Author: Michael Redlich
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for February 17th, 2025, features news highlighting: the release of Apache NetBeans 25; the February 2025 release of the Payara Platform; the second beta release of Hibernate Reactive 3.0; and the second release candidate of Gradle 8.13.
JDK 24
Build 36 remains the current build in the JDK 24 early-access builds. Further details may be found in the release notes.
JDK 25
Build 11 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 10 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.
Spring Framework
It was a busy week over at Spring as the various teams have delivered milestone releases of Spring Boot, Spring Security, Spring Authorization Server, Spring Integration, Spring AI and Spring AMQP. There were also point releases of Spring Framework, Spring for GraphQL,Spring Session, Spring for Apache Kafka and Spring for Apache Pulsar. Further details may be found in this InfoQ news story.
Payara
Payara has released their February 2025 edition of the Payara Platform that includes Community Edition 6.2025.2, Enterprise Edition 6.23.0 and Enterprise Edition 5.72.0. All three releases provide critical bug fixes, component upgrades and a new feature that ensures Docker images shutdown gracefully to allow applications to cleanly terminate without data loss or corruption.
A notable critical issue was an IllegalStateException due to Spring Boot 3 applications failing to deploy to Payara Server 6. This was resolved by ensuring proper initialization of Contexts and Dependency Injection (CDI) during deployment. More details on these releases may be found in the release notes for Community Edition 6.2025.2 and Enterprise Edition 6.23.0 and Enterprise Edition 5.72.0.
Apache Software Foundation
The release of Apache NetBeans 25 delivers many improvements that include: enhancements in support for Java code completion for sealed types in switch statements; improved behaviour with the CloneableEditorSupport class such that it will no longer break additional instances of the Java DocumentFilter class which may be attached to an instance of the Java AbstractDocument class. Further details on this release may be found in the release notes.
The release of Apache Tomcat 9.0.100 provides a resolution to a regression with the release of Tomcat 9.0.99 that caused an error while starting Tomcat on JDK 17. The regression was a mitigation for CVE-2024-56337, a Time-of-Check-Time-of-Use vulnerability in which a write-enabled default servlet for a case insensitive file system can bypass Tomcat’s case sensitivity checks and cause an uploaded file to be treated as a JSP leading to a remote code execution. More details on this release may be found in the release notes.
Hibernate
The second beta release of Hibernate Reactive 3.0.0 ships with resolutions to notable issue such as: a ClassCastException from an instance of the ReactiveEmbeddableForeignKeyResultImpl class due to use of the Hibernate ORM EmbeddableInitializerImpl class instead of its reactive version, namely the ReactiveEmbeddableInitializerImpl class; and a NullPointerException when retrieving an entity using a Jakarta Persistence @ManyToOne composite table with additional properties in the Jakarta Persistence @IdClass annotation. This release is compatible with Hibernate ORM 7.0.0.Beta4, and an upgrade to Vert.x SQL client 4.5.13. Further details on this release may be found in the changelog.
JobRunr
The release of JobRunr 7.4.1 ships with bug fixes and new features such as: the ability to switch between different date styles in job table views, e.g., the timestamp when an instance of the Job class was enqueued; and an enhanced display for more complex job parameters on the job details page. More details on this release may be found in the release notes.
Gradle
The second release candidate of Gradle 8.13.0 introduces a new auto-provisioning utility that automatically downloads a JVM required by the Gradle Daemon. Other notable enhancements include: an explicit Scala version configuration for the Scala Plugin to automatically resolve required Scala toolchain dependencies; and refined millisecond precision in JUnit XML test event timestamps. Further details on this release may be found in the release notes.
Java News Roundup: JDK 24-RC1, JDK Mission Control, Spring, Hibernate, Vert.x, JHipster, Gradle
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for February 10th, 2025 features news highlighting: the first release candidate of JDK 24; JDK Mission Control 9.1.0; milestone releases of Spring Framework 7.0, Spring Data 2025.0.0 and Hibernate 7.0; release candidates of Vert.x 5.0.0 and Gradle 8.13.0; and JHipster 8.9.0.
OpenJDK
The release of JDK Mission Control 9.1.0 provides bug fixes and improvements such as: the ability to use the custom JFR event types, i.e., those extending the Java Event class, in the JFR Writer API followed by registering those types; and the ability to use primitive types in converters. More details on this release may be found in the list of issues.
JDK 24
Build 36 remains the current build in the JDK 24 early-access builds. Further details may be found in the release notes.
As per the JDK 24 release schedule, Mark Reinhold, Chief Architect, Java Platform Group at Oracle, formally declared that JDK 24 has entered its first release candidate as there are no unresolved P1 bugs in Build 36. The anticipated GA release is scheduled for March 18, 2025 and will include a final set of 24 features. More details on these features and predictions for JDK 25 may be found in this InfoQ news story.
JDK 25
Build 10 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 9 that include fixes for various issues. Further details on this release may be found in the release notes.
For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.
Spring Framework
The second milestone release of Spring Framework 7.0.0 delivers new features such as: improvements to the equals() method, defined in the AnnotatedMethod class, and the HandlerMethod to resolve failed Cross-Origin Resource Sharing (CORS) configuration lookups; and a refinement of the GenericApplicationContext class that adds nullability using the JSpecify @Nullable annotation to the constructorArgs parameter listed in the overloaded registerBean() method. More details on this release may be found in the release notes.
Similarly, versions 6.2.3 and 6.1.17 of Spring Framework have also been released to provide new features such as: improvements in MVC XML configuration that resolved an issue where the handler mapping, using an instance of the the AntPathMatcher class, instead used an instance of the PathPatternParser class; and a change to the ProblemDetails class to implement the Java Serializable interface so that it may be used in distributed environments. These versions will be included in the upcoming releases of Spring Boot 3.4.3 (and 3.5.0-M2) and 3.3.9, respectively. Further details on this release may be found in the release notes for version 6.2.3 and version 6.1.17.
The first milestone release of Spring Data 2025.0.0 ships with new features such as: support for vector search for MongoDB and Cassandra via MongoDB Atlas and Cassandra Vector Search; and a new Vector data type that allows for abstracting underlying values within a domain model that simplifies the declaration, portability and default storage options. More details on this release may be found in the release notes.
Similarly, Spring Data 2024.1.3 and 2024.0.9, both service releases, ship with bug fixes, dependency upgrades and and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.4.3 and 3.3.9; Spring Data MongoDB 4.4.3 and 4.3.9; Spring Data Elasticsearch 5.4.3 and 5.3.9; and Spring Data Neo4j 7.4.3 and 7.3.9. These versions will be included in the upcoming releases of Spring Boot and 3.4.3 and 3.3.9, respectively.
The release of Spring Tools 4.28.1 provides: a properly signed Eclipse Foundation distribution for WindowOS; and a resolution to an unknown publisher error upon opening the executable for Spring Tool Suite in Windows 11. Further details on this release may be found in the release notes.
Open Liberty
IBM has released version 25.0.0.2-beta of Open Liberty features the ability to configure the MicroProfile Telemetry 2.0 feature, mpTelemetry-2.0, to send Liberty audit logs to the OpenTelemetry collector. As a result, the audit logs may be managed with the same solutions with other Liberty log sources.
Micronaut
The Micronaut Foundation has released version 4.7.6 of the Micronaut Framework featuring Micronaut Core 4.7.14, bug fixes and a patch update to the Micronaut Oracle Cloud module. This version also provides an upgrade to Netty 4.1.118, a patch release that addresses CVE-2025-24970, a vulnerability in Netty versions 4.1.91.Final through 4.1.117.Final, where a specially crafted packet, received via an instance of the SslHandler class, doesn’t correctly handle validation of such a packet, in all cases, which can lead to a native crash. More details on this release may be found in the release notes.
