Author: Michael Redlich
Java News Roundup: Java Turns 30, Hibernate ORM 7.0, Embabel, jaz, Open Liberty, Eclipse DataGrid
MMS • Michael Redlich
This week’s Java roundup for May 19th, 2025 features news highlighting: Java’s 30th birthday; the release of Hibernate ORM 7.0 and Hibernate Validator 9.0; the May 2025 edition of Open Liberty; the first beta release of JobRunr 8.0; and the introduction of Embabel, jaz, and Eclipse DataGrid.
Happy 30th Birthday, Java!
On May 23rd, 1995 at the Sun World conference in San Francisco, California, Sun Microsystems formally introduced the Java programming language. Oracle marked this milestone with their 30th Birthday Event, hosted by Java Developer Advocates, Ana-Maria Mihalceanu, Billy Korando and Nicolai Parlog along with Sharat Chander, Senior Director, Product Management & Developer Engagement at Oracle. This special six-hour event featured many guests on a variety of topics. InfoQ will follow up with a more detailed news story.
OpenJDK
With Rampdown Phase One scheduled for June 5, 2025, the following JEPs have been elevated from Proposed to Target to Targeted for JDK 25:
Similarly, the following JEPs have been elevated from Candidate to Proposed to Target for JDK 25:
The reviews for the JEPs that have been Proposed to Target are expected to conclude by Tuesday, May 27, 2025.
Version 7.5.2 of the Regression Test Harness for the JDK, jtreg, has been released and ready for integration in the JDK. The most significant changes include: support for using the ${test.main.class} template to use the current class name for test actions; the ability to configure the default timeout value in jtreg tests via a properties file; and support for .jasm and .jcod files in patched Java modules. Further details on this release may be found in the release notes.
JDK 25
Build 24 of the JDK 25 early-access builds was made available this past week featuring updates from Build 23 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 25, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, provided an update on Jakarta EE 11 and Jakarta EE 12, writing:
The Jakarta EE 11 TCK is very close to being finalized, so it looks like we are on the path of getting the Jakarta EE 11 Platform release out the door in the middle of June.
The work with Jakarta EE 12 is on track according to the Jakarta EE 12 Release Plan. Plan reviews have been completed, and discussions right now are around which specifications to add (if any) to the Platform, and which to possibly deprecate.
The road to Jakarta EE 11 included five milestone releases, the release of the Core Profile in December 2024, the release of Web Profile in April 2025, and a first release candidate of the Platform before its anticipated GA release in June 2025.
Spring Framework
It was a busy week over at Spring as the various teams have delivered GA releases of Spring Boot, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring for GraphQL, Spring AI and Spring Web Services. Further details may be found in this InfoQ news story.
The Spring Data team has introduced their plan to lower the barrier to entry related to the different approaches with technologies (GraalVM, CRaC, CDS, etc.) that reduce application startup times. With the upcoming release of Spring Data 2025.1 (AKA version 4.0), repositories will be migrating to Ahead-of-Time compilation. This means they will be shifting all the “repository preparations that are done at application startup to build time.” This may be accomplished by setting the spring.aot.repositories.enabled property to true.
Microsoft Azure
Microsoft has introduced their new Azure Command Launcher for Java, named jaz, to address “suboptimal resource utilization in cloud-based deployments, where memory and CPU tend to be dedicated for application workloads (use of containers and VMs) but still require intelligent management to maximize efficiency and cost-effectiveness.” This means that instead of writing:
$ JAVA_OPTS="-XX:... several JVM tuning flags"
$ java $JAVA_OPTS -jar myapp.jar"
Developers can now write:
$ jaz -jar myapp.jar
jaz is currently in private preview and requests for access may be made here.
Open Liberty
IBM has released version 25.0.0.5 of Open Liberty featuring bug fixes and the ability for the MicroProfile Telemetry 2.0 (mpTelemetry-2.0) feature to collect and send Open Liberty HTTP access logs, such as export traces, metrics, and logs, to OpenTelemetry.
Quarkus
The Quarkus team has announced that Quarkus MCP Server 1.2.0 now supports streamable HTTP, along with the stdio and SSE transports, that make it possible to connect mobile applications and cloud services to MCP servers. While this is considered a full implementation, the Quarkus team plans future releases to include resumability and redelivery.
Hibernate
The release of Hibernate ORM 7.0.0.Final delivers new features such as: a new QuerySpecification interface that provides a common set of methods for all query specifications that allow for iterative, programmatic building of a query; and a migration from Hibernate Commons Annotations (HCANN) to the new Hibernate Models project for low-level processing of an application domain model. There is also support for the Jakarta Persistence 3.2 specification, the latest version targeted for Jakarta EE 11. More details on this release may be found in the release notes and the migration guide.
The release of Hibernate Validator 9.0.0.Final provides bug fixes, dependency upgrades and notable changes such as: new constraints, @KorRRN and @BitcoinAddress, annotations that check for a valid Korean resident registration number and a well-formed BTC (Bitcoin) Mainnet address, respectively; and a new BOM that provides dependency management for all of the published artifacts. This release is the compatible implementation of the Jakarta Validation 3.1 specification.
Details on both of these releases may be found in this blog post by Gavin King, Senior Distinguished Engineer at IBM and creator of Hibernate.
Embabel Agent Framework
Rod Johnson, former CEO at Atomist and father of the Spring Framework, has introduced the Embabel Agent Framework for the JVM written in Kotlin. As described by Johnson:
It introduces some ideas that I think are novel: a planning step using a non-LLM AI algorithm; and a rich domain model that can expose behavior as LLM tools as well as in Java or Kotlin code.
Embabel was built on Spring and offers a full MCP integration with Spring AI. InfoQ will follow up with a more detailed news story.
JobRunr
The first beta release of JobRunr 8.0.0 features: ahead-of-time scheduled recurring jobs where JobRunr schedules a recurring job as soon as the previous run is finished; and support for Kotlin serialization with a new KotlinxSerializationJsonMapper class, an implementation of the JsonMapper interface, for an improved experience when writing JobRunr applications in Kotlin. Further details on this release may be found in the release notes.
Eclipse DataStore
The Eclipse Foundation and Microstream have introduced a new open-source project, Eclipse DataGrid, designed to be a pure Java in-memory data processing layer for distributed EclipseStore applications. As a result, Microstream will open-source their in-memory data platform and transfer the codebase to Eclipse DataGrid. Features include: a distributed Java object graph model; seamless integration with the Java Streams API; and integration with Apache Lucene and Kubernetes.
Spring News Roundup: GA Releases of Spring Boot, Security, Auth Server, Integration, AI
MMS • Michael Redlich
There was a flurry of activity in the Spring ecosystem during the week of May 19th, 2025, highlighting GA releases of Spring Boot, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring for GraphQL, Spring AI and Spring Web Services.
