Author: Michael Redlich

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for January 22nd, 2024 features news highlighting: WildFly 31.0.0, Eclipse Store 1.1.0, BellSoft Liberica Native Image Kit, multiple Quarkus and JHipster Lite releases and Jakarta EE 11 updates.

OpenJDK

After its review had concluded JEP 455, Primitive Types in Patterns, instanceof, and switch (Preview), has been promoted from Proposed to Target to Targeted for JDK 23. This JEP, under the auspices of Project Amber, proposes to enhance pattern matching by allowing primitive type patterns in all pattern contexts, and extend instanceof and switch to work with all primitive types. Aggelos Biboudis, Principal Member of Technical Staff at Oracle, has recently published an updated draft specification for this feature.

JDK 23

Build 7 of the JDK 23 early-access builds was made available this past week featuring updates from Build 6 that include fixes for various issues. More details on this release may be found in the release notes.

JDK 22

Build 33 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 32 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE 11

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has provided an update on the progress of Jakarta EE 11 and beyond. As per the Jakarta EE Specification Process, the Jakarta EE Specification Committee will conduct a progress review of the planned Jakarta EE 11 release and vote on a ballot to approve. If the ballot does not pass, the release date of Jakarta EE 11 could be delayed.

Also, the Jakarta EE Working Group has been thinking beyond Jakarta EE 11 and discussing some ideas for new specifications, such as Jakarta AI. The group has created this Google Doc for the Java community to review and provide input/feedback.

Spring Framework

The Spring Framework team has disclosed that versions 6.1.3 and 6.0.16, released on January 11, 2024, addressed CVE-2024-22233, Spring Framework Server Web DoS Vulnerability, that allows an attacker to provide a specially crafted HTTP request that may cause a denial-of-service condition if the application uses Spring MVC and Spring Security 6.1.6+ or 6.2.1+ is on the classpath.

Version 3.2.1 and 3.1.8 of Spring Shell have been released deliver notable changes: a resolution for the command alias not working on the type level when the subcommand is empty; a split of the JLine dependencies due to issues with native image and to avoid importing classes that may not be needed in an application; and a resolution to the shell cursor not being restored in the terminal multiplexer (tmux) if the shell is hiding the cursor. Both versions build upon Spring Boot 3.2.2 and 3.1.8, respectively. More details on these releases may be found in the release notes for version 3.2.1 and version 3.1.8.

The release of Spring Cloud Commons 4.1.1 has been released featuring a bug fix in which implementations of the Spring Framework BeanPostProcessor interface were not registered correctly when the @LoadBalanced annotation bean was instantiated during auto-configuration. Further details on this release may be found in the release notes.

BellSoft

BellSoft has released versions 23.1.2 for JDK 21 and 23.0.3 for JDK 17 of their Liberica Native Image Kit builds as part of the Oracle Critical Patch Update for January 2024 to address several security and bug fixes. Other notable improvements include: support for AWT and JavaFX fullscreen mode; intrinsified memory copying routines on AMD64 platforms and, where available, they now use AVX instructions for better performance; and SubstrateVM monitor enter/exit routines for accelerated startup of native images.

WildFly

Red Hat has released version 31 of WildFly with application server features such as: support for MicroProfile 6.1, Hibernate ORM 6.4.2, Hibernate Search 7.0.0 and Jakarta MVC 2.1; and the ability to exchange messages from the MicroProfile Reactive Messaging 3.0 specification with Advances Messaging Queuing Protocol (AMQP) 1.0. This release also introduces WildFly Glow, a command line and a set of tools to “provision a trimmed WildFly server instance that contains the server features that are required by an application.” InfoQ will follow up with a more detailed news story.

Quarkus

Red Hat has also released version 3.6.7 of Quarkus with notable changes such as: ensure that the refreshed CSRF cookie retains its original value based on the presence of the token header; dependency management for the Hibernate JPA 2 Metamodel Generator; and a resolution to entity manager issues with Spring Data JPA when using multiple persistence units. More details on this release may be found in the changelog.

Quarkus 3.2.10.Final, the tenth maintenance release in the 3.2 LTS release train, primarily delivers resolutions to CVEs such as: CVE-2023-5675, an authorization flaw with endpoints used in Quarkus RestEasy Reactive and Classic applications customized by Quarkus extensions using the annotation processor; and CVE-2023-6267, an annotation-based security flaw in which the JSON body that a resource may consume is being processed, i.e., deserialized, prior to the security constraints being evaluated and applied. Further details on this release may be found in the changelog.

Helidon

The release of Helidon 4.0.4 delivers notable changes such as: a resolution to the currentSpan() method defined in the TracerProviderHelper class throwing a NullPointerException in situations where an implementation of the TracerProvider class is null; a cleanup and simplification of the logic to determine which type of IP addresses, v4 or v6, to consider during name resolution in WebClient configuration; and security propagation is now disabled when not properly configured. More details on this release may be found in the changelog.

Micronaut

The Micronaut Foundation has released version 4.2.4 of the Micronaut Framework featuring Micronaut Core 4.2.4, bug fixes, dependency upgrades and updates to modules: Micronaut AWS, Micronaut Flyway, Micronaut JAX-RS, Micronaut JMS, Micronaut MicroStream, Micronaut MQTT and Micronaut Servlet. Further details on this release may be found in the release notes.

Hibernate

The release of Hibernate Reactive 2.2.2.Final ships with: a dependency upgrade to Hibernate ORM 6.4.2.Final; removal of unused code that caused a ClassCastException in Quarkus at start up; and new annotations, @EnableFor and @DisabledFor, to enable and disable, respectively, tests for database types. More details on this release may be found in the release notes.

The second alpha release of Hibernate Search 7.1.0 provides: compatibility with Hibernate ORM 6.4.2.Final, Lucene 9.9.1 and Elasticsearch 8.12; an integration of the Elasticsearch/OpenSearch vector search capabilities; and the ability to look up the capabilities of each field when inspecting the metamodel. Further details on this release may be found in the release notes.

Eclipse Store

The release of Eclipse Store 1.1.0 delivers new features such as: monitoring support using the Java Management Extensions (JMX) framework; integration with Spring Boot 3.x; and an implementation of JSR 107, Java Temporary Caching API (JCache). More details on this release may be found in the release notes.

Infinispan

Versions 15.0.0.Dev07 and 14.0.22.Final of Infinispan ship with dependency upgrades and resolutions to notable bug fixes such as: a flaky test failure from the testExpirationCompactionOnLogFile() method defined in the SoftIndexFileStoreFileStatsTest class; an IllegalArgumentException from within the getMembersPhysicalAddresses() method defined in the JGroupsTransport class; and a NullPointerException due to a failover of the Hot Rod Client hanging. Further details on these releases may be found in the release notes for version 15.0.0.Dev07 and version 14.0.22.

JHipster

Versions 1.3.0, 1.2.1 and 1.2.0 of JHipster Lite have been released to deliver bug fixes, dependency upgrades and new features/enhancements such as: use of the LinkedHashSet class instead of the HashSet class for improved reproducible generated code; use of Signals and Control Flow, new features of Angular 17; and support for Protocol Buffers. More details on these releases may be found in the release notes for version 1.3.0, version 1.2.1 and version 1.2.0.

Testcontainers for Java

The release of Testcontainers for Java 1.19.4 ships with bug fixes, improvements in documentation and new features such as: an enhancement in the exec command that supports setting a work directory and environmental variables; support for MySQL 8.3; and an increase of the default startup time for Selenium to 60 seconds. Further details on this release may be found in the release notes.

Gradle

The third release candidate of Gradle 8.6 provides continuous improvement in: support for custom encryption keys in the configuration cache via the GRADLE_ENCRYPTION_KEY environment variable; improvements in error and warning reporting; improvements in the Build Init Plugin to support various types of projects; and enhanced build authoring for plugin authors and build engineers to develop custom build logic. More details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for January 15th, 2024 features news highlighting: JEP 455 Proposed to Target for JDK 23, JDK 22 in Rampdown Phase Two, an updated Jakarta EE 11 release plan, GraalVM, and Oracle’s Critical Patch Update for January 2024.