Hibernate
The fourth beta release of Hibernate ORM 7.0.0 features: a migration to the Jakarta Persistence 3.2 specification, the latest version targeted for Jakarta EE 11; a baseline of JDK 17; improved domain model validations; and a migration from Hibernate Commons Annotations (HCANN) to the new Hibernate Models project for low-level processing of an application domain model. Further details on this release may be found in the release notes and the migration guide.
The release of Hibernate Reactive 2.4.5.Final features compatibility with Hibernate ORM 6.6.7.Final and provides resolutions to issues: a Hibernate ORM PropertyAccessException when creating a new object via the persist() method, defined in the Session interface, with an entity having bidirectional one-to-one relationships in Hibernate Reactive with Panache; and the doReactiveUpdate() method, defined in the ReactiveUpdateRowsCoordinatorOneToMany class, ignoring the return value of the deleteRows() method, defined in the same class. More details on this release may be found in the release notes.
Eclipse Vert.x
The fifth release candidate of Eclipse Vert.x 5.0 delivers notable changes such as: the removal of deprecated classes – ServiceAuthInterceptor and ProxyHelper – along with the two of the overloaded addInterceptor() methods defined in the ServiceBinder class; and support for the Java Platform Module System (JPMS). Further details on this release may be found in the release notes and deprecations and breaking changes.
Micrometer
The second milestone release of Micrometer Metrics 1.15.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: the removal of special handling of HTTP status codes 404, Not Found, and 301, Moved Permanently, from OkHttp client instrumentation; and a deprecation of the SignalFxMeterRegistry class (step meter) in favor of the OtlpMeterRegistry class (push meter). More details on these releases may be found in the release notes.
The second milestone release of Micrometer Tracing 1.5.0 provides dependency upgrades and features a deprecation of the ArrayListSpanProcessor class in favor of the Open Telemetry InMemorySpanExporter class. Further details on this release may be found in the release notes.
Piranha Cloud
The release of Piranha 25.2.0 delivers many dependency upgrades, improvements in documentation and notable changes such as: removal of the GlassFish 7.x and Tomcat 10.x compatibility extensions; and the ability to establish a file upload size in the FileUploadExtension, FileUploadMultiPart, FileUploadMultiPartInitializer and FileUploadMultiPartManager classes. More details on this release may be found in the release notes, documentation and issue tracker.
Project Reactor
Project Reactor 2024.0.3, the third maintenance release, providing dependency upgrades to reactor-core 3.7.3, reactor-netty 1.2.3, reactor-pool 1.1.2. There was also a realignment to version 2024.0.3 with the reactor-addons 3.5.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23 artifacts that remain unchanged. Further details on this release may be found in the changelog.
Similarly, Project Reactor 2023.0.15, the fifteenth maintenance release, provides dependency upgrades to reactor-core 3.6.14, reactor-netty 1.1.27 and reactor-pool 1.0.10. There was also a realignment to version 2023.0.15 with the reactor-addons 3.5.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23 artifacts that remain unchanged. More details on this release may be found in the changelog.
JHipster
The release of JHipster 8.9.0 features: dependency upgrades to Spring Boot 3.4.2, Node 22.13.1, Gradle 8.12.1, Angular 19.0.6 and Typescript 5.7.3; and support for plain time fields (Java LocalTime class) without it being tied to a date to the JHipster Domain Language (JDL). Further details on this release may be found in the release notes.
Gradle
The first release candidate of Gradle 8.13.0 introduces a new auto-provisioning utility that automatically downloads a JVM required by the Gradle Daemon. Other notable enhancements include: an explicit Scala version configuration for the Scala Plugin to automatically resolve required Scala toolchain dependencies; and refined millisecond precision in JUnit XML test event timestamps. More details on this release may be found in the release notes.
Java News Roundup: Java Operator SDK 5.0, Open Liberty, Quarkus MCP, Vert.x, JBang, TornadoVM
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for January 27th, 2025, features news highlighting: the GA release of Java Operator SDK 5.0; the January 2025 release of Open Liberty; an implementation of Model Context Protocol in Quarkus; the fourth milestone release of Vert.x 5.0; and point releases of JBang 0.123.0 and TornadoVM 1.0.10.
JDK 24
Build 34 of the JDK 24 early-access builds was made available this past week featuring updates from Build 33 that include fixes for various issues. Further details on this release may be found in the release notes.
JDK 25
Build 8 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 7 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.
TornadoVM
TornadoVM 1.0.10 features bug fixes, compatibility enhancements, and improvements: a new command-line option, -Dtornado.spirv.runtimes, to select individual (Level Zero and/or OpenCL) runtimes for dispatching and managing SPIR-V; and support for multiplication of matrices using the HalfFloat type. Further details on this release may be found in the release notes.
Spring Framework
The first milestone release of Spring Cloud 2025.0.0, codenamed Northfields, features bug fixes and notable updates to sub-projects: Spring Cloud Kubernetes 3.3.0-M1; Spring Cloud Function 4.3.0-M1; Spring Cloud Stream 4.3.0-M1; and Spring Cloud Circuit Breaker 3.3.0-M1. This release is based upon Spring Boot 3.5.0-M1. More details on this release may be found in the release notes.
Open Liberty
IBM has released version 25.0.0.1 of Open Liberty featuring updated Open Liberty features – Batch API (batch-1.0), Jakarta Batch 2.0 (batch-2.0), Jakarta Batch 2.1 (batch-2.1), Java Connector Architecture Security Inflow 1.0 (jcaInboundSecurity-1.0), Jakarta Connectors Inbound Security 2.0 (connectorsInboundSecurity-2.0) – to support InstantOn; and a more simplified web module migration with the introduction of the webModuleClassPathLoader configuration attribute for the enterpriseApplication element that controls what class loader is used for the JARs that are referenced by a web module Class-Path attribute.
Quarkus
The release of Quarkus 3.18.0 provides bug fixes, dependency upgrades and notable changes such as: an integration of Micrometer to the WebSockets Next extension; support for a JWT bearer client authentication in the OpenID Connect and OpenID Connect Client extensions using client assertions loaded from the filesystem; and a new extension, OpenID Connect Redis Token State Manager to store an OIDC connect token state in a Redis cache datasource. Further details on this release may be found in the changelog.
The Quarkus team has also introduced their own implementation of the Model Context Protocol (MCP) protocol featuring three servers so far: JDBC, Filesystem and JavaFX. These servers have been tested with Claude for Desktop, Model Context Protocol CLI and Goose clients. The team recommends using JBang to use these servers for ease of use, but isn’t required.
Apache Software Foundation
Maintaining alignment with Quarkus, the release of Camel Quarkus 3.18.0, composed of Camel 4.9.0 and Quarkus 3.18.0, provides resolutions to notable issues such as: the Kamelet extension unable to serialize objects from an instance of the ClasspathResolver, an inner class defined in the DefaultResourceResolvers, to bytecode; and the Debezium BOM adversely affects the unit tests from the Cassandra CQL extension driver since the release of Debezium 1.19.2.Final. More details on this release may be found in the release notes.
Infinispan
The release of Infinispan 15.1.5 features dependency upgrades and resolutions to issues such as: a NullPointerException due to a concurrent removal with the DELETE statement causing the cache::removeAsync statement to return null; and an instance of the HotRodUpgradeContainerSSLTest class crashes the test suite due to an instance of the PersistenceManagerImpl class failing to start. Further details on this release may be found in the release notes.