Spring Boot
The release of Spring Boot 3.5.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: new annotations, @ServletRegistration and @FilterRegistration, to register instances of the Jakarta Servlet Servlet and Filter interfaces, respectively; and the ability to customize structured logging stack traces. More details on this release may be found in the release notes and this InfoQ news story.
Spring Security
The release of Spring Security 6.5.0 ships with bug fixes, dependency upgrades and new features such as: an implementation of the OAuth 2.0 Demonstrating Proof-of-Possession (DPoP) specification; and support for Micrometer context propagation to propagate authorization between an instance of the ThreadLocalAccessor interface and reactive operations. Further details on this release may be found in the release notes and what’s new page.
Similarly, the release of Spring Security 6.4.6 features a resolution to CVE-2025-41232, a vulnerability where Spring Security Aspects, under certain conditions, may not correctly locate method security annotations on private methods potentially leading to an authorization bypass. More details on this release may be found in the release notes.
Spring Authorization Server
The release of Spring Authorization Server 1.5.0 delivers bug fixes, dependency upgrades and new features such as: an implementation of the OAuth 2.0 Pushed Authorization Requests (PAR) specification and the aforementioned OAuth 2.0 Demonstrating Proof of Possession (DPoP) specification; and a replacement of the deprecated Spring Boot @MockBean annotation with the preferred Spring Framework @MockitoBean annotation where applicable. Further details on this release may be found in the release notes.
Spring for GraphQL
The release of Spring for GraphQL 1.4.0 ships with dependency upgrades and a new feature that adds a name field, of type String and annotated with @Nullable, to the DataLoader class for improved registration of data loaders. More details on this release may be found in the release notes.
Spring Session
The release of Spring Session 3.5.0 features many dependency upgrades and a resolution to a race condition and ClassCastException during integration testing using an instance of the SessionEventRegistry class due to the class assuming there is only one single event type for each session ID. Further details on this release may be found in the release notes.
Spring Integration
The release of Spring Integration 6.5.0 delivers bug fixes, dependency upgrades and new features such as: a new AbstractRecentFileListFilter class, an implementation of the FileListFilter interface, that accepts only recent files based on a provided age; and implementations of the Spring Framework MessageChannel interface now throw a MessageDispatchingException when an application context has not yet started or stopped at runtime. More details on this release may be found in the release notes and what’s new page.
Spring AI
The release of Spring AI 1.0.0 features: a ChatClient interface that supports 20 AI models with multi-modal inputs and an output with a structured response; an Advisors API that serves as an interceptor chain for developers to modify incoming prompts by injecting retrieval data and conversation memory; and full support for the Model Context Protocol. Further details on this release may be found in the release notes and this InfoQ news story. Developers can also learn how to create their first Spring AI 1.0 application in this user guide.
Spring Web Services
The release of Spring Web Services 4.1.0 delivers bug fixes, dependency upgrades and new features such as: support for configuring arbitrary options for Apache Web Services Security for Java (WSS4J) via the Wss4jSecurityInterceptor class; and the ability to create custom implementations of the MethodArgumentResolver and MethodReturnValueHandler interfaces. More details on this release may be found in the release notes.
Java News Roundup: LangChain4j 1.0, Vert.x 5.0, Spring Data 2025.0.0, Payara Platform, Hibernate
MMS • Michael Redlich
This week’s Java roundup for May 12th, 2025 features news highlighting: the GA releases of LangChain4j 1.0, Eclipse Vert.x 5.0 and Spring Data 2025.0.0; the May 2025 edition of the Payara Platform; second release candidates for Hibernate ORM 7.0 and Hibernate Reactive 3.0; and the first beta release of Hibernate Search 8.0.
OpenJDK
It was a busy week in the OpenJDK ecosystem during the week of May 12th, 2025 highlighting: two JEPs elevated from Proposed to Target to Targeted and four JEPs elevated from Candidate to Proposed to Target for JDK 25; and one JEP elevated from its JEP Draft to Candidate status. Two of these will be finalized after their respective rounds of preview. Further details may be found in this InfoQ news story.
JDK 25
Build 23 of the JDK 25 early-access builds was made available this past week featuring updates from Build 22 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 25, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, provided an update on Jakarta EE 11 and Jakarta EE 12, writing:
The release of the Jakarta EE 11 Platform specification is right around the corner. The issues with the service outage that affected our Jenkins CI instances are now resolved, and the work is progressing. The release date is expected to be in June.
All the plans for Jakarta EE 12 have been completed and approved (with the exception of Jakarta Activation, which will have its plan review started on Monday [May 19, 2025]).
Two new specifications, Jakarta Portlet 4.0 and Jakarta Portlet Bridge 7.0, have been migrated over from JSR 362 and JSR 378, respectively. They join the new Jakarta Query 1.0 specification.
The road to Jakarta EE 11 included four milestone releases, the release of the Core Profile in December 2024, the release of Web Profile in April 2025, and a fifth milestone and first release candidate of the Platform before its anticipated GA release in June 2025.
Spring Framework
The fifth milestone release of Spring Framework 7.0.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: support for the Jackson 3.0 release train that deprecate support for the Jackson 2.0 release train; and updates to the new new API versioning feature that allows for validating supported API versions against only explicitly configured ones. There was also a deprecation of the PropertyPlaceholderConfigurer and PreferencesPlaceholderConfigurer classes for removal. Further details on this release may be found in the release notes.
The release of Spring Framework 6.2.7 and 6.1.20 address CVE-2025-22233, a follow up to CVE-2024-38820, a vulnerability in which the toLowerCase() method, defined in the Java String class, had some Locale class-dependent exceptions that could potentially result in fields not being protected as expected. This was a result of the resolution for CVE-2022-22968 that made patterns of the disallowedFields field, defined in DataBinder class, case insensitive. In this latest CVE, cases where it is possible to bypass the checks for the disallowedFields field still exist.
The release of Spring Data 2025.0.0 ships with new features such as: support for the Vector interface and vector search in the MongoDB and Apache Cassandra databases; and support for the creation of indices using storage-attached indexing from Cassandra 5.0. The upcoming GA release of Spring Boot 3.5.0 will upgrade to Spring Data 2025.0.0. More details on this release may be found in the release notes.
The third milestone release of Spring Data 2025.1.0 ships with: support for JSpecify on sub-projects, such as Spring Data Commons, Spring Data JPA, Spring Data MongoDB, Spring Data LDAP, Spring Data Cassandra, Spring Data KeyValue, Spring Data Elasticsearch; and the ability to optimize Spring Data repositories at build time using the Spring AOT framework. Further details on this release may be found in the release notes.
The first release candidate of Spring AI 1.0.0 features “the final set of breaking changes, bug fixes, and new functionality before the stable release.” Key breaking changes include: renaming of fields, such as CHAT_MEMORY_RETRIEVE_SIZE_KEY to TOP_K, in the VectorStoreChatMemoryAdvisor class; and a standardization in the naming convention of the chat memory repository that now includes repository as a suffix throughout the codebase. The team is planning the GA release for Tuesday, May 20, 2025. More details on this release may be found in the upgrade notes and InfoQ will follow up with a more detailed news story of the GA release.