OpenJDK

JEP 455, Primitive Types in Patterns, instanceof, and switch (Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP, under the auspices of Project Amber, proposes to enhance pattern matching by allowing primitive type patterns in all pattern contexts, and extend instanceof and switch to work with all primitive types. Aggelos Biboudis, Principal Member of Technical Staff at Oracle, has recently published an updated draft specification for this feature. The review is expected to conclude on January 22, 2024.

Ron Pressler, Architect and Technical Lead for Project Loom at Oracle, and Alex Buckley, Specification Lead for the Java Language and the Java Virtual Machine at Oracle, have submitted JEP Draft 8323072, Deprecate Memory-Access Methods in sun.misc.Unsafe for Removal. This JEP proposes to deprecate the memory-access methods defined in the sun.misc.Unsafe class for removal in a future release. These now unsupported methods have had supported replacements since: JDK 9 for accessing on-heap memory; and JDK 22 for accessing off-heap memory.

JDK 23

Build 6 of the JDK 23 early-access builds was made available this past week featuring updates from Build 5 that include fixes for various issues. More details on this release may be found in the release notes.

JDK 22

Build 32 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 31 that include fixes to various issues. Further details on this build may be found in the release notes.

As per the JDK 22 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, formally declared that JDK 22 has entered Rampdown Phase Two. This means that: no additional JEPs will be added for JDK 22; and there will be a focus on the P1 and P2 bugs which can be fixed via the Fix-Request Process. Late enhancements are still possible, with the Late-Enhancement Request Process, but Reinhold states that “the bar is now extraordinarily high.” The final set of 12 features for the GA release in March 2024 will include:

For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has announced a change to the targeted Java version for Jakarta EE 11 to support both JDK 21 and JDK 17. As explained by Grimstad:

While this may seem like a significant change, it turns out that it isn’t that dramatic. None of the component specifications were actually planning on exposing any Java 21 features in their APIs. The only one close to it was Jakarta Concurrency 3.1, with the planned support for Java virtual threads. But it turns out that careful API design allows for support if the underlying JVM supports it.

The biggest change is for the Test Compatibility Kit (TCK), which must be able to run on both Java 17 and Java 21. The implementations that had moved their code base to Java 21 are also affected to some degree depending on how far they have gotten and how many Java 17+ features they have started using.

As a result, the Jakarta EE release plan for specification milestone releases has been modified to accommodate this change, but Grimstad maintained that the original GA release of Jakarta will remain at the June/July 2024 timeframe.

GraalVM

Oracle Labs has released GraalVM for JDK 21 Community 21.0.2 featuring fixes based on the Oracle Critical Patch Update for January 2024. These include: a simplified implementation of the ValueAnchorNode class; a resolution to a problem with the -XX:+PrintGCSummary command-line parameter if assertions are enabled; and a resolution to prevent failures from System.console().readPassword. More details on this release may be found in the release notes.

BellSoft

Concurrent with Oracle’s Critical Patch Update (CPU) for January 2024, BellSoft has released CPU patches for versions 21.0.1.0.1, 17.0.9.0.1, 11.0.21.0.1, 8u401 of Liberica JDK, their downstream distribution of OpenJDK, to address this list of CVEs. In addition, Patch Set Update (PSU) versions 21.0.2, 17.0.10, 11.0.22 and 8u402, containing CPU and non-critical fixes, have also been released.

Spring Framework

The first milestone release of Spring Boot 3.3.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: the removal of APIs that were deprecated in a previous release; support for the Micrometer @SpanTag annotation; and support to auto-configure JwtAuthenticationConverter and ReactiveJwtAuthenticationConverter classes for dedicated Spring Security OAuth2 properties. Further details on this release may be found in the release notes.

The release of Spring Boot 3.2.2 ships with improvements in documentation, dependency upgrades and notable bug fixes such as: the getComment() method called within an instance of the JarEntry class returns incorrect results from instances of the NestedJarFile class; a database connection leak when using jOOQ without the spring.jooq.sql-dialect property having been established; and using the MockRestServiceServerAutoConfiguration class together with the Spring Framework RestTemplate class and RestClient interface throws an incorrect exception. More details on this release may be found in the release notes.

Similarly, the release of Spring Boot 3.1.8 provides improvements in documentation, dependency upgrades and notable bug fixes such as: implementations of the SslBundle interface, PropertiesSslBundle and WebServerSslBundle, do not provide useful toString() results; the mark, ^, that indicates an error in the pattern is misplaced within the log message from a PatternParseException; and mixing PEM and JKS certificate material in the server.ssl properties does not work. Further details on this release may be found in the release notes.

The first milestone release of Spring Security 6.3.0 delivers bug fixes, dependency upgrades and new features such as: a new factory method for the RoleHierarchyImpl class for improved definition of the role hierarchy; a new offset to complement the order attribute within the @EnableMethodSecurity annotation to allow applications to select where the interceptors should be placed; and integrate caching into the HandlerMappingIntrospector class. More details on this release may be found in the release notes.

The first milestone release of Spring Authorization Server 1.3.0 provides dependency upgrades and new features such as: the ability to configurable scope validation strategy in the OAuth2ClientCredentialsAuthenticationProvider class; improved error logging to document an invalid or expired authorization code; and support for multi-tenancy using the path component for the issuer of a certificate. Further details on this release may be found in the release notes.

Versions 1.2.0-M1, 1.1.2 and 1.0.5 of Spring Modulith have been released featuring bug fixes, dependency upgrades and improvements such as: eliminate the use of the deprecated fromDataSource() method defined in the Spring Boot DatabaseDriver enum class; avoid the potential for the ModuleTestExecution class to include modules twice if a module is listed as an extra include but already part of the calculated dependencies; and exclude classes generated by Spring AOT from architecture verification as they might otherwise introduce dependencies to application components considered module internals. More details on these releases may be found in the release notes for version 1.2.0-M1, version 1.1.2 and version 1.0.5.

The first milestone release of Spring Session 3.3.0 ships with dependency upgrades and new features such as: a new ReactiveFindByIndexNameSessionRepository interface to provide an Actuator endpoint for non-indexed session repositories; and a new ReactiveRedisIndexedSessionRepository class to provide a /sessions endpoint for Spring WebFlux applications. Further details on this release may be found in the release notes.

The release of Spring for Apache Pulsar 1.0.2 ships with dependency upgrades and a new Bill of Materials module, spring-pulsar-bom, added to the project. This version will be included in the release of Spring Boot 3.2.2 More details on this release may be found in the release notes.

Helidon

The release of Helidon 4.0.3 delivers notable changes such as: support for the use of Map in configured builders to eliminate the use of “complicated” config.detach().asMap() to obtain the child values; restore the access specifiers of the RegistryFactory class and its getInstance() and getRegistry() methods to public for improved backwards compatibility with the 3.x release train; and improved security resulting from the OIDC provider performing authentication against the ID Token first the introduction of an access token refresh mechanism. Further details on this release may be found in the changelog.

Quarkus

The first release candidate of Quarkus 3.7 features notable changes such as: support for the LinkedIn OIDC provider; the ability to observe security events for an authorization check failure or success such that an application could use this to implement a custom security logging mechanism; and support for the Micrometer @MeterTag annotation, making it possible to add additional tags for methods annotated with @Counted and @Timed from method arguments. More details on this release may be found in the release notes.

The Quarkus team has also announced that the Quarkus documentation is now equipped with full-text search that has initially been implemented on the Quarkus Guides page. This replaces the original simple substring search on the title and summary of each guide. This new capability is powered by the Quarkus.io Search application that uses the Hibernate Search extension which provides integration with OpenSearch/Elasticsearch.

Hibernate

The release of Hibernate ORM 6.4.2.Final provides bug fixes and improvements such as: a new CurrentTenantIdentifierResolver interface to allow for non-string tenant identifiers and tenant resolver as a managed bean; and resolutions to the query problem with joined inheritance hierarchy structure and an HQL join entity not generating a delete condition with the use of the @SoftDelete annotation. Further details on this release may be found in the list of issues.