Java Operator SDK
The release of Java Operator SDK 5.0.0 ships with continuous improvements on new features such as: the Kubernetes Server-Side Apply elevated to a first-class citizen with a default approach for patching the status resource; and a change in responsibility with the EventSource interface to monitor the resources and handles accessing the cached resources, filtering, and additional capabilities that was once maintained by the ResourceEventSource subinterface. More details on this release may be found in the release notes.
JBang
JBang 0.123.0 provides bug fixes, improvements in documentation and new features: the options, such as add-open and exports, in a bundled MANIFEST.MF file are now honored; and the addition of Cursor, the AI code editor, in the list of supported IDEs. Further details on this release may be found in the release notes.
Eclipse Vert.x
The fourth release candidate of Eclipse Vert.x 5.0 delivers notable changes such as: the removal of deprecated classes – ServiceAuthInterceptor and ProxyHelper – along with the two of the overloaded addInterceptor() methods defined in the ServiceBinder class; and support for the Java Platform Module System (JPMS). More details on this release may be found in the release notes and deprecations and breaking changes.
JHipster
Versions 1.26.0 and 1.25.0 of JHipster Lite (announced here and here, respectively) ship with bug fixes, dependency upgrades and new features/enhancements such as: new datasource modules for PostgreSQL, MariaDB, MySQL and MSSQL; and a restructured state ranking system for modules. Version 1.26.0 also represents the 100th release of JHipster Lite. Further details on these releases may be found in the release notes for version 1.26.0 and version 1.25.0.
Spring News Roundup: Milestone Releases of Boot, Framework, Data, Security, Integration, Modulith
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
There was a flurry of activity in the Spring ecosystem during the week of January 20th, 2025, highlighting milestone releases of: Spring Boot, Spring Framework, Spring Data, Spring Security, Spring Integration and Spring Modulith.
The Spring team has also announced that they will begin releasing milestones and release candidates of Spring projects, with GA releases planned for November 2025, to Maven Central.
Spring Boot
The first milestone release of Spring Boot 3.5.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: support for the Spring Framework TaskDecorator interface for scheduled tasks; and support for the Vibur DBCP connection pool to the DataSourceBuilder class. More details on this release may be found in the release notes.
Versions 3.4.2 and 3.3.8 of Spring Boot (announced here and here, respectively) ship with improvements in documentation, dependency upgrades and resolutions to notable issues such as: a NullPointerException from an instance of the GraylogExtendedLogFormatProperties class when only the logging.structured.gelf.host property is specified; and the addition of handling the TypeNotPresentException from the BindableRuntimeHintsRegistrar class. Further details on these releases may be found in the release notes for version 3.4.2 and version 3.3.8.
Spring Framework
The first milestone release of Spring Framework 7.0.0 ships with improvements in documentation, dependency upgrades and new features such as: a redefinition and optimization of the KotlinDetector class that includes removal of methods that are no longer useful; and allow for multiple executions of the ClientHttpRequestInterceptor interface. This release also provides an initial null safety strategy with JSpecify by refining over a dozen modules and retiring the annotations defined in the org.springframework.lang package. More details on this release may be found in the release notes.
Spring Data
The first milestone release of Spring Data 2025.1.0 features: baseline minimal requirements to the upcoming GA releases of Jakarta EE 11 (featuring Hibernate ORM 7.0 and Hibernate Validator 9.0 as compatible implementations) and Kotlin 2.x; and a major revision of Spring Data JPA that includes the use of the Java Persistence Query Language (JPQL) for derived queries. The Spring data team anticipates a GA release in November 2025. Further details on this release may be found in the release notes.
Spring Security
The first milestone release of Spring Security 6.5.0 provides bug fixes, dependency upgrades and new features such as: Support for Expression Templates by adding the @AuthenticationPrincipal and @CurrentSecurityContext annotations; and the addition of an inner class, ClientSettings, defined in the ClientRegistration class, that provides a boolean field, requireProofKey, for use in enabling Proof Key for Code Exchange (PKCE). More details on this release may be found in the release notes.
Spring Integration
The first milestone release of Spring Integration 6.5.0 delivers one bug fix, dependency upgrades and new features such as: the addition of a locking strategy to the AbstractMessageGroupStore class; and an optional flag added to the discardChannel element, defined in the @Aggregator annotation, to discard a whole group a messages instead of individual ones. Further details on this release may be found in the release notes and what’s new page.
Spring Modulith
The first milestone release of Spring Modulith 1.4.0 delivers bug fixes, dependency upgrades and new features such as: a new DefaultModulithObservationConvention class to support the Micrometer Observation API; and a new strategy to programmatically detect instances of the NamedInterface class. More details on this release may be found in the release notes.
Versions 1.3.2 and 1.2.8 of Spring Modulith have also been released featuring dependency upgrades to Spring Boot 3.4.2 and 3.3.8, respectively and resolutions to issues: a BeanCreationException due to an error in creating bean with the name, repositoryEntityController, from an instance of the RepositoryEntityController class; and an IllegalArgumentException in generation of AsciiDoc for the Spring Framework @EventListener annotation without parameters. Further details on these releases may be found in the release notes for version 1.3.2 and version 1.2.8.
Spring AI
The Spring AI MCP team has released version 0.6.0 to provide new features such as: a new protocol version negotiation between MCP client and server; and configurable SSE endpoints that includes backward compatibility with default /sse endpoint. Deprecations in this release include: the using(ClientMcpTransport) method, defined in the McpClient interface, in favor of methods, sync(ClientMcpTransport) and async(ClientMcpTransport); the Builder inner class, also defined in the McpClient interface, in favor of new builder patterns; and the constructor with non-reactive types, defined in the McpAsyncClient class. More details on this release may be found in the release notes.
Spring AMQP
The release of Spring AMQP 3.2.2 provides two bug fixes, dependency upgrades and one new feature that resolves a deprecation warning in the RestTemplateNodeLocator class by removing what the team characterized as a “bogus” non-public RestTemplateHolder class that was accidentally exposed by the public RestTemplateNodeLocator. The logic for this class was also restructured to directly expose an instance of the Spring Framework RestTemplate class. Further details on this release may be found in the release notes.
Spring for Apache Kafka
The release of Spring for Apache Kafka 3.3.2 provides improvements in documentation, dependency upgrades and resolutions to issues such as: a memory leak from the metric, spring.kafka.listener.active, due to an increasing number of active tasks from instances of the Micrometer DefaultLongTaskTimer class on a Kafka observation, that are never garbage collected; and exceptions due to the observation scope from an instance of the KafkaMessageListenerContainer class not being closed in the catch clause of an exception handler.
The team has announced that development of Apache Kafka 4.0.0 will soon be underway. It will be built upon upcoming releases of Kafka Client 4.0.0 and Spring Framework 7.0.0, and be compatible with Spring Boot 4.0.0. More details on this release may be found in the release notes.
Spring for Apache Pulsar
Versions 1.2.2 and 1.1.8 of Spring for Apache Pulsar have been released featuring improvements in documentation, dependency upgrades and resolution to a PulsarBatchListenerFailedException when a listener consumes the same message after it is sent to the Dead Letter Topic (DLT) topic. These versions are included in Spring Boot 3.4.2 and 3.3.8, respectively. Further details on these releases may be found in the release notes for version 1.2.2 and version 1.1.8.
Java News Roundup: JDK 24 in Rampdown Phase Two, Spring Framework, JobRunr, Commonhaus Foundation
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for January 13th, 2025, features news highlighting: JDK 24 in Rampdown Phase Two; Spring Framework 6.2.2; JobRunr 7.4.0; Micrometer Metrics 1.15.0-M1 and Micrometer Tracing 1.5.0-M1; and Infinispan joins the Commonhaus Foundation.
