. More details on this release may be found In the release notes.

PrimeFaces

PrimeFaces, a provider of open-source UI component libraries, has provided point releases of versions 7.0.29, 8.0.21, 10.0.16 and 11.0.8. New features and enhancements include: a new source attribute to Confirm component; an upgrade to Moment.js 2.29.4 that addresses CVE-2022-31129, a vulnerability in which users who pass user-provided strings without sanity length checks to the moment() constructor being vulnerable to regular expression denial of service (ReDoS) attacks; and adding an autoMonthFormat attribute to the DatePicker component.

Failsafe

Failsafe, a lightweight, zero-dependency library for handling failures in Java 8+, has released version 3.3.0 featuring API changes such as: the getStartTime() method defined in the ExecutionContext interface now returns an instance of type Instant rather than an instance of type Duration; and similarly, the getStartTime() defined in ExecutionEvent class now returns an instance of type Optional rather than an instance of type Duration. Also, the getFailure(), getLastFailure(), recordFailure() and similar methods for recording exceptions, deprecated in a previous version, were removed in this release. Developers should use the getException(), getLastException(), recordException() and similar methods. Further details on this release may be found in the changelog.

Apache Software Foundation

Apache Groovy 3.0.13 has been released featuring 44 bug fixes, improvements and a dependency upgrade to Spock 2.2. More details on this release may be found in the changelog.

Apache Log4j 2.19.0 has been released that ships with new features that add: support for SLF4J2 stack-valued MDC class; and an implementation of the SLF4J2 fluent API.

Article originally posted on InfoQ. Visit InfoQ

Oracle has released version 19 of the Java programming language and virtual machine. The seven JEPs in this final feature set include:

The feature cadence for Java 19 is similar to that of the nine new features in JDK 18, but lower than the: 14 features in JDK 17; 17 features in JDK16; 14 features in JDK 15; and 16 features in JDK 14.

This release features JEPs that provide continued contribution toward Project Amber, Project Loom and Project Panama along with a new feature that ports the JDK to the Linux/RISC-V instruction set. We examine a few of these new features here. It is worth noting that there were no JEPs representing Project Valhalla in JDK 19.

Project Panama

JEP 424 and JEP 426 fall under the auspices of Project Panama, a project designed to improve and enrich interoperability between the JVM and well-defined “foreign,” i.e., non-Java, APIs that will most-likely include interfaces commonly used within C libraries.

JEP 424, Foreign Function & Memory API (Preview), introduces an API for Java applications to interoperate with code and data outside of the Java runtime by efficiently invoking foreign functions and by safely accessing foreign memory that is not managed by the JVM. This JEP evolves: JEP 419, Foreign Function & Memory API (Second Incubator), delivered in JDK 18; and JEP 412, Foreign Function & Memory API (Incubator), delivered in JDK 17; to incorporate improvements based on Java community feedback.

JEP 426, Vector API (Fourth Incubator), incorporates enhancements in response to feedback from the previous three rounds of incubation: JEP 417, Vector API (Third Incubator) (delivered in JDK 18), JEP 414, Vector API (Second Incubator) (delivered in JDK 17), and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. JEP 426 proposes to enhance the Vector API to load and store vectors to and from a MemorySegment as defined by JEP 424, Foreign Function & Memory API (Preview).

A working application on how to implement the Foreign Function & Memory API may be found in this GitHub repository by Carl Dea, senior developer advocate at Azul.

Project Loom

JEP 425 and JEP 428 fall under the auspices of Project Loom, a project designed to explore, incubate and deliver Java VM features and APIs built for the purpose of supporting easy-to-use, high-throughput lightweight concurrency and new programming models. This would be accomplished via virtual threads, delimited continuations and tail calls.

JEP 425, Virtual Threads (Preview), introduces virtual threads, lightweight threads that dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications, to the Java platform.