Similarly, the release of Hibernate Reactive 2.2.1.Final ships with notable changes such as: support for the Order class introduced in Hibernate ORM 6.3; support for applying the upsert() method defined in the StatelessSession interface on all databases; and a resolution for issues with out-of-the-box support for arrays of basic Java types. This release is compatible with Hibernate ORM 6.4.1.Final and Vert.x SQL driver 4.5.1. Hibernate Reactive 2.0.8.Final was also released, however despite compatibility with Vertx SQL client 4.5.1, the team has decided to revert the version 2.0.8 upgrade because it was preventing other applications from upgrading to the latest 2.0 version. More details on this release may be found in the release notes.

Apache Software Foundation

The fifth alpha release of Apache Groovy 5.0.0 delivers bug fixes, dependency upgrades and new features/improvements such as: a custom type checker for format strings to find invalid conversion characters, missing parameters, incorrect types and invalid flags; Generate a serialVersionUID for an instance of the Closure class because it implements the Java Serializable interface; and support for matching on a method call that contains variable arguments with the ASTMatcher class. Further details on this release may be found in the release notes.

Similarly, Apache Groovy 4.0.18 has also been released featuring bug fixes, dependency upgrades and improvements such as: the Groovy Docs now list the inherited properties; and a resolution to avoid processing duplicated entries within META-INF folder. More details on this release may be found in the release notes.

The twelfth alpha release of Apache Maven 4.0.0 provides notable changes such as: leveraging the artifact collection filtering and new transitive dependency manager in the Maven Artifact Resolver; use of JLine for improved line editing; and improved consistency during builds by not resolving projects outside the reactor. Further details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for January 8th, 2024 features news highlighting: JEP drafts for final versions of OpenJDK features String Templates and Implicitly Declared Classes and Instance Main Methods; the Payara Platform 2024 roadmap; and a new TornadoVM plugin for IntelliJ IDEA.

OpenJDK

Ron Pressler, Architect and Technical Lead for Project Loom at Oracle, and Jim Laskey, Software Development Director at Oracle, have submitted JEP Draft 8323335, Implicitly Declared Classes and Instance Main Methods (Final) to finalize this feature. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the two previous rounds of preview, namely JEP 463, Implicit Classes and Instance Main Methods (Second Preview), to be delivered in the upcoming release of JDK 22, and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This JEP proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. The latest draft of the specification document by Gavin Bierman, Consulting Member of Technical Staff at Oracle, is open for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.

Laskey has also submitted JEP Draft 8323333, String Templates (Final), to finalize this feature after two rounds of preview, namely JEP 459, String Templates (Second Preview), to be delivered in the upcoming release of JDK 22, and JEP 430, String Templates (Preview), delivered in JDK 21. This JEP proposes to enhance the Java programming language with string templates, string literals containing embedded expressions, that are interpreted at runtime where the embedded expressions are evaluated and verified. Further details on JEP 430 may be found in this InfoQ news story.

JDK 23

Build 5 of the JDK 23 early-access builds was made available this past week featuring updates from Build 4 that include fixes for various issues. More details on this release may be found in the release notes.

JDK 22

Build 31 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 30 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

Versions 6.1.3 and 6.0.16 of Spring Framework have been released featuring bug fixes, improvements in documentation, dependency upgrades and new features such as: exclude full request URIs containing sensitive query parameters from remaining mono checkpoints while using the WebClient interface; allow the @CrossOrigin annotation to provide a Access-Control-Allow-Private-Network header from an application to Google Chrome if the Access-Control-Request-Private-Network header (Private Network Access) is sent in the preflight request; and avoid early resolution of the getMostSpecificMethod() method defined in the ClassUtils class from within the CommonAnnotationBeanPostProcessor class due to it being called at an outer level before finding an annotation. These versions will be shipped with the upcoming releases of Spring Boot 3.2.2 and 3.1.8. More details on these releases may be found in the release notes for version 6.1.3 and version 6.0.16.

Versions 2023.1.2 and 2023.0.8 of Spring Data have been released providing bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.2.2 and 3.1.8; Spring Data MongoDB 4.2.2 and 4.1.8; Spring Data Elasticsearch 5.2.2 and 5.1.8; and Spring Data Neo4j 7.2.2 and 7.1.8. These versions may also be consumed by the upcoming releases of Spring Boot 3.2.2 and 3.1.8, respectively.

The release of Spring Web Services 4.0.10 ships with notable changes such as: support for jar:nested, a URI scheme for resources within uber JARs as part of a new loader implementation in Spring Boot 3.2, within the SchemaFactoryUtils class; removal of a duplicate dependency declaration for the Apache HttpComponents HttpClient interface; and a dependency upgrade to Spring Framework 6.0.16. Further details on this release may be found in the release notes.

The release of Spring Cloud Dataflow 2.11.2 delivers notable changes such as: an upgrade to Logback 1.2.13 to resolve CVE-2023-6378, a serialization vulnerability in the Logback receiver component that allows an attacker to mount a denial-of-service attack by sending poisoned data; update the BatchVersion enum and the JdbcSearchableJobExecutionDao class to support use of the JOB_CONFIGURATION_LOCATION field that was removed in Batch5-based schemas that broke some queries; and a resolution to the getJobExecutionsWithStepCountFilteredByTaskExecutionId() method in the aforementioned JdbcSearchableJobExecutionDao class does not support BATCH_ task prefixes. More details on this release may be found in the release notes.

Payara

The Payara team has provided a retrospective on 2023 and a roadmap for the Payara Platform in 2024 and beyond. Highlights in 2023 included: the release of Payara Platform 6; support for JDK 21 and MicroProfile 6.1; and the introduction of Payara Starter. The comprehensive roadmap for 2024 includes: their vision for all Payara products through 2026; detailed individual roadmaps of Payara Server, Payara Micro, Payara Cloud and Payara Developer Tools; and support for Jakarta EE 11, scheduled for a GA release in June/July 2024. More details may be found in Empowering Enterprise Innovation with Jakarta EE, presented at the December 2023 Payara Virtual Conference by Louise Castens, Senior Product Manager at Payara, and Luqman Saeed, Contract Technical Writer at Payara.

TornadoVM

TornadoInsight, an “open-source IntelliJ IDEA plugin for enhancing the developer experience when working with TornadoVM,” was introduced by the TornadoVM team this past week. Key features include: an on-the-fly static checker that scans TornadoVM code in real-time and reports any Java features that are not supported by TornadoVM; and a dynamic testing framework to simplify the testing process for individual TornadoVM tasks. InfoQ will follow up with a more detailed news story.

Micrometer

Versions 1.12.2 and 1.11.8 of Micrometer Metrics both deliver dependency upgrades and notable bug fixes such as: add the missing version declarations in the io.netty:netty-transport-native-epoll artifact in the POM file that yielded a compile error; a rename of the thread that polls meters in the StepMeterRegistry class that shared the same name with a publishing thread; and a fix in the unaryRpcAsync() method defined in the GrpcObservationTest class for improved concurrency. Further details on these releases may be found in the release notes for version 1.12.2 and version 1.11.8.

Similarly, versions 1.2.2 and 1.1.9 of Micrometer Tracing both provide dependency upgrades and notable bug fixes such as: the SimpleTraceContextBuilder class not overriding values from an implementation of the TraceContext interface; and manually created baggage fields do not propagate across threads using the ObservationAwareSpanThreadLocalAccessor class. More details on these releases may be found in the release notes for version 1.2.2 and version 1.1.9.

Project Reactor

Project Reactor 2023.0.2, the second maintenance release, provides dependency upgrades to reactor-core 3.6.2, reactor-netty 1.1.15 and reactor-pool 1.0.5. There was also a realignment to version 2023.0.2 with the reactor-kafka 1.3.22, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.

Next, Project Reactor 2022.0.15, the fifteenth maintenance release, provides dependency upgrades to reactor-core 3.5.14, reactor-netty 1.1.15 and reactor-pool 1.0.5. There was also a realignment to version 2022.0.15 with the reactor-kafka 1.3.22, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.