Payara
Payara has released their May 2025 edition of the Payara Platform that includes Community Edition 6.2025.5, Enterprise Edition 6.26.0 and Enterprise Edition 5.75.0. All three releases deliver: dependency upgrades; a new features that adds the capability to move the master password file to a user defined location; and a resolution to a NullPointerException upon attempting to retrieve the X.509 client certificate sent on an HTTP request using the jakarta.servlet.request.X509Certificate request attribute. Further details on these releases may be found in the release notes for Community Edition 6.2025.5 and Enterprise Edition 6.26.0 and Enterprise Edition 5.75.0.
Eclipse Vert.x
After eight release candidates, Eclipse Vert.x 5.0 has been released with new features such as: support for the Java Platform Module System (JPMS); a new VerticleBase class that replaces the deprecated AbstractVerticle class due to the removal of the callback asynchronous model in favor of the future model; and support for binary data in the OpenAI modules. More details on this release may be found in the release notes and list of deprecations and breaking changes.
LangChain4j
The formal release (along with the fifth beta release) of LangChain4j 1.0.0 delivers modules released under the release candidate, namely: langchain4j-core; langchain4j; langchain4j-http-client; langchain4j-http-client-jdk and langchain4j-open-ai with the the remaining modules still under the fifth beta release. Breaking changes include: a rename of the ChatLanguageModel and StreamingChatLanguageModel interfaces to ChatModel and StreamingChatModel, respectively; and the OpenAiStreamingChatModel, OpenAiStreamingLanguageModel and OpenAiModerationModel classes now map exceptions to align with the other OpenAI*Model classes. Further details on this release may be found in the release notes
Hibernate
The second release candidate of Hibernate ORM 7.0.0 delivers new features such as: a new QuerySpecification interface that provides a common set of methods for all query specifications that allow for iterative, programmatic building of a query; and a migration from Hibernate Commons Annotations (HCANN) to the new Hibernate Models project for low-level processing of an application domain model. There is also support for the Jakarta Persistence 3.2 specification, the latest version targeted for Jakarta EE 11. The team anticipates this as the only release candidate before the GA release. More details on this release may be found in the release notes and the migration guide.
The second release candidate of Hibernate Reactive 3.0.0 (along with version 2.4.8) provides notable changes such as: the removal of JReleaser configuration from the codebase as it will be now located inside the release scripts; and the addition of Java @Override annotations to places where it was missing. These versions upgrade to Hibernate ORM 7.0.0.CR2 and 6.6.15.Final, respectively. Further details on these releases may be found in the release notes for version 3.0.0.CR2 and version 2.4.8.
The first beta release of Hibernate Search 8.0.0 ships with: dependency upgrades; compatibility with the latest versions of Elasticsearch 9.0 and OpenSearch 3.0; and the first implementation of the type-safe field references and the Hibernate Search static metamodel generator. More details on this release may be found in the release notes.
OpenJDK News Roundup: Key Derivation, Scoped Values, Compact Headers, JFR Method Timing & Tracing
MMS • Michael Redlich
There was a flurry of activity in the OpenJDK ecosystem during the week of May 12th, 2025, highlighting: two JEPs elevated from Proposed to Target to Targeted and four JEPs elevated from Candidate to Proposed to Target for JDK 25; and one JEP elevated from its JEP Draft to Candidate status. Two of these will be finalized after their respective rounds of preview.
JEPs Targeted for JDK 25
Two JEPs have been elevated from Proposed to Target to Targeted for JDK 25.
JEP 510, Key Derivation Function API, announced here, proposes to finalize this feature, without change, after one round of preview, namely: JEP 478, Key Derivation Function API (Preview), delivered in JDK 24. This features introduces an API for Key Derivation Functions (KDFs), cryptographic algorithms for deriving additional keys from a secret key and other data, with goals to: allow security providers to implement KDF algorithms in either Java or native code; and enable the use of KDFs in implementations of JEP 452, Key Encapsulation Mechanism.
JEP 506, Scoped Values, announced here, proposes to finalize this feature, without change, after four rounds of preview, namely: JEP 487, Scoped Values (Fourth Preview), delivered in JDK 24; JEP 481, Scoped Values (Third Preview), delivered in JDK 23; JEP 464, Scoped Values (Second Preview), delivered in JDK 22; JEP 446, Scoped Values (Preview), delivered in JDK 21; and JEP 429, Scoped Values (Incubator), delivered in JDK 20. Formerly known as Extent-Local Variables (Incubator), this feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads.
JEPs Proposed to Target for JDK 25
Four JEPs have been elevated from Candidate to Proposed to Target for JDK 25.
JEP 519, Compact Object Headers, has been elevated from its JEP Draft 8354672 to Candidate to Proposed to Target for JDK 25 (announced here and here, respectively).This JEP proposes to promote this feature from experimental to product. Inspired by Project Lilliput, this feature “reduce[s] the size of object headers in the HotSpot JVM from between 96 and 128 bits down to 64 bits on 64-bit architectures.” More details on JEP 450 may be found in this InfoQ news story.
JEP 515, Ahead-of-Time Method Profiling, announced here, proposes to improve application warmup time by “making method-execution profiles from a previous run of an application instantly available, when the HotSpot JVM starts.” This allows the JIT compiler to immediately generate native code upon application startup as opposed to waiting for profiles to be collected.
JEP 514, Ahead-of-Time Command-Line Ergonomics, announced here, proposes to simplify the process of creating ahead-of-time caches, as described in JEP 483, Ahead-of-Time Class Loading & Linking, that may accelerate Java application startup by “simplifying the commands required for common use cases.“
JEP 507, Primitive Types in Patterns, instanceof, and switch (Third Preview), announced here, proposes a third round of preview, without change, to gain additional experience and feedback from the previous two rounds of preview, namely: JEP 488, Primitive Types in Patterns, instanceof, and switch (Second Preview), delivered in JDK 24; and JEP 455, Primitive Types in Patterns, instanceof, and switch (Preview), delivered in JDK 23. Under the auspices of Project Amber, this feature enhances pattern matching by allowing primitive type patterns in all pattern contexts, and extending instanceof and switch to work with all primitive types. More details may be found in this draft specification by Aggelos Biboudis, Principal Member of Technical Staff at Oracle.
Their respective reviews are expected to conclude by May 22, 2025.
New JEP Candidates
JEP 520, JFR Method Timing & Tracing, has been elevated from its JEP Draft 8328610 to Candidate status. This JEP proposes to extend the JDK Flight Recorder with facilities for method timing and tracing via the bytecode Instrumentation interface.