JDK 24
Build 32 of the JDK 24 early-access builds was made available this past week featuring updates from Build 31 that include fixes for various issues. Further details on this release may be found in the release notes.
As per the JDK 24 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, formally declared that JDK 24 has entered Rampdown Phase Two. This means that: no additional JEPs will be added for JDK 24; and there will be a focus on the P1 and P2 bugs which can be fixed via the Fix-Request Process. Late enhancements are still possible, with the Late-Enhancement Request Process, but Reinhold states that “the bar is now extraordinarily high.” The final set of 24 features for the GA release in March 2025 will include:
JDK 25
Build 6 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 5 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE developer advocate at the Eclipse Foundation, provided an update on Jakarta EE 11, writing:
The latest news about the refactoring of the TCK for Jakarta EE 11 is that the team is getting closer to releasing Jakarta EE Web Profile 11. There are just a small number of tests remaining to be refactored, and the rewriting of the TCK User Guide has started.
The discussions around Jakarta EE 12 are gaining momentum. Check out the
EE12labeled issues in the Jakarta EE Platform GitHub Issue Tracker. Feel free to add new issues or contribute to the discussions of those already created.You can also join the Jakarta EE Future Directions interest group and participate in high-level discussions about how the platform should evolve. If you’re not able to join the bi-weekly calls (calendar), you can always join the mailing list and participate there as well.
The road to Jakarta EE 11 included four milestone releases, the release of Core Profile in December 2024, and the potential for release candidates as necessary before the GA releases of the Platform and Web Profile in 1Q2025.
Spring Framework
The release of Spring Framework 6.2.2 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: a change to the BeanOverrideHandler class to track only qualifier annotations to align with the Spring Boot QualifierDefinition class; and elevate the @MockitoBean annotation to support both fields and types to align with the now-deprecated Spring Boot @MockBean annotation. This version will be included in the upcoming releases of Spring Boot 3.4.2 and 3.5.0-M1. More details on this release may be found in the release notes.
Spring Data 2024.1.2 and 2024.0.8, both service releases, ship with bug fixes, dependency upgrades and and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.4.2 and 3.3.8; Spring Data MongoDB 4.4.2 and 4.3.8; Spring Data Elasticsearch 5.4.2 and 5.3.8; and Spring Data Neo4j 7.4.2 and 7.3.8. These versions will be included in the upcoming releases of Spring Boot and 3.4.2 and 3.3.8.
The Spring AI MCP team has released version 0.5.0 to provide new features such as: enhancements to the transport layer with a new HttpServletSseServerTransport class and a blocking queue-based implementation of the Spring Framework SseEmitter.SseEventBuilder interface; and a new Bill of Materials. More details on this release may be found in the release notes.
Quarkus
Quarkus 3.17.7, the sixth maintenance release (3.17.1 was skipped due to a regression), features notable changes such as: a resolution to an issue when a method is annotated with @PermissionsAllowed with multiple values, the parameters in the @PermissionChecker annotation is not correctly matched; and a switch to execute the MongoDB Connection Health Check on startup instead of when the application tries to store the first record in the database. More details on this release may be found in the changelog.
Micrometer
The first milestone release of Micrometer Metrics 1.15.0 provides bug fixes, improvements in documentation, dependency upgrades and new features such as: use of the failWithActualExpectedAndMessage(), defined in the AssertJ AbstractAssert class, where possible; and a consistent use of the Java String methods, toLowerCase() and toUpperCase(), with the Java Locale.ROOT for improved security. Further details on these releases may be found in the release notes.
Similarly, versions 1.14.3 and 1.13.10 of Micrometer Metrics ship with dependency upgrades and resolutions to notable issues such as: a NullPointerException when applying aspects on methods that return a CompletableFuture; and a performance regression from the remove() method, defined in the MeterRegistry class, with a significant amount of registered meters. More details on these releases may be found in the release notes for version 1.14.3 and version 1.13.10.
The first milestone release of Micrometer Tracing 1.5.0 delivers bug fixes, dependency upgrades and new features: avoid creating superfluous copies of instances of the OtelSpan class; and the addition of local service name setting and retrieving for FinishedSpan to complement the remote service name. More details on this release may be found in the release notes.
Similarly, versions 1.4.2 and 1.3.8 of Micrometer Tracing provide: dependency upgrades to Micrometer Metrics 1.14.3 and 1.13.10, respectively, and a resolution to a NullPointerException when an instance of the OtelTraceContextBuilder class set the parentId and sampled fields as @Nullable to align with the same fields in the TraceContext interface. More details on these releases may be found in the release notes for version 1.4.2 and version 1.3.8.
Piranha Cloud
The release of Piranha 25.1.0 delivers many dependency upgrades and notable changes such as: a new SecurityConstraint class to complement their own SecurityManager API; and a resolution to an instance of the GrizzlyHttpServer class to not indefinitely suspend on asynchronous requests. Further details on this release may be found in the release notes, documentation and issue tracker.
Project Reactor
Project Reactor 2024.0.2, the second maintenance release, providing dependency upgrades to reactor-core 3.7.2, reactor-netty 1.2.2, reactor-pool 1.1.1. There was also a realignment to version 2024.0.2 with the reactor-addons 3.5.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23 artifacts that remain unchanged. More details on this release may be found in the changelog.
Similarly, Project Reactor 2023.0.14, the fourteenth maintenance release, provides dependency upgrades to reactor-pool 1.0.9 and reactor-netty 1.1.26. There was also a realignment to version 2023.0.12 with the reactor-core 3.6.13, reactor-addons 3.5.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23 artifacts that remain unchanged. Further details on this release may be found in the changelog.
JobRunr
The release of JobRunr 7.4.0 ships with: support for JDK 24, Spring Boot 3.4 and Kotlin 2.1. Enhancements include: wait for all instances of the RecurringJobPostProcessor class to finish before starting Spring Boot and the BackgroundJobServer class; and ensure that the correct casing is used in all SQL scripts. There was also a resolution to skip collection validation if an instance of the MongoDBStorageProvider class is configured with the NO_VALIDATE option. More details on this release may be found in the release notes.
OpenXava
The release of OpenXava 7.4.5 provides bug fixes, improvements in documentation, dependency upgrades and enhancements such as: a new filterByContentInAnyProperty() method, added to the Tab class, to filter a string value in any column; and a new isJavaIdentifier() method, added to the Strings utility class, to determine the existence of a Java identifier. More details on this release may be found in the release notes.
Commonhaus Foundation
The Commonhaus Foundation, a non-profit organization dedicated to the sustainability of open source libraries and frameworks, has announced that Infinispan has joined the foundation this past week. In a blog post published in mid-January 2025, Tristan Tarrant, senior principal software engineer at Red Hat and Infinispan project lead, described their rationale to transition to the foundation, writing:
Commonhaus just ticks all the right boxes for us: its lightweight governance is ideal. We get all the benefits of being part of an awesome foundation, with all the benefits of running the project on our own terms.
Commonhaus is also the home to a number of “friend projects”: Hibernate, Quarkus, Debezium, Jackson all play a key role in our software and it’s great that we share a “common home.”
Other notable projects that have joined the foundation include: JReleaser, JBang, OpenRewrite, SDKMAN, EasyMock, Objenesis and Feign.
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for January 6th, 2025 features news highlighting: the release of WildFly 35; Java Operator SDK 5.0-RC1; Spring Framework 2023.0.5; Micronaut 4.7.4; Quarkus 3.17.6; Arquillian 1.9.3; and an update on Jakarta EE 11.