And finally, the release of Project Reactor 2020.0.40, codenamed Europium-SR40, provides dependency upgrades to reactor-core 3.4.35 and reactor-netty 1.0.41. There was also a realignment to version 2020.0.40 with the reactor-pool 0.2.12, reactor-kafka 1.3.22, reactor-addons 3.4.10, reactor-kotlin-extensions 1.1.10 and reactor-rabbitmq 1.5.6 artifacts that remain unchanged. Further details on this release may be found in the changelog.

Apache Software Foundation

Versions 11.0.0-M16, 10.1.18, 9.0.85 and 8.5.98 of Apache Tomcat all feature bug fixes and notable changes such as: refactor the VirtualThreadExecutor class so that it can be used by the NIO2 connector which was using platform threads despite having been configured to use virtual threads; correct a regression in the fix for issue 67675 that broke TLS key file parsing for format keys typically generated by OpenSSL 1.0.2 that do not specify an explicit pseudo-random function and only rely on the default; and allow multiple operations with the same name on introspected MBeans, fixing a regression caused by the introduction of a second addSslHostConfig() method. More details on these releases may be found in the release notes for version 11.0.0-M16, version 10.1.18, version 9.0.85 and version 8.5.98.

After the release of Apache Cocoon 2.3.0, the team has recently decided to retire the 2.1 and 3.0 branches of Cocoon. The 2.1 branch, initially released more than 20 years ago, is now considered obsolete. The 3.0 branch was an attempt to rewrite Cocoon from scratch, but was never finalized. Apache Cocoon, a Spring-based framework (since version 2.2), is built around the concepts of separation of concerns and component-based development.

Grails

The Grails Foundation has released versions 5.3.6 and 3.3.18 of the Grails Framework with notable changes such as: revert the recent upgrade to SnakeYAML, Micronaut, Spring and Spring Boot because they were not backward compatible; add a workflow to manually trigger a release to SDKMan; and update the NexusPublishing extension to increase the delay of retries from 2000 to 3000 milliseconds. Further details on these releases may be found in the release notes for version 5.3.6 and version 3.3.18.

Piranha Cloud

The release of Piranha 23.12.0 delivers notable changes such as: a resolution to a Windows build failure by downgrading Eclipse WaSP, the compatible implementation for Jakarta Pages and Jakarta Standard Tag Library, from version 3.2.1 to 3.2.0; a new UberPiranha class and corresponding uber module to initialize Piranha on the command line; and the ability to set a temporary directory for Piranha Uber. More details on this release may be found in their documentation and issue tracker.

OpenXava

The release of OpenXava 7.2.2 provides dependency upgrades and notable bug fixes such as: multiple @RowStyle annotations applied to the same row, but only one is considered; the @ListProperties annotation does not support several properties when used in conjunction with the @Tree or @Editor("TreeView") annotations; and database connection leaks when using the calendar list format. Further details on this release may be found in the release notes.

Gradle

The second release candidate of Gradle 8.6 provides continuous improvement in: support for custom encryption keys in the configuration cache via the GRADLE_ENCRYPTION_KEY environment variable; improvements in error and warning reporting; improvements in the Build Init Plugin to support various types of projects; and enhanced build authoring for plugin authors and build engineers to develop custom build logic. More details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for January 1st, 2024 features news highlighting: Spring Shell, Micronaut, JReleaser, JobRunr, Sharat Chander acknowledging the 2023 accomplishments from the Java Community, and 2023 highlights from the Apache Camel projects.

JDK 23

Build 4 of the JDK 23 early-access builds was made available this past week featuring updates from Build 3 that include fixes for various issues. Further details on this release may be found in the release notes.

JDK 22

Build 30 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 29 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

Versions 3.2.0 and 3.1.7 of Spring Shell have been released featuring notable bug fixes such as: the ExitCodeAutoConfiguration class doesn’t map to the CommandParserExceptionsException class due to due to a change between Spring Boot 3.2.0 and 3.2.1 in its runner logic where the exception is no longer wrapped in the IllegalStateException class; and using the --file command line option after generating an application with native image, a NullPointerException is thrown due to an incomplete configuration for the reflection at runtime. Both versions also provide a dependency upgrade to Spring Boot 3.2.1 and 3.1.7, respectively. Further details on these releases may be found in the release notes for version 3.2.0 and version 3.1.7.

Micronaut

The Micronaut Foundation has released version 4.2.3 of the Micronaut Framework featuring Micronaut Core 4.2.3, bug fixes, dependency upgrades and updates to modules: Micronaut AWS and Micronaut Maven Plugin. Notable changes include: a fix to the @Generated annotation in which a class co-annotated with the @Client annotation was not being introspected; and a change in use of the TypeVariable interface to extract the type variable name, as opposed to its toString() representation, to correct its usage for the future. More details on this release may be found in the release notes.

JReleaser

Version 1.10.0 of JReleaser, a Java utility that streamlines creating project releases, has been released to deliver bug fixes, improvements in documentation and notable changes such as: auto-convert links to Markdown format; the contents of java.options in the YAML file should be honored and used as input for the $JAVA_OPTS environmental variable; and the addition of properties from other elements, like deployers and assemblers, to the generated JReleaser report of properties. Further details on this release may be found in the release notes.

JobRunr

Version 6.3.4 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released featuring notable changes such as: improved integration with Micronaut when starting multiple servers; and drop usage of a deprecated method that was removed in Quarkus 3.6 for improved compatibility with Quarkus. More details on this release may be found in the release notes.

The Java Community

At the end of 2023, Sharat Chander, Senior Director, Product Management & Developer Engagement at Oracle, posted Tis the season of…Thanks! to acknowledge the contributions by the Java community, noting:

And as year’s end approaches, I’d like to reflect on all the ongoing momentum in the developer community that continues to keep Java vibrant.

As Java technology continues to advance, it’s the people, people like you, that give it such a strong heartbeat. So, with the holiday season upon us, I’d like to give thanks, appreciation, and recognition from Oracle’s Java Developer Relations Team for many of those accomplishments and the people involved.

Highlights from 2023 included: conference milestone anniversaries of Devoxx UK (10 years), Devoxx Belgium (20 years), Devoxx Morocco (10 years) and J-Fall (20 years); 18 newly crowned Java Champions; the impact of the over 360 Java User Groups (JUGs) noting that the very first JUG, NYJavaSIG, kicked off in 1996; and the numerous contributors to the Dev.java and Duke’s Corner.

Apache Camel Projects

Claus Isben, Senior Principal Software Engineer at Red Hat and committer on Apache Camel, provided an end-of-year summary of Apache Camel projects and contributions by the Java community. Highlights included: 33 Camel Core releases; 13 Camel Quarkus releases; seven Camel K releases; 1021 GitHub contributors; 68078 total number of commits; and 12593 closed pull requests.

Article originally posted on InfoQ. Visit InfoQ

It was very quiet for the week of December 25th, 2023, but InfoQ found a few news items of interest that include: Eclipse GlassFish 8.0.0-M1, Apache Camel 3.22.0, Gradle 8.6-RC1, an updated draft specification for JEP 455, and retrospectives into the 2023 highlights from Spring, BellSoft and WildFly.

OpenJDK

Aggelos Biboudis, principal member of technical staff at Oracle, has published an updated draft specification for JEP 455, Primitive types in Patterns, instanceof, and switch (Preview). This JEP, under the auspices of Project Amber and currently in Candidate status, proposes to enhance pattern matching by allowing primitive type patterns in all pattern contexts, and extend instanceof and switch to work with all primitive types.

JDK 23

There was no activity in the JDK 23 early-access builds this past week. Build 3 remains the latest update. Further details on this release may be found in the release notes.

JDK 22

Similarly, there was also no activity in the JDK 22 early-access builds. The latest update remains at Build 29. More details on this build may be found in the release notes.

For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.

Eclipse GlassFish

The first milestone release of Eclipse GlassFish 8.0.0 delivers support for Jakarta EE 11-M1 with full implementations of the Jakarta Security 4.0.0-M1 and Jakarta Faces 4.1.0-M1 specifications, and a partial implementation of the Jakarta Servlet 6.1.0-M1 specification. JDK 17 is the required minimal version at this time, but may be updated to JDK 21 in the next milestone release. There is support for JDK 21, and the final version of GlassFish 8 is targeted to certify on JDK 21 for Jakarta EE 11. More details on this release may be found in the release notes.