JEP 428, Structured Concurrency (Incubator), proposes to simplify multithreaded programming by introducing a library to treat multiple tasks running in different threads as a single unit of work. This can streamline error handling and cancellation, improve reliability, and enhance observability.

Working applications on how to implement the Virtual Threads and Structured Concurrency APIs may be found in: this GitHub repository by Nicolai Parlog, Java developer advocate at Oracle; and this GitHub repository by Bazlur Rahman, Senior Software Engineer at Contrast Security.

Project Amber

JEP 405 and JEP 427 fall under the auspices of Project Amber, a project designed to explore and incubate smaller Java language features to improve productivity.

JEP 405, Record Patterns (Preview), proposes to enhance the language with record patterns to deconstruct record values. Record patterns may be used in conjunction with type patterns to “enable a powerful, declarative, and composable form of data navigation and processing.” Type patterns were recently extended for use in switch case labels via JEP 406, Pattern Matching for switch (Preview) (delivered in JDK 17), and JEP 420, Pattern Matching for switch (Second Preview) (delivered in JDK 18).

JEP 427, Pattern Matching for switch (Third Preview), incorporates enhancements in response to feedback from the previous two rounds of preview: JEP 406, Pattern Matching for switch (Preview) (delivered in JDK 17), and JEP 420, Pattern Matching for switch (Second Preview) (delivered in JDK 18). Changes from JEP 420 include: guarded patterns are replaced with when clauses in switch blocks; and runtime semantics of a pattern switch are more closely aligned with legacy switch semantics when the value of the selector expression is null.

A working application on how to implement the Record Patterns and Pattern Matching for switch APIs may be found in this GitHub repository, java-19 folder, by Wesley Egberto, Java technical lead at Global Points.

JDK 20

No JEPs have been Targeted or Integrated for inclusion in JDK 20 at this time. However, based on recently submitted JEP drafts and JEP candidates, we have surmised which JEPs have the potential to be included in JDK 20 in this more detailed news story.

The formal release date for JDK 20 has not yet been announced, but it is expected to be delivered in mid-March 2023 as per the six-month release cadence. Developers can anticipate a feature freeze in mid-December 2022.

JDK 19 may now be downloaded from Oracle with binaries from other vendors expected to become available in the coming days.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for September 12th, 2022 features news from JDK 19, JDK 20, updates to Spring Framework, Spring Cloud and Spring Tools, introducing Helidon Níma, MicroProfile Reactive specifications, Quarkus 2.12.2, MicroStream 7.1.0, Project Reactor 2022.0.0-M6, Hibernate Search 6.1.7, JHipster Lite 0.15.1, Piranha Cloud 22.9.0, Kotlin 1.7.20-RC and Apache Tika 1.28.5.

JDK 19

JDK 19 remains in its release candidate phase with the anticipated GA release on September 20, 2022. The release notes include links to documents such as the complete API specification and an annotated API specification comparing the differences between JDK 18 (Build 36) and JDK 19 (Build 36). More details on JDK 19 and predictions on JDK 20 may be found in this InfoQ news story.

JDK 20

Build 15 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 14 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 19 and JDK 20, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

Versions 6.0.0-M6 and 5.3.23 of Spring Framework have been made available to the Java community. Both releases offer new features, bug fixes and dependency upgrades. A new feature in version 5.3.23 introduces the isSynthesizedAnnotation() method defined in the AnnotationUtils class that will allow developers to migrate away from the deprecated SynthesizedAnnotation interface. Version 6.0.0-M6 defines seven new deprecations and will remove two previously-defined deprecations including the SynthesizedAnnotation interface. Further details on these releases may be found in the release notes for versions 5.3.23 and 6.0.0-M6.

Spring Cloud Dataflow 2.9.6 has been released featuring an updated PostgreSQL driver version 42.2.26 to address CVE-2022-31197, PostgreSQL JDBC Driver SQL Injection in ResultSet.refreshRow() with Malicious Column Names, a vulnerability in which the implementation of the refreshRow() method in the ResultSet class is not properly escaping column names such that a malicious column name that contains a statement terminator, such as a semi-colon, could lead to SQL injection. More details on this release may be found in the release notes.