JDK 24
Build 31 of the JDK 24 early-access builds was made available this past week featuring updates from Build 30 that include fixes for various issues. Further details on this release may be found in the release notes.
JDK 25
Build 5 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 4 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE 11
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, provided an update on Jakarta EE 11, writing:
Jakarta EE Core Profile 11 was released in December. You can check out all the details on the updated Jakarta EE Core Profile 11 specification page. The next out will be Jakarta EE Web Profile 11, which will be released as soon as there is a compatible implementation that passes the refactored TCK. The Jakarta EE Platform 11 will follow after the Web Profile.
The road to Jakarta EE 11 included four milestone releases, the release of Core Profile with the potential for release candidates as necessary before the GA releases of the Platform and Web Profile in 1Q2025.
Spring Framework
Spring Cloud 2023.0.5, codenamed Leyton, has been released featuring bug fixes and notable updates to sub-projects: Spring Cloud Kubernetes 3.1.5; Spring Cloud Function 4.1.5; Spring Cloud Stream 4.1.5; and Spring Cloud Circuit Breaker 3.1.4. This release is based upon Spring Boot 3.4.0. Further details on this release may be found in the release notes.
WildFly
The release of WildFly 3.5 primarily focuses on support for MicroProfile 7.0 and the updated specifications, namely: MicroProfile Telemetry 2.0; MicroProfile Open API 4.0; MicroProfile Rest Client 4.0; and MicroProfile Fault Tolerance 4.1. Along with bug fixes and dependency upgrades, other enhancements include: a refactor of the WildFlyOpenTelemetryConfig class as it had become too large and unmanageable; and the addition of profiles in the source code base for a “cleaner organization of the build and testsuite execution so the base and expansion parts can be independently built, and, more importantly, can be independently tested.” More details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.
Micronaut
The Micronaut Foundation has released version 4.7.4 of the Micronaut Framework featuring Micronaut Core 4.7.11, bug fixes and patch updates to modules: Micronaut Serialization and Micronaut Discovery Client. Further details on this release may be found in the release notes.
Quarkus
Quarkus 3.17.6, the fifth maintenance release (3.17.1 was skipped due to a regression), ships with bug fixes, dependency upgrades and notable resolutions to issues such as: a NullPointerException caused by the mappingToNames() method, defined in the BuildTimeConfigurationReader class, using the SmallRye Config PropertyName class to map with mapping names; and bootstrapping an application crashes using the Dev Console. More details on this release may be found in the changelog.
Java Operator SDK
The first release candidate of Java Operator SDK 5.0.0 ships with continuous improvements on new features such as: the Kubernetes Server-Side Apply elevated to a first-class citizen with a default approach for patching the status resource; and a change in responsibility with the EventSource interface to monitor the resources and handles accessing the cached resources, filtering, and additional capabilities that was once maintained by the ResourceEventSource subinterface. Further details on this release may be found in the changelog.
Arquillian
A week after the release of version 1.9.2, Arquillian 1.9.3 provides dependency upgrades and improvements to the ExceptionProxy class to produce a meaningful stack trace when the exception class is missing on a client. More details on this release may be found in the release notes.
Java News Roundup: Spring AI 1.0-M5, LangChain4j 1.0-Alpha1, Grails 7.0-M1, JHipster 8.8
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for December 23rd, 2024 features news highlighting: the fifth milestone release of Spring AI 1.0; the first milestone release of Grails 7.0; the first alpha release of LangChain4j 1.0; and the release of JHipster 8.8.
JDK 24
Build 29 remains the current build in the JDK 24 early-access builds. Further details on this release may be found in the release notes.
JDK 25
Similarly, Build 3 remains the current build in the JDK 25 early-access builds. More details on this release may be found in the release notes.
For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.
Spring Framework
Ten days after introducing the experimental Spring AI MCP, a Java SDK implementation of the Model Context Protocol (MCP), to the Java community, the Spring AI team has released a version 0.2.0 milestone. This initial release features: a simplified McpClient interface such that listing operations no longer require a cursor parameter; and a new SseServerTransport class, a server-side implementation of the MCP HTTP with the SSE transport specification. Breaking changes include a rename of some modules for improved consistency. Further details on this release may be found in the release notes.
The fifth milestone release of Spring AI 1.0 delivers: incubating support for the Model Context Protocol; support for models such as Zhipuai Embedding-3 and Pixtral; and support for vector stores such as MariaDB and Azure Cosmos DB. There were also breaking changes that include moving the MilvusVectorStore class from the org.springframework.ai.vectorstore package to the org.springframework.ai.vectorstore.milvus package. The Spring AI team plans a sixth milestone release in January 2025 followed by one release candidate before the final GA release.
TornadoVM
The release of TornadoVM 1.0.9 ships with bug fixes and improvements such as: support for the RISC-V 64 CPU port to run OpenCL with vector instructions for the RVV 1.0 board; support for int, double, long and short three-dimensional arrays by creating new matrix classes; and the addition of a helper menu for the tornado launcher script when no arguments are passed. More details on this release may be found in the release notes.
Micronaut
The Micronaut Foundation has released version 4.7.3 of the Micronaut Framework featuring Micronaut Core 4.7.10, bug fixes and patch updates to modules: Micronaut Logging, Micronaut Flyway, Micronaut Liquibase Micronaut Oracle Cloud and Micronaut Pulsar. Further details on this release may be found in the release notes.
Grails
The first milestone release of Grails 7.0.0 delivers bug fixes, dependency upgrades and notable changes such as: a minimal version of JDK 17, Spring Framework 6.0, Spring Boot 3.0 and Groovy 4.0; and an update to the PublishGuide class to use the Gradle AntBuilder class instead of the deprecated Groovy AntBuilder class. More details on this release may be found in the release notes.
LangChain4j
After more than 18 months of development, the first alpha release of LangChain4j 1.0.0 features: updated ChatLanguageModel and StreamingChatLanguageModel interfaces to support additional use cases and new features; and an initial implementation of the Model Context Protocol. The team plans a GA release in Q12025. Further details on this release may be found in the release notes.
Apache Software Foundation
The Apache Camel team has announced that the version 3.0 release train has reached end-of-life. The recently released Apache Camel 3.22.3, will be the final one. Developers are encouraged to upgrade to the 4.0 release train via this migration guide.
JHipster
The release of JHipster 8.8.0 features: upgrades to Spring Boot 3.4, Angular 19 and Gradle 8.12; experimental support for esbuild in Angular; and improved CSRF token handling for single page applications. More details on this release may be found in the release notes.
Similarly, the release of JHipster Lite 1.24.0 ships with an upgrade to Spring Boot 3.4.1 and new features/enhancements such as: a new module for configuring a Liquibase linter; and the addition of metadata to the preprocessor to resolve a ESLint cache error. Further details on this release may be found in the release notes.
Spring News Roundup: Release Candidates for Spring Boot, Security, Auth Server, Modulith
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
There was a flurry of activity in the Spring ecosystem during the week of October 21st, 2024, highlighting first release candidates of: Spring Boot, Spring Security, Spring Authorization Server, Spring Integration, Spring Modulith, Spring Batch, Spring AMQP, Spring for Apache Kafka and Spring for Apache Pulsar.
Spring Boot
The first release candidate of Spring Boot 3.4.0 delivers bug fixes, improvements in documentation, dependency upgrades and many new features such as: improved support for the Spring Framework ClientHttpRequestFactory interface with new builders and additional customization; and support for ARM and x86 architectures in the Paketo Buildpack for Spring Boot. More details on this release may be found in the release notes.