GraalVM

Oracle has announced that Oracle GraalVM is now available as a Paketo buildpack. In collaboration with the Paketo team, Oracle GraalVM has been integrated into the Oracle buildpack. This allows developers to add both the Native Image and Oracle buildpacks to a buildpack configuration file for executing the application.

Apache Software Foundation

The release of Apache Camel 3.22.0 ships with bug fixes, dependency upgrade and new features/improvements such as: support for start and end dates in the Camel Quartz component; the ability to use the old Micrometer meter names or follow the new Micrometer naming conventions; and provide a tracing strategy to trace each processor for Camel OpenTelemetry as part of the migration process from Camel OpenTracing. More details on this release may be found in the release notes.

Gradle

The first release candidate of Gradle 8.6 provides: support for custom encryption keys in the configuration cache via the GRADLE_ENCRYPTION_KEY environment variable; improvements in error and warning reporting; improvements in the Build Init Plugin to support various types of projects; and enhanced build authoring for plugin authors and build engineers to develop custom build logic. More details on this release may be found in the release notes.

Spring Framework

Josh Long, Spring developer advocate at Broadcom, published This Year in Spring – 2023, a retrospective into the 2023 highlights. These include: support for Artificial Intelligence with the introduction of the Spring AI project; continued GraalVM native image support in Spring Boot 3.0+; support for virtual threads and Project Loom; support for Coordinated Restore at Checkpoint (CRaC) with the release of Spring Boot 3.2; support for Docker-driven development where Spring Boot can derive connectivity information from either a local Docker Compose description file or Testcontainers; and the release of Spring Modulith 1.0 that provides production-readiness, IDE support and improved testability.

Long also published the latest edition of his A Bootiful Podcast with Joris Kuipers, CTO at Trifork and former senior consultant at VMware. Recorded live in October 2023 from the SpringOne tour in Amsterdam, Long spoke to Kuipers about topics such as his career, the Spring ecosystem and GraalVM. They also answered questions via chat from attendees.

BellSoft

Alex Belokrylov, CEO at BellSoft, provided a retrospective into BellSoft’s 2023 highlights, noting:

This year was filled with overcoming challenges, seizing opportunities, taking part in fruitful engagements, and participating in unforgettable events.

Technical highlights included: the introduction of Alpaquita Containers; launch of the Performance Edition line with the release of Liberica JDK 11 Performance Edition; introduction of Liberica JDK with CRaC; and ongoing commitment to OpenJDK and GraalVM that includes four quarterly releases with security patches and critical fixes.

Highlights of BellSoft’s engagement with the Java community included: 30 presentations at 28 global events, such as JNation and Devoxx, by Dmitry Chuyko, performance architect at Bellsoft; and participation in the 25th anniversary celebration of the Java Community Process in New York City in September 2023.

WildFly

Brian Stansberry, senior principal software engineer at Red Hat, provided an end-of-year summary on Wildfly and the contributions by the Java community. Highlights included: three major version releases of WildFly 28, 29 and 30; new extensions for the MicroProfile Telemetry and MicroProfile Long-Running Actions specifications; implementations of most of the MicroProfile 6.0 specification, with updates to MicroProfile 6.1 in the upcoming release of WildFly 31; support for JDK 21; more than 2000 issues and enhancements resolved in the WildFly main code; and a license change of the WildFly code base to Apache License 2.0.

There was also a significant amount of work on improving documentation and tooling related to getting started with WildFly. Stansberry also announced that WildFly 31 will be released in January 2024.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for December 18th, 2023 features news highlighting: Jakarta EE 11-M1 and GA release plan; Payara Platform December 2023 release; point releases for Spring Boot, Spring Cloud and Spring Security; Quakrus release plan; and CVE-2023-46131, a Grails data binding vulnerability.

JDK 23

Build 3 of the JDK 23 early-access builds was made available this past week featuring updates from Build 2 that include fixes for various issues. Further details on this release may be found in the release notes.

JDK 22

Build 29 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 28 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.

JavaFX 22

Build 23 of the JavaFX early-access builds was made available featuring updates from Build 22 that include fixes to various issues.

Jakarta EE

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE developer advocate at the Eclipse Foundation, has announced that the first milestone release of Jakarta EE 11 has been made available to the Java community. The goal of this release is to verify that the build chain was well established and provide the API artifacts to all implementers of Jakarta EE. Details for each profile may be found in Jakarta EE Platform 11-M1, Jakarta EE Web Profile 11-M1 and Jakarta EE Core 11-M1.

Grimstad also provided an update on the status of plan reviews for the specifications that will provide updates for Jakarta EE 11, scheduled for a GA release in 1H2024:

• December 2023: Milestone 1 providing milestone releases for all specifications that have planned updates for Jakarta EE 11.
• February 2024: Milestone 2 providing final versions of specifications in waves 1 to 4 and updated milestone versions for the remaining specifications.
• March 2024: Milestone 3 providing final versions of specifications in wave 5 and updated milestones for the remaining specifications.
• April 2024: Milestone 4 providing final versions of specifications in waves 6 to 7.

Further details on Jakarta EE 11, including the specifications classified in each wave, may be found in the release plan.

Eclipse JNoSQL

Version 1.0.4 of Eclipse JNoSQL, the compatible implementation of the Jakarta NoSQL specification, has been released featuring: fixes for constructor and generics type handling to ensure a more seamless experience when working with Eclipse JNoSQL; enhanced handling of null values in embeddable documents; and change in the package name to avoid duplicate names in different modules. More details on this release may be found in the release notes.

Spring Framework

Versions 3.2.1 and 3.1.7 of Spring Boot deliver improvements in documentation, dependency upgrades and notable bug fixes such as: an instance of the HibernateJpaAutoConfiguration class should be applied before DataSourceTransactionManagerAutoConfiguration class because the former imports required beans; an IllegalStateException from closing a ZIP file due to the StaticResourceJars class closing JAR files from cached connections; and child contexts created with the SpringApplicationBuilder class executes the parents runners. Further details on these releases may be found in the release notes for version 3.2.1 and version 3.1.7.

Versions 6.2.1, 6.1.6 and 5.8.9 of Spring Security have been released featuring bug fixes, dependency upgrades and new features such as: document that the Shibboleth Repository is required for support of the Security Assertion Markup Language (SAML); integrate caching of the HandlerMappingIntrospector class; and a resolution to the OAuth2 Resource Server exposing server information. More details on these releases may be found in the release notes for version 6.2.1, version 6.1.6 and version 5.8.9.

Spring Cloud 2021.0.9, codenamed Jubilee, has been released providing bug fixes and upgrades to sub-projects such as: Spring Cloud Commons 3.1.8; Spring Cloud Starter Build 2021.0.9; Spring Cloud Kubernetes 2.1.9; and Spring Cloud Netflix 3.1.8. This release is based on Spring Boot 2.6.15 and is compatible with Spring Boot 2.7.18 and 3.0.13.

Versions 1.1.1 and 1.0.4 of Spring Modulith have been released to deliver bug fixes, dependency upgrades and improvements: avoid potential duplicate inclusions of the ModuleTestExecution class; and exclude Spring AOT classes from architecture verification as they might otherwise introduce dependencies to application components considered module internals. Further details on these releases may be found in the release notes for version 1.1.1 and version 1.0.4.

Versions 1.2.1, 1.1.4 and 0.4.5 of Spring Authorization Server have been released featuring bug fixes, dependency upgrades and a new feature in which the org.webjars dependencies were removed from the demo-authorizationserver sample application. More details on this release may be found in the release notes for version 1.2.1, version 1.1.4 and version 0.4.5.

The release of Spring for Apache Kafka 3.1.1 ships with bug fixes, improvements in documentation, dependency upgrades and new features such as: minor improvements to the listeners associated with the MessagingMessageListenerAdapter class; a resolution to defects in perceived counterintuitive default methods in the ConsumerFactory interface; and improvements to the DefaultKafkaHeaderMapper class to avoid any potential NullPointerException exceptions. Further details on this release may be found in the release notes.