Version 1.1.0 of Spring Cloud Sleuth OpenTelemetry, an experimental extension to Spring Cloud Sleuth, has been released featuring dependency upgrades to Spring Cloud 2021.0.4 and OpenTelemetry 1.18.0. More details on this release may be found in the release notes.

Spring Tools 4.16.0 has been released featuring: support for Eclipse 2022-09; a new experimental distribution build for Linux on ARM; and an updated M2Eclipse (m2e) 2.0.5. Further details on this release may be found in the change log.

Helidon

Oracle has introduced Helidon Níma, a microservices framework based on virtual threads, that offers a low-overhead, highly concurrent server while maintaining a blocking thread model. Under the auspices of Project Helidon, this new framework is available with the first alpha release of Helidon 4.0.0, but the Java community will have to wait until the end of 2023 for the formal GA release. More details on Helidon Níma may be found in this InfoQ news story.

MicroProfile

On the road to MicroProfile 6.0, scheduled to be released in October 2022, the Reactive Streams Operators 3.0 and Reactive Messaging 3.0 specifications have been made available to the Java community that feature alignment with Jakarta EE 9.1.

Quarkus

Red Hat has released Quarkus 2.12.2.Final featuring dependency upgrades to: SnakeYAML 1.3.2, Hibernate Validator 6.2.5.Final, and JBoss Threads 3.4.3.Final. Further details on this release may be found in the change log.

MicroStream

MicroStream has released version 7.1.0 of their Java object-graph persistence framework featuring: integration with Spring Boot; improvements to their CDI and MicroProfile Config runtime integrations; and improvements to their data channel garbage collection. There was also an open-sourcing all of their connectors to now include: Oracle and SAP HANA Database; Cloud storage (AWS S3, Azure Storage, Google Firestore, Oracle Object Storage); and others (Hazelcast, Kafka, Redis, DynamoDB, Oracle Coherence). More details on this release may be found in the release notes.

Project Reactor

On the road to Project Reactor 2022.0.0, the sixth milestone release, was made available featuring dependency upgrades to the reactor-core 3.5.0-M6 and reactor-netty 1.1.0-M6 artifacts. There was also a realignment to milestone 6 with the reactor-pool 1.0.0-M6, reactor-addons 3.5.0-M6, and reactor-kotlin-extensions 1.2.0-M6 artifacts that remain unchanged.

Hibernate

Hibernate Search 6.1.7.Final has been released that ships with a dependency upgrade to Hibernate ORM 5.6.11.Final; an alignment with Hibernate ORM dependencies in all artifacts that also include the -orm6 artifacts; and bug fixes related to Java modules.

JHipster Lite

Versions 0.15.0 and 0.15.1 of JHipster Lite, a starter project for JHipster, were released featuring numerous enhancements, bug fixes, dependency upgrades and refactoring. Further details on this release may be found in the release notes for versions 0.15.0 and 0.15.1.

Piranha

Piranha 22.9.0 has been released. Dubbed the “Core Profile just landed” edition for September 2022, this new release includes: support for the Jakarta EE Core Profile with a Piranha Core Profile landing zone; and initial support for the Jakarta Transactions and Jakarta Persistence specifications. More details on this release may be found in their documentation and issue tracker.

Kotlin

JetBrains has released Kotlin 1.7.20-RC featuring: support for several new plugins; a preview of the ..< operator for open-ended ranges; enabling the Kotlin/Native memory manager by default; and the addition of inline classes with a generic underlying type, an experimental feature.

Apache Software Foundation

Apache Tika 1.28.5 was released featuring: security fixes; a fix to avoid an infinite loop in bookmark extraction from PDFs; and dependency upgrades. Further details in this release may be found in the changelog. The 1.x release train will reach end-of-life on September 30, 2022.