JDK 25 Feature Set (So Far) and Release Schedule
The JDK 25 release schedule, as approved by Mark Reinhold, Chief Architect, Java Platform Group at Oracle, is as follows:
- Rampdown Phase One (fork from main line): June 5, 2025
- Rampdown Phase Two: July 17, 2025
- Initial Release Candidate: August 7, 2025
- Final Release Candidate: August 21, 2025
- General Availability: September 16, 2025
With less than three weeks before the scheduled Rampdown Phase One, where the feature set for JDK 25 will be frozen, these are 13 JEPs included in the feature set so far:
JDK 25 is designated to be the next long-term support (LTS) release following JDK 21, JDK 17, JDK 11 and JDK 8.
Java News Roundup: Gradle 8.14, JBash Jash, Hibernate, Open Liberty, Spring Cloud Data Flow
MMS • Michael Redlich
This week’s Java roundup for April 21st, 2025 features news highlighting: the GA release of Gradle 8.14; JBang introduces Jash, a Java library for shell scripts; the first release candidate of Hibernate ORM 7.0; the April edition of Open Liberty; and the end of open-source support for Spring Cloud Data Flow.
OpenJDK
Two JEPs have been elevated from Candidate to Proposed to Target for JDK 25, announced here and here, respectively, namely: JEP 512, Compact Source Files and Instance Main Methods, and JEP 511, Module Import Declarations. Their reviews are expected to conclude on Monday, April 28, 2025 and details for each JEP may be found in this InfoQ news story.
JEP 513, Flexible Constructor Bodies, has been elevated from its JEP Draft 8344702 to Candidate status. This JEP proposes to finalize this feature, without change, after three rounds of preview, namely: JEP 492, Flexible Constructor Bodies (Third Preview), delivered in JDK 24; JEP 482, Flexible Constructor Bodies (Second Preview), delivered in JDK 23; and JEP 447, Statements before super(…) (Preview), delivered in JDK 22. This feature allows statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors. Gavin Bierman, Consulting Member of Technical Staff at Oracle, has provided an initial specification of this JEP for the Java community to review and provide feedback.
JDK 25
Build 20 of the JDK 25 early-access builds was made available this past week featuring updates from Build 19 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 25, developers are encouraged to report bugs via the Java Bug Database.
GlassFish
GlassFish 7.0.24, the twenty-fourth maintenance release, delivers bug fixes, dependency upgrades and new features such as: support for JDK 24; and faster deployment time with improved file discovery by using the walkFileTree() method defined in the Java Files class. More details on this release may be found in the release notes.
Spring Framework
It was a busy week over at Spring as the various teams have delivered first release candidates of Spring Boot, Spring Data 2025.0.0, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring Modulith and Spring Web Services. There were also second milestone releases of Spring Data 2025.1.0 and Spring for Apache Kafka and a first milestone release of Spring Vault. Further details may be found in this InfoQ news story.
The Spring Cloud Data Flow team has announced the end of open-source support for this project along with Spring Cloud Deployer and Spring Statemachine. The reasoning for this includes:
Spring Cloud Data Flow came out of the roots for Spring XD eight years ago for orchestrating both batch and streaming workloads and has shown great success with our customers over those years. However, in order to keep Spring Cloud Data Flow and related ecosystem projects going into the future in a way that is sustainable, we have made the decision to only release Spring Cloud Data Flow as a commercial offering.
Future releases, after versions 2.11.x, 2.9.x and 4.0.x, respectively, will only be made available to Tanzu Spring customers.
Open Liberty
IBM has released version 25.0.0.4 of Open Liberty featuring: support for Java 24; the ability to collect Liberty audit logs, via their Audit 2.0 feature, and send them to a configured OpenTelemetry exporter; and InstantOn support for the J2EE Management 1.1, Application Client Support for Server 1.0, Jakarta Application Client Support for Server 2.0 and Web Security Service 1.1 features. There were also resolutions to CVE-2025-25193 and CVE-2025-23184 that may cause a denial-of-service due to vulnerabilities from Netty versions up to and including 4.1.118.Final and Apache CXF versions before 3.5.10, 3.6.5 and 4.0.6, respectively.
Quarkus
Quarkus 3.21.4, the fourth maintenance release, ships with notable changes such as: a resolution to a StackOverflowError using a retry policy from the SmallRye implementation of MicroProfile Fault Tolerance specification; and the addition of a warning or error when attempting to create an instance of the HttpSecurityPolicy interface with a duplicated name. More details on this release may be found in the release notes.
Helidon
The release of Helidon 4.2.1 provides bug fixes and notable changes such as: the use of base units from the Timer interface for improved metrics reporting, in JSON format, in the toString() method defined in the MTimer class; and support for configurable buffering added to the TcpClientConnection class to to prevent small write chunks. More details on this release may be found in the release notes.
Hibernate
The first candidate release of Hibernate ORM 7.0.0 delivers new features such as: a new QuerySpecification interface that provides a common set of methods for all query specifications that allow for iterative, programmatic building of a query; and a migration from Hibernate Commons Annotations (HCANN) to the new Hibernate Models project for low-level processing of an application domain model. There is also support for the Jakarta Persistence 3.2 specification, the latest version targeted for Jakarta EE 11. The team anticipates this as the only release candidate before the GA release. More details on this release may be found in the release notes and the migration guide.
JBang
The JBang team has introduced Jash, a new Java library that provides a way to execute process or shell scripts that are “fluent, predictable and with a great developer experience.” Jash, pronounced “Jazz,” handles the behind-the-scenes tasks with the complexities of using multiple threads. More details on this initial release may be found in the release notes and InfoQ will follow up with a more detailed news story.
Gradle
After three release candidates, the release of Gradle 8.14 delivers new features such as: support for JDK 24; an introduction to lazy dependency configuration initialization for improved configuration performance and use of memory; and a new integrity check mode for improved debugging in the configuration cache. More details on this release may be found in the release notes.
Spring News Roundup: RCs of Spring Boot, Data, Security, Auth, Session, Integration, Web Services
MMS • Michael Redlich
There was a flurry of activity in the Spring ecosystem during the week of April 21st, 2025, highlighting first release candidates of Spring Boot, Spring Data 2025.0.0, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring Modulith and Spring Web Services. There were also second milestone releases of Spring Data 2025.1.0 and Spring for Apache Kafka and a first milestone release of Spring Vault.
Spring Boot
The first release candidate of Spring Boot 3.5.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: new annotations, @ServletRegistration and @FilterRegistration, as an annotation-based alternative to registering servlet and filter beans using the ServletRegistrationBean and FilterRegistrationBean classes; and new classes that support Docker credential stores and helpers. More details on this release may be found in the release notes.
The release of Spring Boot 3.4.5 and 3.3.11 (announced here and here, respectively) provide bug fixes, improvements in documentation and dependency upgrades. More importantly, the Spring Boot team has disclosed that these two releases, along with versions 3.2.14, 3.1.16 and 2.7.25, address CVE-2025-22235, a vulnerability in which the overloaded to() method, defined in the EndpointRequest class creates an incorrect null/** matcher, under certain conditions, if the actuator endpoint is not exposed. Further details on these releases may be found in the release notes for version 3.4.5 and version 3.3.11.