The release of Spring for Apache Pulsar 1.0.1 provides bug fixes, improvements in documentation, dependency upgrades and improvements: a more convenient way to use the @ReactivePulsarListener annotation in streaming mode with Spring messages; support for tombstone records with the @PulsarListener annotation; and a deprecation of the (Reactive) PulsarListenerEndpointAdapter and ReactivePulsarListenerEndpointAdapter classes in favor of default methods defined in the ListenerEndpoint interface and its subinterfaces for improved custom implementations of ListenerEndpoint. More details on this release may be found in the release notes.

The release of Spring AMQP 3.1.1 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: elimination of the synchronized keyword in the BlockingQueueConsumer, RabbitTemplate and RabbitAdmin classes; and a resolution to a new ObjectMapper instance of the Jackson2JsonMessageConverter class not aware of the module supporting JSR 310, Date and Time API. Further details on this release may be found in the release notes.

Payara

Payara has released their December 2023 edition of the Payara Platform that includes Community Edition 6.2023.12 and Enterprise Edition 6.9.0. Both editions feature bug fixes, component upgrades and improvements: enhancements in the Payara Bill of Materials (BOM) for version consistency with the Payara API dependency that simplifies dependency management for developers; and publication of Docker images compatible with JDK 21 that ensures developers have access to the latest and most secure Java features. More details on these versions may be found in the release notes for Community Edition 6.2023.12 and Enterprise Edition 6.9.0.

Open Liberty

IBM has released version 24.0.0.1-beta of Open Liberty featuring support Jakarta Data 1.0-M2 specification which provides API updates to pagination and various improvements to the Javadoc and specification text. This release includes a test implementation of Jakarta Data that they use to experiment with proposed specification features so that developers can try out these features and provide feedback for the Jakarta Data 1.0 specification beyond milestone 2.

Quarkus

The release of Quarkus 3.6.4 provides resolutions to: a NullPointerException observed in edge cases during a live reload by adding null checks to the isRestartNeeded() method defined in the TimestampSet inner static class within the RuntimeUpdatesProcessor class; an incorrect error reported when the OpenAPI key is not present by adding a Vert.x NoStackTraceException class in the metrics output; and a NoClassDefFoundError from the Java SequencedCollection interface with an application targeting Java 17, built with JDK 21 and running with Java 17. Further details on this release may be found in the changelog.

With Quarkus 3.2 defined as the current LTS release, Red Hat has published their release plans for upcoming minor releases of Quarkus 3.7, 3.8 and 3.9, currently scheduled for release at the end of January, February and March 2024, respectively. JDK 17 will be the minimal JDK version starting with Quarkus 3.7 and Quarkus 3.8 will be defined as the next LTS release. More details on the upcoming release of Quarkus 3.7 may be found in this InfoQ news story.

Helidon

The release of Helidon 4.0.2 ships with notable changes such as: an update to the web server’s internal state if a listener fails to start by ensuring that calls to the isRunning() method defined in the WebServer interface must return false and the server isn’t listening for connections; a resolution to premature access to the RegistryFactory class due to the JPA CDI extension running some start-up complete code before the metrics CDI extension had a chance to prepare Helidon MP metrics; and ensure that a supplier of the WsListener interface is called exactly once per connection to resolve reuse of the supplier in request/response lifecycle. Further details on this release may be found in the release notes.

Similarly, Helidon 3.2.5 provides: dependency upgrades; fixes to some of the examples; and slight relaxation of a unit test to avoid test ordering issues. More details on this release may be found in the release notes.

Hibernate

The release of Hibernate Search 6.2.3.Final delivers notable changes such as: upgrade the -orm6 artifacts to Hibernate ORM 6.2.17.Final; compatibility with OpenSearch 2.11.0; and an adjustment to Hibernate Search’s Jandex index reading and building to work correctly with Spring Boot 3.2’s nested JARs. Further details on this release may be found in the release notes.

Grails

The Grails Foundation has provided full disclosure for CVE-2023-46131, a vulnerability in which a specially crafted Grails data binding web request can lead to a JVM crash or a denial of service. This CVE has been resolved in Grails versions 3.3.17, 4.1.3, 5.3.4 and 6.1.0.

The foundation has also released version 5.3.5 of the Grails Framework featuring: dependency upgrades; improvements to the release workflow; and change the resolve strategy from DELEGATE_FIRST to OWNER_FIRST due to the setProperty() method defined in the BeanBuilder class intercepting assignments, then discarding them if the currentBeanConfig variable is null. More details on this release may be found in the release notes.

Apache Software Foundation

The fourth alpha release of Apache Groovy 5.0.0 delivers bug fixes, dependency upgrades and new features/improvements such as: the addition of a getCodePoints() method in the StringGroovyMethods class to allow traditional Groovy conventions of using the codePoints property; a reconsideration to implement an implication operator, ==>, for scenarios where the operator aids readability or otherwise makes sense; and generation of bytecode for Groovy interfaces with default, private and static methods to replace defaults methods that are currently based on traits. Further details on this release may be found in the release notes.

Apache Groovy 4.0.17 has been released with dependency upgrades and resolutions to: a regression in version 4.0.16 related to static type checking with Groovy generics; the JsonSlurper class parsing badly format JSON files without throwing an exception; and patterns conditionally created using the pattern operator, ~, are cast to type String or GString instead of Pattern. More details on this release may be found in the release notes.

Similarly, Apache Groovy 3.0.20 has also been released providing bug fixes, dependency upgrades and improvements such as: an enhancement to the coercion and implicit cast of map literals for the @CompileStatic annotation; and a resolution to the static type checker not being able to infer List or Map types for a method return. Further details on this release may be found in the release notes.

The release of Apache Camel 4.3.0 ships with bug fixes, dependency upgrades and new features such as: a new Kamelet to support the Advanced Message Queuing Protocol; basic support for virtual threads (but doesn’t cover the replacement of synchronized blocks with reentrant locks nor the review of all thread locals); and support for start and end dates in the Camel Quartz component. More details on this release may be found in the release notes

Infinispan

The release of Infinispan 13.0.21.Final provides resolutions to: CVE-2023-4487, a process control vulnerability in which an attacker can insert malicious configuration files in the expected web server execution path to escalate privileges and gain full control of the Human Machine Interface software; CVE-2023-44487, a vulnerability in which Tomcat’s implementation of HTTP/2 was vulnerable to the rapid reset attack causing a denial of service that was typically manifested as an OutOfMemoryError; and an availability check failure with an uncaught exception from the PersistenceManager interface. Further details on this release may be found in the release notes.

Resilience4j

Version 2.2.0 of Resilience4j, a fault tolerance library for Java, has been released with bug fixes and these enhancements: support for Micronaut 4.0; and a framework agnostic bootstrapping of Resilience4j from Apache Commons configuration of properties for non-Spring Java applications. More details on Resilience4j may be found in this InfoQ news story.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for December 11th, 2023 features news highlighting: OpenJDK early access releases, Open Liberty 23.0.0.12, Infinispan 15.0.0-Dev06, JHipster 8.1.0, Piranha 23.12.0, Apache Tomcat 11.0.0-M15, 10.1.17, 9.0.84 and 8.5.97 and the debut of the Payara Virtual Conference.

JDK 23

Build 2 of the JDK 23 early-access builds was made available this past week featuring updates from Build 1 that include fixes for various issues. Further details on this release may be found in the release notes.

JDK 22

Build 28 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 27 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

Versions 6.1.2 and 6.0.15 of Spring Framework have been released to deliver bug fixes, improvements in documentation, dependency upgrades and new features such as: declare the isStatic() and releaseTarget() methods as default in the TargetSource interface; an improved @RegisterReflectionForBinding annotation for explicitly handling enums; and a resolution to avoid a race condition in the ConcurrentReferenceHashMap class. These versions may be consumed by the upcoming releases of Spring Boot 3.2.1 and 3.1.7, respectively. Further details on these releases may be found in the release notes for version 6.1.2 and version 6.0.15.