Similarly, the release of Spring Boot 3.3.5 and 3.2.11 provide improvements in documentation, dependency upgrades and resolutions to notable bug fixes such as: removal of the printing the stack trace to the error stream from the driverClassIsLoadable() method, defined in the DataSourceProperties class, upon exception as it was determined to be unnecessary; and an instance of the ArtemisConnectionFactoryFactory class failing when building a native image. More details on this release may be found in the release notes for version 3.3.5 and version 3.2.11.
Spring Framework
In conjunction with the release of Spring Boot 3.4.0-RC1, the third release candidate of Spring Framework 6.2.0 ships with bug fixes, improvements in documentation and new features such as: removal of the proxyTargetAware attribute in the new @MockitoSpyBean annotation as it was deemed unnecessary; and a refactor of the retrieve() method, defined in the RestClient interface, to execute a request and extract the response as necessary, eliminating the need for two method calls in this workflow. More details on this release may be found in the release notes.
Spring Security
The first release candidate of Spring Security 6.4.0 delivers bug fixes, dependency upgrades and new features such as: support for Passkeys; a new authorize() method that replaces the now-deprecated check() method, defined in the AuthorizationManager interface, that returns an instance of the AuthorizationResult interface; and a refactored publishAuthorizationEvent(Supplier, T, AuthorizationDecision) method, defined in the AuthorizationEventPublisher interface, that now accepts an instance of the AuthorizationResult interface, replacing the AuthorizationDecision class in the parameter list. More details on this release may be found in the release notes and what’s new page.
Similarly, versions 6.3.4, 6.2.7 and 5.8.15 of Spring Security have been released featuring build updates, dependency upgrades and resolutions to notable bug fixes such as: erasures of credentials on custom instances of the AuthenticationManager interface despite the eraseCredentialsAfterAuthentication field being set to false; and methods annotated with @PostFilter are processed twice by the PostFilterAuthorizationMethodInterceptor class. More details on these releases may be found in the release notes for version 6.3.4, version 6.2.7 and version 5.8.15.
Spring Authorization Server
The first release candidate of Spring Authorization Server 1.4.0 provides dependency upgrades and new features such as: a replacement of the DelegatingAuthenticationConverter class with the similar DelegatingAuthenticationConverter class defined in Spring Security; and a simplification of configuring a dedicated authorization server using the with() method, defined in the Spring Security HttpSecurity class. More details on this release may be found in the release notes.
Similarly, versions 1.3.3 and 1.2.7 of Spring Authorization Server have been released featuring dependency upgrades and a fix for more efficiently registering AOT contributions with subclasses defined from the JdbcOAuth2AuthorizationService class. More details on these releases may be found in the release notes for version 1.3.3 and version 1.2.7.
Spring for GraphQL
Versions 1.3.3 and 1.2.9 of Spring for GraphQL have been released ship with bug fixes, improvements in documentation, dependency upgrades and new features such as: the ability to set a timeout value for server-side events; and methods annotated with @BatchMapping should pass the localContext field, defined in the GraphQL for Java DataFetcherResult class, from an instance of the BatchLoaderEnvironment class.More details on these releases may be found in the release notes for version 1.3.3 and version 1.2.9.
Spring Integration
The first release candidate of Spring Integration 6.4.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: an instance of the RedisLockRegistry class may now be configured via an instance of the Spring Framework TaskScheduler interface for renewal of automatic locks in the store; and a migration of Python scripts to support Python 3 and GraalPy. More details on this release may be found in the release notes and what’s new page.
Similarly, versions 6.3.5 and 6.2.10 of Spring Integration have been released with bug fixes, dependency upgrades and new features: the addition of a new property, idleBetweenTries, to the aforementioned RedisLockRegistry class to specify a duration to sleep in between lock attempts; and improved support for the JUnit @Nested annotation when using the @SpringIntegrationTest annotation. More details on this release may be found in the release notes for version 6.3.5 and version 6.2.10.
Spring Modulith
The first release candidate of Spring Modulith 1.3.0 provides bug fixes, improvements in documentation, dependency upgrades and new features such as: support for the Oracle database type in the JDBC event publication registry; and support for the MariaDB database driver. More details on this release may be found in the release notes.
Similarly, versions 1.2.5 and 1.1.10 of Spring Modulith have been released featuring bug fixes, dependency upgrades and various improvements in the reference documentation. More details on this release may be found in the release notes for version 1.2.5 and version 1.1.10.
Spring Batch
The first release candidate of Spring Batch 5.2.0 ships with bug fixes, improvements in documentation, dependency upgrades and a new feature that allows the CompositeItemReader class to be subclassed to allow generics to be less strict. More details on this release may be found in the release notes.
Spring AMQP
The first release candidate of Spring AMQP 3.2.0 provides improvements in documentation, dependency upgrades and new features such as: additional Open Telemetry semantic tags that are exposed via an instance of the RabbitTemplate class and @RabbitListener annotation; and a new method, getBeforePublishPostProcessors(), in the RabbitTemplate class that complements the existing addBeforePublishPostProcessors() method that allows developers to dynamically access and modify these processors. More details on this release may be found in the release notes.
Spring for Apache Kafka
The first release candidate of Spring for Apache Kafka 3.3.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: a new KafkaMetricsSupport class for improved metrics support; and the ability to use the Java @Override annotation on the createAdmin() method, defined in the KafkaAdmin class, to use another type of class implementing the Apache Kafka Admin interface. This release also provides full integration with Spring Boot 3.4.0-RC1. More details on this release may be found in the release notes.
Spring for Apache Pulsar
The first release candidate for Spring for Apache Pulsar 1.2.0 provides dependency upgrades and improvements such as: ensure that all uses of the toLowerCase() and toUpperCase() methods, defined in the Java String class, specify an instance of a Java Locale class with a default of Locale.ROOT; and a new log to warn developers when lambda producer customizers are used for increased awareness. More details on this release may be found in the release notes.
Similarly, versions 1.1.5 and 1.0.11 of Spring for Apache Pulsar have been released featuring dependency upgrades and the aforementioned use of the toLowerCase() and toUpperCase() methods. More details on this release may be found in the release notes for version 1.1.5 and version 1.0.11.
OpenJDK News Roundup: Stream Gatherers, Scoped Values, Generational Shenandoah, ZGC Non-Gen Mode
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
There was a flurry of activity in the OpenJDK ecosystem during the week of October 21st, 2024, highlighting: JEPs that have been Targeted and Proposed to Target for JDK 24; and drafts that have been promoted to Candidate status. JEP 485, Stream Gatherers, is the fifth JEP confirmed for JDK 24. Four JEPs have been Proposed to Target and will be under review during the week of October 28, 2024.
Targeted
After its review had concluded, JEP 485, Stream Gatherers, has been promoted from Proposed to Target to Targeted for JDK 24. This JEP proposes to finalize this feature after two rounds of preview, namely: JEP 473: Stream Gatherers (Second Preview), delivered in JDK 23; and JEP 461, Stream Gatherers (Preview), delivered in JDK 22. This feature was designed to enhance the Stream API to support custom intermediate operations that will “allow stream pipelines to transform data in ways that are not easily achievable with the existing built-in intermediate operations.” More details on this JEP may be found in the original design document and this InfoQ news story.
Proposed to Target
JEP 490, ZGC: Remove the Non-Generational Mode, has been promoted from Candidate to Proposed to Target for JDK 24. This JEP proposes to remove the non-generational mode of the Z Garbage Collector (ZGC). The generational mode is now the default as per JEP 474, ZGC: Generational Mode by Default, delivered in JDK 23. By removing the non-generational mode of ZGC, it eliminates the need to maintain two modes and improves development time of new features for the generational mode. The review is expected to conclude on October 29, 2024.