Spring Data
The first release candidate of Spring Data 2025.0.0 features: refinements to the Hibernate Query Language (HQL), Elastic Query Language (EQL) and Jakarta Persistence Query Language (JPQL) to resolve various query issues; and new deprecation warnings for intended breaking changes, such as the removal of support for JMX, planned for Spring Data 4.0. This version aligns with Spring Boot 3.5.0-RC1 and the Spring Data team plans a GA release in May 2025.
The second milestone release of Spring Data 2025.1.0 ships with support for JSpecify on sub-projects: Spring Data Commons, Spring Data JPA, Spring Data MongoDB, Spring Data LDAP, Spring Data Cassandra, Spring Data KeyValue, and Spring Data Elasticsearch. There was also a breaking change with a significant rewrite of the QueryEnhancer interface such that configuration via the the spring.data.jpa.query.native.parser property is no longer available. Configuration is now possible via the @EnableJpaRepositories annotation. More details on this release may be found in the release notes.
Spring Security
The first release candidate of Spring Security 6.5.0 delivers bug fixes, dependency upgrades and new features such as: refinements to the implementation of the OAuth 2.0 Demonstrating Proof of Possession (DPoP) specification that include a new AuthenticationEntryPoint interface that returns the WWW-Authenticate header upon failure of a DPoP authentication; and refinements to the PathPatternRequestMatcher class to use a servlet in the path pattern instead of implementing the RequestMatcher interface for the servlet. Further details on this release may be found in the release notes and what’s new guide.
The release of Spring Security 6.4.5 and 6.3.9 (announced here and here, respectively) provide bug fixes, improvements in documentation and dependency upgrades. More importantly, the Spring Security team has disclosed that these two releases, along with versions 6.2.11, 6.1.15, 6.0.17, 5.8.19 and 5.7.17, address CVE-2025-22234, a follow up to CVE-2025-22228, whee the the timing attack mitigation, implemented in DaoAuthenticationProvider class, had been inadvertently broken. More details on these releases may be found in the release notes for version 6.4.5 and version 6.3.9.
Spring Authorization Server
The first release candidate of Spring Authorization Server 1.5.0 provides dependency upgrades and new features such as: the addition of authorization server metadata for the OAuth 2.0 DPoP and Pushed Authorization Requests (PAR) specifications; and a new REQUEST_URI constant, defined in the Spring Security OAuth2ParameterNames class, to facilitate flow in PAR. Further details on this release may be found in the release notes.
Spring Session
The first release candidate of Spring Session 3.5.0 ships with bug fixes, dependency upgrades and new features: a new CompositeHttpSessionIdResolver class, an implementation of the HttpSessionIdResolver interface, that iterates over a given collection of delegate instances of the HttpSessionIdResolver; and an optimization of the JdbcIndexedSessionRepository class to only start JDBC transactions only when there are session updates with a JDBC-based repository. More details on this release may be found in the release notes.
Spring Integration
The first release candidate of Spring Integration 6.5.0 provides bug fixes, improvements in documentation, dependency upgrades and new features such as: discontinued use of the logger.error() method in the TcpSendingMessageHandler class that was deemed unnecessary; and a new LockRequestHandlerAdvice class, based on the LockRegistry interface, that maintains mutual access to underlying services. Further details on this release may be found in the release notes.
Spring Modulith
The first release candidate of Spring Modulith 1.4.0 delivers bug fixes, dependency upgrades and improvements such as: performance improvements in use of the DefaultEventPublicationRegistry class and the publishEvent() method defined in the Spring Framework AbstractApplicationContext class; and state change detection for instances of the Scenario class should only accept non-empty collections by default. More details on this release may be found in the release notes.
Spring for Apache Kafka
The second milestone release of Spring for Apache Kafka 4.0.0 provides bug fixes, improvements in documentation, dependency upgrades and new features such as: client dependency upgrades to Apache Kafka 4.0.0; and an optimization in the MessagingMessageListenerAdapter class that now returns null from the invoke() method, defined in the DelegatingInvocableHandler class, that avoids an unnecessary instance return of the InvocationResult class. Further details on this release may be found in the release notes.
Spring Web Services
The first release candidate of Spring Web Services 4.1.0 ships with bug fixes, improvements in documentation, dependency upgrades and new features such as: support for configuring arbitrary options for Apache Web Services Security for Java (WSS4J) via the Wss4jSecurityInterceptor class; and the ability to create custom implementations of the MethodArgumentResolver and MethodReturnValueHandler interfaces. More details on this release may be found in the release notes.
Spring Vault
The first milestone release of Spring Vault 3.2.0 available delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: support for Instance Metadata Service Version 2 (IMDSv2) on AWS EC2; and the ability to use the Github token authentication mechanism. Further details on this release may be found in the release notes.
Java News Roundup: JDK 25 Schedule, Spring 7.0-M4, Payara Platform, JobRunr 7.5, Jox 1.0, Commonhaus
MMS • Michael Redlich
This week’s Java roundup for April 14th, 2025 features news highlighting: the JDK 25 release schedule; the fourth milestone release of Spring Framework 7.0.0; the April 2025 edition of the Payara Platform; the release of JobRunr 7.5.0 and Jox 1.0.0; and Kroxylicious having joined the Commonhaus Foundation.
OpenJDK
Oracle has released versions 23.0.2, 21.0.6, 17.0.14, 11.0.26, and 8u441 of the JDK as part of the quarterly Critical Patch Update Advisory for April 2025. More details on this release may be found in the release notes for version 23.0.2, version 21.0.6, version 17.0.14, version 11.0.26 and version 8u441.
It was a busy week in the OpenJDK ecosystem during the week of April 14th, 2025, highlighting eight new JEPs having been elevated from their JEP Drafts to Candidate status. Four of these will be finalized after their respective rounds of preview. Further details may be found in this InfoQ news story.
JDK 25
Build 19 of the JDK 25 early-access builds was made available this past week featuring updates from Build 18 that include fixes for various issues. More details on this release may be found in the release notes.
After its review has concluded, Mark Reinhold, Chief Architect, Java Platform Group at Oracle, formally declared the release schedule for JDK 25 as follows:
- Rampdown Phase One (fork from main line): June 5, 2025
- Rampdown Phase Two: July 17, 2025
- Initial Release Candidate: August 7, 2025
- Final Release Candidate: August 21, 2025
- General Availability: September 16, 2025
For JDK 25, developers are encouraged to report bugs via the Java Bug Database.
BellSoft
Concurrent with Oracle’s Critical Patch Update (CPU) for April 2025, BellSoft has released CPU patches for versions 21.0.6.0.1, 17.0.14.0.1, 11.0.26.0.1, 8u451, 7u461 and 6u461 of Liberica JDK, their downstream distribution of OpenJDK, to address this list of CVEs. In addition, Patch Set Update (PSU) versions 24.0.1, 21.0.7, 17.0.15, 11.0.27 and 8u452, containing CPU and non-critical fixes, have also been released.