Versions 2023.1.1 and 2023.0.7 of Spring Data have been released providing bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.2.1 and 3.1.7; Spring Data MongoDB 4.2.1 and 4.1.7; Spring Data Elasticsearch 5.2.1 and 5.1.7; and Spring Data Neo4j 7.2.1 and 7.1.7. These versions may also be consumed by the upcoming releases of Spring Boot 3.2.1 and 3.1.7, respectively.

Open Liberty

IBM has released version 23.0.0.12 of Open Liberty featuring support for MicroProfile 6.1; updates to Liberty Maven plug-in 3.10, Liberty Gradle plug-in 3.8 and Liberty Tools 23.0.12 for Eclipse IDE, IntelliJ IDEA, and Visual Studio Code; and a resolution to CVE-2023-44487, a vulnerability in which Tomcat’s implementation of HTTP/2 was vulnerable to the rapid reset attack causing a denial of service that was typically manifested as an OutOfMemoryError.

Quarkus

The release of Quarkus 3.6.3 provides resolutions to: a regression in version 3.6.2 that yielded a NullPointerException from within the ConfigDiagnostic class; disabling of Dev Services for Keycloak leads to startup error; and a NullPointerException when Quarkus tries to match unknown configuration files. More details on this release may be found in the changelog.

Micronaut

The Micronaut Foundation has released version 4.2.2 of the Micronaut Framework featuring Micronaut Core 4.2.2 and updates to modules: Micronaut AWS and Micronaut Cache. Further details on this release may be found in the release notes.

Helidon

The release of Helidon 2.6.5 delivers: dependency upgrades, support for provider-specializing injection points in the OciExtension class; and correct errors in the documentation on how OpenAPI generator configuration settings are set. More details on this release may be found in the changelog.

Grails

The Grails Foundation has released version 6.1.1 of Grails Framework featuring big fixes, dependency upgrades and notable changes such as: resolve flaky tests by using different template names for each test; update Grails to, and make compatible with, Groovy 3.0.19; and a SnakeYAML BOM. Further details on this release may be found in the release notes.

Infinispan

The sixth development release of Infinispan 15.0.0 features notable changes such as: a reintroduction of support for JCache since its CDI aspects that depend on the javax namespace are optional making it possible to implement JCache without CDI; a resolution for the IllegalArgumentException thrown from the getMembersPhysicalAddresses() method defined in the JGroupsTransport class; and a check to ensure that the MetricsRegistry interface is enabled before trying to register metrics. More details on this release may be found in the changelog.

Micrometer

Versions 1.12.1 and 1.11.7 of Micrometer Metrics both deliver dependency upgrades and notable changes: a new ModifiedClassPathClassLoader class to synchronize with the version from Spring Boot; and a fix for duplication of publishing data if closing step registries before completion of the first step closes within one step. Further details on these releases may be found in the release notes for version 1.12.1 and version 1.11.7.

Similarly, versions 1.2.1 and 1.1.8 of Micrometer Tracing both provide dependency upgrades and a resolution to the default value of 0 returned by the getWallTime() method defined in the Event inner interface of the Observation interface causing backend failures when spans are uploaded. More details on these releases may be found in the release notes for version 1.2.1 and version 1.1.8.

Eclipse Vert.x

The release of Eclipse Vert.x 4.5.1 ships with notable changes such as: a switch from Locale.ROOT to Local.US for parsing PostgreSQL timestamps due to a change in JDK 22; a NullPointerException in the ForwardedParser class when the host header is missing for HTTP/1.1; and a new @JsonGen annotation that replaces the @DataObject annotation to trigger generation of a converter. Further details on this release may be found in the release notes and deprecations and breaking changes.

JHipster

The release of JHipster 8.1.0 features bug fixes, dependency upgrades and new features such as: use of a session endpoint metadata for OAuth logout; a refactor of the authorization header in the CustomClaimConverter class. More details on this release may be found in the release notes and this InfoQ news story on JHipster 8.0.

Project Reactor

Project Reactor 2023.0.1, the first maintenance release, provides dependency upgrades to reactor-core 3.6.1, reactor-netty 1.1.14 and reactor-pool 1.0.4. There was also a realignment to version 2023.0.1 with the reactor-kafka 1.3.22, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.

Similarly, Project Reactor 2022.0.14, the fourteenth maintenance release, provides dependency upgrades to reactor-core 3.5.13, reactor-netty 1.1.14 and reactor-pool 1.0.4. There was also a realignment to version 2022.0.14 with the reactor-kafka 1.3.22, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.

Apache Software Foundation

Versions 11.0.0-M15, 10.1.17, 9.0.84 and 8.5.97 of Apache Tomcat all feature bug fixes and notable changes such as: background processes for a container no longer execute while lifecycle operations are in progress for that container; correct unintended escaping of XML in some responses from WebDAV; use an HTTP 408 status code, Request Timeout, instead of an HTTP 400 status code, Bad Request, if a read timeout occurs during HTTP request processing. More details on these releases may be found in the changelog for version 11.0.0-M15, version 10.1.17, version 9.0.84 and version 8.5.97.

The ninth alpha release of Apache Maven 4.0.0 delivers notable changes such as: a dependency upgrade to Maven Resolver 2.0.0-alpha-3; a multithreaded map/reduce algorithm to parse the lengthy reactor models in parallel; and the @SessionScoped annotation will now create proxies to wrap beans when there’s a need to inject a bean while the session scope is not yet available. Further details on this release may be found in the release notes.

Versions 3.21.3 and 3.20.9 of Apache Camel both feature dependency upgrades and notable bug fixes such as: an OutOfMemoryError upon initiating a large file upload via multipart; the addHeaderNameMethod() method defined in the EndpointDslMojo class generates the wrong header names; and configuration of Kubernetes secrets with Apache Camel K not working as expected. More details on these releases may be found in the release notes for version 3.21.3 and version 3.20.9.

Piranha

The release of Piranha 23.12.0 delivers notable changes such as: support for CRaC in the Payara Web Profile; an update to the Docker files to JDK 21; and a dependency upgrade to Spring Boot 3.1.6. Further details on this release may be found in their documentation and issue tracker.

OpenXava

The release of OpenXava 7.2.1 provides dependency upgrades and notable bug fixes such as: a Remote Code Execution vulnerability via XSTL from dependencies; use of an @OnChange action in @Coordinates not working as intended; and the idProperties attribute defined in the @Tree annotation was ignored. More details on this release may be found in the release notes.

Payara Virtual Conference

The first-ever Payara Virtual Conference, a one-day event, was held this past week featuring talks from top industry analysts, Java Champions and Jakarta EE experts. Attendees also learned more about the Payara Platform 2024 roadmap from Steve Millidge, CEO at Payara.

Editor’s Note

Michael Redlich served as one of the speakers at the Payara Virtual Conference.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for December 4th, 2023 features news highlighting: JDK 22 having moved to Rampdown Phase One; formation of the JDK 23 expert group; JEP 464, Scope Values (Second Preview) targeted for JDK 22; Spring Cloud 2023.0.0; TornadoVM 1.0.0; and JHipster Lite 1.0.0.

OpenJDK

After its review has concluded, JEP 464, Scoped Values (Second Preview), has been promoted from Proposed to Target to Targeted for JDK 22. Formerly known as Extent-Local Variables (Incubator), this JEP proposes to re-preview the API in JDK 22, without change, in order to gain additional experience and feedback from the previous round of preview, JEP 446, Scoped Values (Preview), delivered in JDK 21, and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads.

JDK 22

Build 27 of the JDK 22 early-access builds was made available this past week featuring updates from Build 26 that include fixes to various issues. More details on this build may be found in the release notes.

As per the JDK 22 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, formally declared that JDK 22 has entered Rampdown Phase One. This means that the main-line source repository has been forked to the JDK stabilization repository and no additional JEPs will be added for JDK 22. Therefore, the final set of 12 features for the GA release in March 2024 will include:

For JDK 22, developers are encouraged to report bugs via the Java Bug Database.