JEP 487, Scoped Values (Fourth Preview), has been promoted from Candidate to Proposed to Target for JDK 24. Formerly known as Extent-Local Variables (Incubator), proposes a fourth preview, with one change, in order to gain additional experience and feedback from one round of incubation and three rounds of preview, namely: JEP 481, Scoped Values (Third Preview), delivered in JDK 23; JEP 464, Scoped Values (Second Preview), delivered in JDK 22; JEP 446, Scoped Values (Preview), delivered in JDK 21; and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads. The only change from the previous preview is the removal of the callWhere() and runWhere() methods from the ScopedValue class that leaves the API fluent. The ability to use one or more bound scoped values is accomplished via the call() and run() methods defined in the ScopedValue.Carrier class. The review is expected to conclude on October 30, 2024.
JEP 478, Key Derivation Function API (Preview), has been promoted from Candidate to Proposed to Target for JDK 24. This JEP proposes to introduce an API for Key Derivation Functions (KDFs), cryptographic algorithms for deriving additional keys from a secret key and other data, with goals to: allow security providers to implement KDF algorithms in either Java or native code; and enable the use of KDFs in implementations of JEP 452, Key Encapsulation Mechanism. The review is expected to conclude on October 31, 2024.
JEP 404, Generational Shenandoah (Experimental), has been promoted from Candidate to Proposed to Target for JDK 24. Originally targeted for JDK 21, JEP 404 was officially removed from the final feature set due to the “risks identified during the review process and the lack of time available to perform the thorough review that such a large contribution of code requires.” The Shenandoah team decided to “deliver the best Generational Shenandoah that they can” and target a future release. The review is expected to conclude on October 30, 2024.
New JEP Candidates
JEP 495, Simple Source Files and Instance Main Methods (Fourth Preview), has been promoted from its JEP Draft 8335984 to Candidate status. This JEP proposes a fourth preview without change (except for a second name change), after three previous rounds of preview, namely: JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), delivered in JDK 23; JEP 463, Implicitly Declared Classes and Instance Main Methods (Second Preview), delivered in JDK 22; and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This feature aims to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java language architect at Oracle. Gavin Bierman, consulting member of technical staff at Oracle, has published the first draft of the specification document for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.
JEP 494, Module Import Declarations (Second Preview), has been promoted from its JEP Draft 8335987 to Candidate status.This JEP proposes a second preview after the first round of preview, namely: JEP 476, Module Import Declarations (Preview), delivered in JDK 23. This feature will enhance the Java programming language with the ability to succinctly import all of the packages exported by a module with a goal to simplify the reuse of modular libraries without requiring to import code to be in a module itself. Changes from the first preview include: remove the restriction that a module is not allowed to declare transitive dependencies on the java.base module; revise the declaration of the java.se module to transitively require the java.base module; and allow type-import-on-demand declarations to shadow module import declarations. These changes mean that importing the java.se module will import the entire Java SE API on demand.
JEP 493, Linking Run-Time Images without JMODs, has been promoted from its JEP Draft 8333799 to Candidate status. This JEP proposes to “reduce the size of the JDK by approximately 25% by enabling the jlink tool to create custom run-time images without using the JDK’s JMOD files.” This feature must explicitly be enabled upon building the JDK. Developers are now allowed to link a run-time image from their local modules regardless where those modules exist.
JDK 24 Release Schedule
The JDK 24 release schedule, as approved by Mark Reinhold, Chief Architect, Java Platform Group at Oracle, is as follows:
- Rampdown Phase One (fork from main line): December 5, 2024
- Rampdown Phase Two: January 16, 2025
- Initial Release Candidate: February 6, 2025
- Final Release Candidate: February 20, 2025
- General Availability: March 18, 2025
For JDK 24, developers are encouraged to report bugs via the Java Bug Database.
Java News Roundup: WildFly 34, Stream Gatherers, Oracle CPU, Quarkiverse Release Process
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for October 14th, 2024, features news highlighting: the release of WildFly 34; JEP 485, Stream Gatherers, proposed to target for JDK 24; Oracle Critical Patch Update for October 2024; and a potential leak in the SmallRye and Quarkiverse release processes.
OpenJDK
JEP 485, Stream Gatherers, has been promoted from Candidate to Proposed to Target for JDK 24. This JEP proposes to finalize this feature after two rounds of preview, namely: JEP 473: Stream Gatherers (Second Preview), delivered in JDK 23; and JEP 461, Stream Gatherers (Preview), delivered in JDK 22. This feature was designed to enhance the Stream API to support custom intermediate operations that will “allow stream pipelines to transform data in ways that are not easily achievable with the existing built-in intermediate operations.” More details on this JEP may be found in the original design document and this InfoQ news story. The review is expected to conclude on October 23, 2024.
Oracle has released versions 23.0.1, 21.0.5, 17.0.13, 11.0.25, and 8u431 of the JDK as part of the quarterly Critical Patch Update Advisory for October 2024. More details on this release may be found in the release notes for version 23.0.1, version 21.0.5, version 17.0.13, version 11.0.25 and version 8u431.
Version 7.5.0 of the Regression Test Harness for the JDK, jtreg, has been released and ready for integration in the JDK. The most significant changes include: the restoration of the jtdiff tool; and support for a LIBRARY.properties file located in the directory specified in the @library tag and read when jtreg compiles classes in that library. There was also a dependency upgrade to JUnit 5.11.0. Further details on this release may be found in the release notes.
JDK 24
Build 20 of the JDK 24 early-access builds was made available this past week featuring updates from Build 19 that include fixes for various issues. Further details on this release may be found in the release notes.
For JDK 24, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE 11
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE developer advocate at the Eclipse Foundation, provided an update on Jakarta EE 11, writing:
GlassFish now passes 84% of the tests in the refactored TCK for Jakarta EE 11. The remaining tests are mainly related to the Application Client Container. The Jakarta EE Platform Project is proposing to deprecate the Application Container in Jakarta EE 12. There are ongoing discussions about how much importance these tests should be given to Jakarta EE 11.
The Jakarta EE 11 Core Profile TCK has been staged, and both Open Liberty and WildFly are passing (or very close to passing) it. So it looks like we will be able to release Jakarta EE 11 Core Profile ahead of Jakarta EE 11 Platform and Jakarta EE 11 Web Profile.
The road to Jakarta EE 11 included four milestone releases with the potential for release candidates as necessary before the GA release in 4Q2024.
BellSoft
Concurrent with Oracle’s Critical Patch Update (CPU) for October 2024, BellSoft has released CPU patches for versions 21.0.4.0.1, 17.0.12.0.1, 11.0.24.0.1, 8u431, 7u441 and 6u441 of Liberica JDK, their downstream distribution of OpenJDK, to address this list of CVEs. In addition, Patch Set Update (PSU) versions 23.0.1, 21.0.5, 17.0.13, 11.0.25 and 8u432, containing CPU and non-critical fixes, have also been released.
With an overall total of 1169 fixes and backports, BellSoft states that they have participated in eliminating 18 issues in all releases.
Spring Framework
The second release candidate of Spring Framework 6.2.0 delivers bug fixes, improvements in documentation, dependency upgrades and many new features such as: a rename of the OverrideMetadata class to BeanOverrideHandler to align with the existing naming convention of the other classes, interfaces and annotations defined in the org.springframework.test.context.bean.override package; and the addition of the messageConverters() method to the RestClient.Builder interface to allow setting converters of the RestClient interface without initializing the default one. This version will be included in the upcoming release of Spring Boot 3.4.0-RC1. More details on this release may be found in the release notes.