With an overall total of 740 fixes and backports, BellSoft states that they have participated in eliminating 38 issues in all releases.
Spring Framework
The fourth milestone release of Spring Framework 7.0.0 delivers improvements in documentation, dependency upgrades and new features such as: a new OptionalToObjectConverter class to automatically convert an Optional to its contained object; and a new ClassFileMetadataReader class that supports JEP 484, Class-File API, for reading and writing classes as Java bytecode. Further details on this release may be found in the release notes.
The first release candidate of Spring for GraphQL 1.4.0 ships with improvements in documentation, dependency upgrades and new features such as: a new graphql.dataloader observation that measures data loading operations so that recorded traces are much more precise; and improvements to the server transports so that reactive data fetcher operations will be cancelled in-flight and further data fetching calls (blocking or reactive) will be avoided. More details on this release may be found in the release notes.
Payara
Payara has released their April 2025 edition of the Payara Platform that includes Community Edition 6.2025.4, Enterprise Edition 6.25.0 and Enterprise Edition 5.74.0. All three releases deliver dependency upgrades and new features: the ability to customize logs sent to the remote system log servers for more control over log management; and the addition of a new connection pool property to disable the verification of client information properties when pooling is set to false. Further details on these releases may be found in the release notes for Community Edition 6.2025.4 and Enterprise Edition 6.25.0 and Enterprise Edition 5.74.0.
Micronaut
The Micronaut Foundation has released version 4.8.2 of the Micronaut Framework featuring Micronaut Core 4.8.11, bug fixes and patch updates to modules: Micronaut Maven Plugin; Micronaut JSON Schema; Micronaut Micrometer; and Micronaut Servlet. More details on this release may be found in the release notes.
JobRunr
The release of JobRunr 7.5.0 features: support for Quarkus 3.20.0 and Micronaut 4.8.0; improved detection of misconfiguration between JobRequest and JobRequestHandler interfaces; and the ability to configure an instance of the InMemoryStorageProvider class using properties. There is a breaking change for developers who use Quarkus and Micronaut. The behavior to automatically fall back to the InMemoryStorageProvider class if no instance of the StorageProvider interface has been removed. Developers will need to explicitly configure this by setting the jobrunr.database.type property to mem or by providing a custom bean. Further details on this release may be found in the release notes.
Jox
The release of Jox 1.0.0, a virtual threads library that implements an efficient Channel data structure in Java designed to be used with virtual threads, features many dependency upgrades and notable changes: the removal of the collectAsView() method from the Source interface and the CollectSource class as this functionality is offered from the Flows class; and configuration of the newly integrated Renovate automated dependency update tool. More details on this release may be found in the release notes.
Micrometer
The first release candidate of Micrometer Metrics 1.15.0 provides bug fixes and new features such as: enhancements to the OtlpMetricsSender interface that provides an immutable Request inner class and a corresponding builder for convenience; and the addition of metrics for the newVirtualThreadPerTaskExecutor() method defined in the Java Executors class. Further details on this release may be found in the release notes.
The first release candidate of Micrometer Tracing 1.5.0 ships with a dependency upgrade to Micrometer Metrics 1.15.0-RC1 and a new feature that removes the dependency on the incubation of the OpenTelemetry Java Instrumentation API. (opentelemetry-instrumentation-api-incubator). More details on this release may be found in the release notes.
Project Reactor
The second milestone release of Project Reactor 2025.0.0 provides dependency upgrades to reactor-core 3.8.0-M2, reactor-netty 1.3.0-M2, reactor-pool 1.2.0-M2. There was also a realignment to version 2025.0.0-M2 with the reactor-addons 3.5.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23 artifacts that remain unchanged. Further details on this release may be found in the release notes.
Similarly, Project Reactor 2024.0.5, the fifth maintenance release, provides dependency upgrades to reactor-core 3.7.5 and reactor-netty 1.2.5. There was also a realignment to version 2024.0.5 with the reactor-addons 3.5.2, reactor-pool 1.1.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23 artifacts that remain unchanged. More details on this release may be found in the release notes.
Commonhaus Foundation
The Commonhaus Foundation, a non-profit organization dedicated to the sustainability of open source libraries and frameworks, has announced that Kroxylicious has joined the foundation this past week. Kroxylicious is an “early-stage project which seeks to lower the cost of developing Kafka proxies by providing a lot of the common requirements out-of-the-box.” This allows developers to focus on the required logic to get their proxies to perform their tasks.
OpenJDK News Roundup: Compact Source, Module Import Declarations, Key Derivation, Scoped Values
MMS • Michael Redlich
There was a flurry of activity in the OpenJDK ecosystem during the week of April 14th, 2025, highlighting eight new JEPs having been elevated from their JEP Drafts to Candidate status. Four of these will be finalized after their respective rounds of preview.
JEP 512, Compact Source Files and Instance Main Methods, has been elevated from its JEP Draft 8344699 to Candidate status. Formerly known as Simple Source Files and Instance Main Methods, this JEP proposes to finalize this feature, with improvements, after four rounds of preview, namely: JEP 495, Simple Source Files and Instance Main Methods (Fourth Preview), delivered in JDK 24; JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), delivered in JDK 23; JEP 463, Implicitly Declared Classes and Instance Main Methods (Second Preview), delivered in JDK 22; and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This feature aims to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. Gavin Bierman, Consulting Member of Technical Staff at Oracle, has published the first draft of the specification document for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.
JEP 511, Module Import Declarations, has been elevated from its JEP Draft 8344700 to Candidate status. This JEP proposes to finalize this feature, without change, after two rounds of preview, namely: JEP 494, Module Import Declarations (Second Preview), delivered in JDK 24; and JEP 476, Module Import Declarations (Preview), delivered in JDK 23. This feature will enhance the Java programming language with the ability to succinctly import all of the packages exported by a module with a goal to simplify the reuse of modular libraries without requiring to import code to be in a module itself.
JEP 510, Key Derivation Function API, has been elevated from its JEP Draft 8353275 to Candidate status. This JEP proposes to finalize this feature, without change, after one round of preview, namely: JEP 478, Key Derivation Function API (Preview), delivered in JDK 24. This features introduces an API for Key Derivation Functions (KDFs), cryptographic algorithms for deriving additional keys from a secret key and other data, with goals to: allow security providers to implement KDF algorithms in either Java or native code; and enable the use of KDFs in implementations of JEP 452, Key Encapsulation Mechanism.
JEP 509, JFR CPU-Time Profiling (Experimental) has been elevated from its JEP Draft 8337789 to Candidate status. This experimental JEP proposes to enhance the JDK Flight Recorder (JFR) to allow for capturing CPU-time profiling information on Linux OS.
JEP 508, Vector API (Tenth Incubator), has been elevated from its JEP Draft 8353296 to Candidate status. This JEP proposes a tenth incubation in JDK 25, with no API changes and no substantial implementation changes since JDK 24, after nine rounds of incubation, namely: JEP 489, Vector API (Ninth Incubator), delivered in JDK 24; JEP 469, Vector API (Eighth Incubator), delivered in JDK 23; JEP 460, Vector API (Seventh Incubator), delivered in JDK 22; JEP 448, Vector API (Sixth Incubator), delivered in JDK 21; JEP 438, Vector API (Fifth Incubator), delivered in JDK 20; JEP 426, Vector API (Fourth Incubator), delivered in JDK 19; JEP 417, Vector API (Third Incubator), delivered in JDK 18; JEP 414, Vector API (Second Incubator), delivered in JDK 17; and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. This feature introduces an API to “express vector computations that reliably compile at runtime to optimal vector instructions on supported CPU architectures, thus achieving performance superior to equivalent scalar computations.” The Vector API will continue to incubate until the necessary features of Project Valhalla become available as preview features. At that time, the Vector API team will adapt the Vector API and its implementation to use them, and will promote the Vector API from Incubation to Preview.
JEP 507, Primitive Types in Patterns, instanceof, and switch (Third Preview), has been elevated from its JEP Draft 8349215 to Candidate status. This JEP, under the auspices of Project Amber, proposes a third round of preview, without change, to gain additional experience and feedback from the previous two rounds of preview, namely: JEP 488, Primitive Types in Patterns, instanceof, and switch (Second Preview), delivered in JDK 24; and JEP 455, Primitive Types in Patterns, instanceof, and switch (Preview), delivered in JDK 23. This feature enhances pattern matching by allowing primitive type patterns in all pattern contexts, and extending instanceof and switch to work with all primitive types. More details may be found in this draft specification by Aggelos Biboudis, Principal Member of Technical Staff at Oracle.
JEP 506, Scoped Values, has been elevated from its JEP Draft 8352695 to Candidate status. Formerly known as Extent-Local Variables (Incubator), this JEP proposes to finalize this feature, without change, after four rounds of preview, namely: JEP 487, Scoped Values (Fourth Preview), delivered in JDK 24; JEP 481, Scoped Values (Third Preview), delivered in JDK 23; JEP 464, Scoped Values (Second Preview), delivered in JDK 22; JEP 446, Scoped Values (Preview), delivered in JDK 21; and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads.
JEP 505, Structured Concurrency (Fifth Preview), has been elevated from its JEP Draft 8340343 to Candidate status. This JEP proposes a fifth preview, with several API changes, to gain more feedback from the previous four rounds of preview, namely: JEP 499, Structured Concurrency (Fourth Preview), delivered in JDK 24; JEP 480, Structured Concurrency (Third Preview), delivered in JDK 23; JEP 462, Structured Concurrency (Second Preview), delivered in JDK 22; and JEP 453, Structured Concurrency (Preview), delivered in JDK 21. This feature simplifies concurrent programming by introducing structured concurrency to “treat groups of related tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability.” One of the proposed API changes involves the StructuredTaskScope interface to be opened via static factory methods rather than public constructors.
JDK 25 Feature Set (So Far) and Release Schedule
The JDK 25 release schedule, as approved by Mark Reinhold, Chief Architect, Java Platform Group at Oracle, is as follows:
- Rampdown Phase One (fork from main line): June 5, 2025
- Rampdown Phase Two: July 17, 2025
- Initial Release Candidate: August 7, 2025
- Final Release Candidate: August 21, 2025
- General Availability: September 16, 2025
With less than two months before the scheduled Rampdown Phase One, where the feature set for JDK 25 will be frozen, these are the two JEPs included in the feature set so far:
Despite not having been formally targeted at this time, it has already been determined that JEP 508, Vector API (Tenth Incubator), will be included in the feature set for JDK 25.
Java News Roundup: Jakarta EE 11 Web Profile, GlassFish, TornadoVM, Micronaut, JHipster, Applet API
MMS • Michael Redlich
This week’s Java roundup for March 31st, 2025 features news highlighting: the formal release of the Jakarta EE 11 Web Profile; the eleventh milestone release of GlassFish 8.0.0; point releases TornadoVM 1.1.0, Micronaut 4.8.0 and JHipster 8.10.0; and a new JEP candidate to remove the Applet API.
OpenJDK
JEP 504, Remove the Applet API, was elevated from its JEP Draft 8345525 to Candidate status. This JEP proposes to remove the Applet API, deprecated in JDK 17, due it’s continued obsolescence since applets are no longer supported in web browsers.
JDK 25
Build 17 of the JDK 25 early-access builds was made available this past week featuring updates from Build 16 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 25, developers are encouraged to report bugs via the Java Bug Database.
GlassFish
The eleventh milestone release of GlassFish 8.0.0 delivers bug fixes, dependency upgrades and improved specification compatibility for various new features of Jakarta EE 11. This relese passes the final Jakarta EE 11 Web Profile TCK. Further details on this release may be found in the release notes.
Jakarta EE 11
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, provided an update on Jakarta EE 11, writing:
Jakarta EE 11 Web Profile is released! It’s a little later than planned, but we’re finally there, and Jakarta EE 11 Web Profile joins Jakarta EE 11 Core Profile among the released specifications. It has been a tremendous effort to refactor the TCK.
Eclipse GlassFish was used as the ratifying compatible implementation of Jakarta EE 11 Web Profile. I would expect other implementations, such as Open Liberty, WildFly, Payara, and more to follow suit over the next weeks and months. Check out the expanding list of compatible products of Jakarta EE 11.
The road to Jakarta EE 11 included four milestone releases, the release of the Core Profile in December 2024, the release of Web Profile in April 2025, and a fifth milestone and first release candidate of the Platform before its anticipated release in 2Q 2025.
TornadoVM
The release of TornadoVM 1.1.0 provides bug fixes and improvements such as: support for mixed precision FP16 to FP32 computations for matrix operations; and a new method, mapOnDeviceMemoryRegion(), defined in the TornadoExecutionPlan class that introduces a new Mapping On Device Memory Regions feature that offers device buffer mapping for different buffers. More details on this release may be found in the release notes.
Micronaut
The Micronaut Foundation has released version 4.8.0 of the Micronaut Framework featuring Micronaut Core 4.8.9 that include: improvements to the Micronaut SourceGen module that now powers bytecode generation of internal metadata and expressions; and the ability to activate dependency injection tracing so that developers can better understand what Micronaut is doing at startup and when a particular bean is created. There were also updates to many of Micronuat’s modules. Further details on this release may be found in the release notes.
Quarkus
Quarkus 3.21.1, the first maintenance release, ships with bug fixes, dependency upgrades and improvements such as: allow execution model annotations (@Blocking, @NonBlocking, etc.) on methods annotated with SmallRye GraphQL @Resolver due to the resolver throwing an error; and a resolution to a Java UnsupportedOperationException when using the TlsConfigUtils class to configure TLS options in a Quarkus project using the Application-Layer Protocol Negotiation (ALPN) extension. More details on this release may be found in the release notes.