Similarly, the release of version 6.1.14 of Spring Framework also provides bug fixes, improvements in documentation, dependency upgrades and new features such as: the removal of support for relative paths in the ResourceHandlerUtils class that eliminates security issues; and ensure proper exception handling from the isCorsRequest() method, defined in the CorsUtils class, upon encountering a malformed Origin header. This version will be included in the upcoming releases of Spring Boot and 3.3.5 and 3.2.11. More details on this release may be found in the release notes.
The Spring Framework team has also disclosed two Common Vulnerabilities and Exposures (CVEs):
- CVE-2024-38819, a path traversal vulnerability in the Spring Web MVC and Spring WebFlux functional web frameworks in which an attacker can create a malicious HTTP request to obtain any file on the file system that is also accessible to the process on the running Spring application. This CVE is follow up from CVE-2024-38816, Path Traversal Vulnerability in Functional Web Frameworks, that used different malicious input.
- CVE-2024-38820: a vulnerability in which the
toLowerCase()method, defined in the JavaStringclass, had someLocaleclass-dependent exceptions that could potentially result in fields not being protected as expected. This is a result of the resolution for CVE-2022-22968 that made patterns of thedisallowedFieldsfield, defined inDataBinderclass, case insensitive.
These CVEs affect Spring Framework versions 5.3.0 – 5.3.40, 6.0.0 – 6.0.24 and 6.1.0 – 6.1.13.
The first release candidate of Spring Data 2024.1.0 delivers expanded support for Spring Data Value Expressions where property-placeholders may be leveraged in repository query methods annotated with @Query. There were also updates to sub-projects such as: Spring Data Commons 3.4.0-RC1, Spring Data MongoDB 4.4.0-RC1, Spring Data Elasticsearch 5.4.0-RC1 and Spring Data Neo4j 7.4.0-RC1. More details on this release may be found in the release notes.
Similarly, the release of Spring Data 2024.0.5 and 2023.1.11 ship with bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.3.5 and 3.2.11; Spring Data MongoDB 4.3.5 and 4.2.11; Spring Data Elasticsearch 5.3.5 and 5.2.11; and Spring Data Neo4j 7.3.5 and 7.2.11. These versions will be included in the upcoming releases of Spring Boot and 3.3.5 and 3.2.11.
WildFly
The release of WildFly 34 primarily focuses on WildFly Preview, a technical preview variant of the WildFly server. New features include: support for Jakarta Data 1.0, MicroProfile Rest Client 4.0 and MicroProfile Telemetry 2.0; a new Bill of Materials for WildFly Preview; and four new system properties (backlog, connection-high-water, connection-low-water and no-request-timeout) for configuration in the HTTP management interface. More details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.
Quarkus
The Quarkus team has disclosed that they recently discovered a potential leak in their Quarkiverse and SmallRye release processes and reported that there was no damage.
Clement Escoffier, Distinguished Engineer at Red Hat, summarized the issue, writing:
We’ve uncovered a security flaw in the release process for Quarkiverse and SmallRye that could have allowed malicious actors to impersonate projects and publish compromised artifacts.
We’ve implemented a new, more secure release pipeline to address this. If you’re a maintainer, you’ve received a pull request to migrate to the new process. Quarkus itself is not affected by this issue, only SmallRye and Quarkiverse.
As a result, they have implemented a more secure release process and wanted to share the details with the Java community. InfoQ will follow up with a more detailed news story.
Micrometer
The first release candidate of Micrometer Metrics 1.14.0 provides bug fixes, improvements in documentation, dependency upgrades and new features such as: expose an instance of the TestObservationRegistry class via the assertThat() method from the AssertJ Assertions class; expand metrics to include virtual threads data; and improved performance with the initialization of the Tags class from already sorted array of unique tags. More details on this release may be found in the release notes.
Similarly, versions 1.13.6 and 1.12.11 of Micrometer Metrics also feature bug fixes, improvements in documentation and a new feature that improves the memory usage of the StepBucketHistogram class by eliminating an internal field of the buckets that can be acquired from an instance of the FixedBoundaryHistogram class when needed. Further details on these releases may be found in the release notes for version 1.13.6 and version 1.12.11.
The first release candidate of Micrometer Tracing 1.4.0 ships with dependency upgrades and new features: support for list values in tags in the Span and SpanCustomizer interfaces; and make the OtelSpan class public instead of private to eliminate use of reflection to act upon the underlying OpenTelemetry Span interface. More details on this release may be found in the release notes.
Similarly, version 1.3.5 and 1.2.11 of Micrometer Tracing 1.4.0 simply provide dependency upgrades. Further details on these releases may be found in the release notes for version 1.3.5 and version 1.2.11.
Project Reactor
The first release candidate of Project Reactor 2024.0.0 provides dependency upgrades to reactor-core 3.7.0-RC1, reactor-netty 1.2.0-RC1, reactor-pool 1.1.0-RC1, reactor-addons 3.6.0-RC1, reactor-kotlin-extensions 1.3.0-RC1 and reactor-kafka 1.4.0-RC1. Based on the Spring Calendar, it is anticipated that the GA version of Project 2024.0.0 will be released in November 2024. Further details on this release may be found in the changelog.
Next, Project Reactor 2023.0.11, the eleventh maintenance release, provides dependency upgrades to reactor-core 3.6.11 and reactor-netty 1.1.23. There was also a realignment to version 2023.0.11 with the reactor-pool 1.0.8, reactor-addons 3.5.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23 artifacts that remain unchanged. More details on this release may be found in the changelog.
Piranha Cloud
The release of Piranha 24.10.0 delivers bug fixes and notable changes such as: ensure that an instance of the Eclipse Jersey InjecteeSkippingAnalyzer class is installed when needed; and use of the Java PrintStream class or the isWriterAcquired() method, defined in the in the DefaultWebApplicationResponse class, in the DefaultServletRequestDispatcher class as a response to a top-level exception. Further details on this release may be found in their documentation and issue tracker.
Apache Software Foundation
The third milestone release of Apache TomEE 10.0.0 provides bugs fixes, dependency upgrades and new features such as: an improved import of data sources and entity managers that obsoletes the use of the ImportSql class; and a new RequestNotActiveException class, that replaces throwing a NullPointerException, when an instance of a Jakarta Servlet HttpServletRequest is invoked on a thread with no active servlet request. More details on this release may be found in the release notes.
JobRunr
The release of JobRunr 7.3.1 provides new features such as: an instance of the JobDetails class is now cacheable when injecting an interface instead of an implementation; and an enhanced JobRunr Dashboard that includes tips for diagnosing severe JobRunr exceptions for improved clarity of notifications. Further details on this release may be found in the release notes.
Keycloak
Keycloak 26.0.1 has been released with bug fixes and enhancements: a clarification of the behavior of multiple versions of Keycloak Operator installed in the same cluster operator; and improved error logging during a transaction commit. More details on this release may be found in the release notes.
JDKUpdater
Version 14.0.59+79 of JDKUpdater, a new utility that provides developers the ability to keep track of updates related to builds of OpenJDK and GraalVM. Introduced in mid-March by Gerrit Grunwald, principal engineer at Azul, this release resolves an issue with the calculation of the next update and the next release date of the JDK. More details on this release may be found in the release notes.
Gradle
The first release candidate of Gradle 8.11.0 delivers new features such as: improved performance in the configuration cache with an opt-in parallel loading and storing of cache entries; the C++ and Swift plugins now compatible with the configuration cache; and improved error and warning reporting in which Java compilation errors are now displayed at the end of the build output. More details on this release may be found in the release notes.