JHipster
The release of JHipster 8.10.0 provides notable changes such as: a workaround to a ClassCastException using Spring Boot and Hazelcast upon logging in to a JHipster application; numerous dependency upgrades, most notably Spring 3.4.4; and many internal improvements to the code base. Further details on this release may be found in the release notes.
The release of JHipster Lite 1.31.0 ships with a dependency upgrades to Vite 6.2.4 that resolves two CVEs affecting previous versions of Vite 6.2.4 and 6.2.3, namely: CVE-2025-31125, a vulnerability, resolved in version 6.2.4, in which Vite exposes content of non-allowed files using URL expressions ?inline&import or ?raw?import, to the development server; and CVE-2025-30208, a vulnerability, resolved in version 6.2.3, where the restrictions imposed by the Vite /@fs/ filesystem variable can be bypassed by adding expressions, ?raw?? or ?import&raw??, to the URL and returns file content if it exists. More details on this release may be found in the release notes.
Java News Roundup: Jakarta EE 11 and Spring AI Updates, WildFly 36 Beta, Infinispan, JNoSQL
MMS • Michael Redlich
This week’s Java roundup for March 24th, 2025 features news highlighting: updates for Jakarta EE 11 and Spring AI; the first beta release of WildFly 36.0; the third alpha release of Hibernate Search 8.0; the March 2023 release of Open Liberty; and point releases for Quarkus, Infinispan, JHipster and OpenXava.
OpenJDK
JEP 503, Remove the 32-bit x86 Port, has been elevated from Proposed to Target to Targeted for JDK 25. This JEP proposes to “remove the source code and build support for the 32-bit x86 port.” This feature is a follow-up from JEP 501, Deprecate the 32-bit x86 Port for Removal, delivered in JDK 24.
JDK 25
Build 16 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 15 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 25, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, provided an update on Jakarta EE 11 and Jakarta EE 12, writing:
The Release Review for Jakarta EE 11 Web Profile has started! According to the process, it will conclude on April 7 at the latest. When I write this, seven out of ten members have voted “+1,” which means that super-majority is reached and Jakarta EE 11 Web Profile in practice has passed the release review.
So, what about the Jakarta EE 11 Platform? The status, as of Wednesday [March 26, 2025] is that we are down to ~50 test failures, most of which pass for Jakarta EE 11 Web Profile. This is an indication that there is some configuration or setting for the CI jobs that may be the problem.
Plan reviews for the component specifications targeting Jakarta EE 12 are ongoing. So far eight specifications have completed, or are in the process of completing their plan reviews. More are expected to follow as we get closer to April 15, the deadline communicated by the Jakarta EE Platform project. Check out the Jakarta EE 12 Plan Reviews Project Board for a complete overview.
The road to Jakarta EE 11 included four milestone releases, the release of the Core Profile in December 2024, and the potential for release candidates as necessary before the GA releases of the Web Profile in 1Q 2025 and the Platform in 2Q 2025.
Eclipse JNoSQL
The release of Eclipse JNoSQL 1.1.6, the compatible implementation of the Jakarta NoSQL and Jakarta Data specifications, provides bug fixes, performance improvements and new features such as: a new GraphTemplate interface that supports NoSQL Graph databases; and enhancement to CDI Lite for improved performance and compatibility. More details on this release may be found in the release notes.
BellSoft
In conjunction with the release of JDK 24 and GraalVM for JDK 24, BellSoft has also released version 24.2.0 of Liberica Native Image Kit. Enhancements include: experimental support for the jcmd diagnostic tool on Linux and macOS that complements the existing Native Image monitoring capabilities such as the JDK Flight Recorder (JFR).
Spring Framework
The Spring AI team has posted important changes and updates for using version 1.0.0-SNAPSHOT. These include artifact IDs, dependency management and autoconfiguration. The most significant change is the naming pattern for Spring AI starter artifacts: for model starters, the spring-ai-{model}-spring-boot-starter artifact has been renamed to spring-ai-starter-model-{model}; for vector store starters, the spring-ai-{store}-store-spring-boot-starter artifact has been renamed to spring-ai-starter-vector-store-{store}; and for MCP starters, the spring-ai-mcp-{type}-spring-boot-starter artifact has been renamed to spring-ai-starter-mcp-{type}.
The Spring AI team offers two methods for developers to update their projects: update automatically using AI tools or update manually.
Quarkus
Versions 3.21.0 and 3.20.0 of Quarkus (announced here and here, respectively), the former designated as a new LTS version, with bug fixes, dependency upgrades and new features such as: support for the MongoDB Client extension in their TLS Registry; and enable the Jakarta RESTful Web Services ClientRequestFilter interface run on the same Vert.x context as other handlers to resolve a context propagation issue with blocking REST Clients. More details on this release may be found in the release notes.
Open Liberty
IBM has released version 25.0.0.3 of Open Liberty with new features such as: the ability to configure a shared library using a new configuration element, path, that complement the existing file, folder and fileset configuration elements in an XML file; and compliance with FIPS 140-3, Security Requirements for Cryptographic Modules, for the IBM SDK, Java Technology Edition 8.
WildFly
The first beta release of WildFly 36.0.0 delivers big fixes, dependency upgrades and enhancements such as: the jboss.as.jpa.classtransformer persistence unit is now enabled by default for improved performance; and a warning is now logged should more than one metrics system be enabled. More details on this release may be found in the release notes.
Hibernate
The third alpha release of Hibernate Search 8.0.0 ships with: an alignment with Hibernate ORM 7.0.0.Beta5 that implements the Jakarta Persistence 3.2 specification; and a migration to the Hibernate Models ClassDetailsRegistry interface, based on the Jandex index, to replace the deprecated getJandexView() method defined in the BootstrapContext interface. Further details on this release may be found in the release notes.
Infinispan
The release of Infinispan 15.2.0.Final, codenamed Feelin’ Blue, ships with bug fixes, many dependency upgrades and new features such as: an implementation of the Redis JSON API; and a new look and feel to the console based on the recent upgrade to PatternFly 6. More details on this release may be found in the release notes.
Apache Software Foundation
Apache TomEE 10.0.1, the first maintenance release, provides dependency upgrades and resolutions to notable issues such as: Jakarta Expression Language expressions in Jakarta Faces not working with Eclipse Mojarra, the compatible implementation of Jakarta Faces specification; and the addition of the missing service-jar.xml file in the Serverless Builder API and Embedded Scenarios due to the file being omitted from the BOMs when the TomEE webapp was removed. More details on this release may be found in the release notes.
JHipster
The release of JHipster Lite 1.30.0 ships with bug fixes, improvements in documentation and new features such as: the use of colors to identify modules by rank; and a new display to filter the rank options in the frontend. More details on this release may be found in the release notes.
OpenXava
The release of OpenXava 7.5 released delivers bug fixes, dependency upgrades and new features such as: support for hot code reloading during development without affecting performance in production; and UI improvements that include rounded corners for various widgets; and a flat design applied to most UI elements, thus removing shadows. More details on this release may be found in the release notes.