JDK 23

JSR 398, Java SE 23, was submitted this past week to formally announce the six-member expert group for JDK 22, namely Simon Ritter (Azul Systems), Manoj Palat (Eclipse Foundation), Andrew Haley (Red Hat), Christoph Langer (SAP SE), Iris Clark (Oracle) and Brian Goetz (Oracle). Clark and Goetz will serve as the specification leads. Other notable dates at this time include a public review from June 2024 through August 2024 and the GA release in September 2024.

Build 0 and Build 1 of the JDK 23 early-access builds were also made available this past week featuring updates to resolve these initial issues. Further details on this release may be found in the release notes.

GlassFish

Eclipse GlassFish 7.0.11, the eleventh maintenance release, features bug fixes, dependency upgrades and resolutions related to web sockets not working for applications on the default context root and defects in the AdminGUI. More details on this release may be found in the release notes.

TornadoVM

TornadoVM, an open-source software technology company, has released version 1.0 of their virtual machine that ships with bug fixes and notable improvements such as: a brand new API for allocating off-heap objects and array collections using the Panama Memory Segment API; improved handling of TornadoVM’s internal bytecode to avoid write-only copies from host to device; and improved default device ordering based on maximum thread size. Further details on this release may be found in the release notes and InfoQ will follow up with a more detailed news story.

Juan Fumero, research associate, Advanced Processor Technologies Research Group at The University of Manchester, introduced TornadoVM at QCon London in March 2020 and has since contributed this more recent InfoQ technical article.

Spring Framework

Spring Cloud 2023.0.0, codenamed Leyton, has been released featuring bug fixes and upgrades to sub-projects such as: Spring Cloud Commons 4.1.0; Spring Cloud Starter Build 2023.0.0; Spring Cloud Kubernetes 3.1.0; and Spring Cloud Netflix 4.1.0. This release is based on Spring Boot 3.2.0. More details on this release may be found in the release notes.

The release of Spring Tools 4.21.0 ships with: an improved experience on completions for request mappings at the class method level; an upgrade to Spring Boot 3.2 available via integration via OpenRewrite; and an upgrade to Eclipse 2023-12. Further details on this release may be found in the release notes.

Micronaut

The Micronaut Foundation has released version 4.2.1 of the Micronaut Framework featuring Micronaut Core 4.2.1 and updates to modules: Micronaut gRPC, Micronaut Test and Micronaut Logging. More details on this release may be found in the release notes.

Quarkus

Quarkus 3.6.1, the first maintenance release, ships with bug fixes, improvements in documentation and notable changes such as: make Truffle from GraalVM 23.1 work in all modes of Quarkus; disable @OidcClientFilter annotation at runtime for improved application testing; and improved reliability when downloading builder images from Quay.io. Further details on this release may be found in the changelog.

WildFly

WildFly 30.0.1, the first maintenance release, delivers component upgrades and notable bug fixes such as: the simplest of Jakarta RESTful Web Services application failing in WildFly; clustering files containing session data is never shrunk or deleted; and an exception on Infinispan cache writes due to only instances of byte[] are currently supported. More details on this release may be found in the release notes.

Hibernate

Hibernate Search 7.0.0.Final has been released featuring: JDK 11 as a baseline; compatibility with JDK 11, JDK 17, JDK 21, Jakarta EE, the Hibernate ORM discriminator-based multi-tenancy, Elasticsearch 8.11 and OpenSearch 2.10 and 2.11; and dependency upgrades to Hibernate ORM 6.4.0.Final and Apache Lucene 9.8.

IBM Semeru Runtime

IBM has released versions 17.0.9.0 and 11.0.21.0 of IBM Semeru Runtime, Certified Edition for Multi-Platforms. Based on Eclipse OpenJ9 0.41 and versions jdk-11.0.21+9 and jdk-17.0.9+9 of OpenJDK, this latest release contains the latest CPU and security fixes from the OpenJDK October 2023 updates. Further details on this release may be found in the release notes.

Apache Software Foundation

The release of Camel Quarkus 3.2.3, an alignment with the Apache Camel 4.0.3 and Quarkus 3.2.9.Final releases, featured no resolved issues. More details on this release may be found in the release notes.

JHipster

Versions 1.1.0 and 1.0.0 of JHipster Lite deliver: support for JDK 21, Spring Boot 3.2.0 and Spring Cloud 2023.0.0; configuration by default with YAML instead of properties; new Thymeleaf and htmx webjars modules; and many libraries upgrades. Support for JDK 17 was dropped. Further details on these releases may be found in the release notes for version 1.1.0 and version 1.0.0.

JBang

Version 0.114.0 of JBang features a move to Maven artifact resolution using MIni MAven (MIMA), a “one-shop stop reusable Java 8 library,” that uses the Maven Artifact Resolver. A 20% improvement in download speed was observed as noted by Max Andersen, Distinguished Engineer at Red Hat and creator of JBang. More details on this release may be found in the release notes.

JakartaOne Livestream 2023

The fifth annual JakartaOne Livestream 2023 conference, hosted by Shabnam Mayel, Tanja Obradovic and Ivar Grimstad, featured 45-minute sessions, 15-minute Studio Jakarta EE sessions and an industry keynote. Speakers from the Java community who presented the 45-minute sessions included: David Matějček, Arjan Tijms, Igor De Souza, Mads Opheim, Thomas Watson, José Paumard, Ondro Mihályi, Otávio Santana, Nathan Rauh, Luqman Saeed, Emily Jiang and Reza Rahman.

Editor’s Note

Michael Redlich served on the JakartaOne Livestream 2023 program committee.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for November 27th, 2023 features news from OpenJDK, JDK 22, Jakarta Data 1.0-M2, JNoSQL 1.0.3, LibericaJDK, Spring CVEs, Spring Shell 3.2.0-RC1, Quarkus 3.6, Open Liberty 23.0.12-beta, Helidon 4.0.1, Hibernate Reactive 2.2, Hibernate Search 7.1-A1, Grails 5.3.4, Groovy 5.0.0-A3, Camel Quarkus 3.6, Maven 3.9.6, JDKMon 21, PrimeFaces 12.0.7, Jupyter for Java and Gradle 8.5.

OpenJDK

After its review has concluded, JEP 463, Implicitly Declared Classes and Instance Main Methods (Second Preview), has been promoted from Proposed to Target to Targeted for JDK 22. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the previous round of preview, namely JEP 445, Unnamed Classes and Instance Main Methods (Preview). This JEP proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java language architect at Oracle. Gavin Bierman, consulting member of technical staff at Oracle, has published the first draft of the specification document for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.

After its review has concluded, JEP 462, Structured Concurrency (Second Preview), has been promoted from Proposed to Target to Targeted for JDK 22. This JEP will propose to re-preview the API in JDK 22, without change, in order to gain more feedback from the previous round of preview: JEP 453, Structured Concurrency (Preview), delivered in JDK 21. This feature simplifies concurrent programming by introducing structured concurrency to “treat groups of related tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability.”

After its review has concluded, JEP 461, Stream Gatherers (Preview), has been promoted from Proposed to Target to Targeted for JDK 22. This JEP proposes to enhance the Stream API to support custom intermediate operations. “This will allow stream pipelines to transform data in ways that are not easily achievable with the existing built-in intermediate operations.” Further details on this JEP may be found in the original design document written by Viktor Klang, Software Architect, Java Platform Group at Oracle.

After its review has concluded, JEP 458, Launch Multi-File Source-Code Programs, has been promoted from Proposed to Target to Targeted for JDK 22. This JEP proposes to enhance the Java Launcher to execute an application supplied as one or more files of Java source code. This allows a more gradual transition from small applications to larger ones by postponing a full-blown project setup.

After its review has concluded, JEP 457, Class-File API (Preview), has been promoted from Proposed to Target to Targeted for JDK 22. This JEP proposes to provide an API for parsing, generating, and transforming Java class files. This will initially serve as an internal replacement for ASM, the Java bytecode manipulation and analysis framework, in the JDK with plans to have it opened as a public API. Brian Goetz, Java language architect at Oracle, characterized ASM as “an old codebase with plenty of legacy baggage” and provided background information on how this draft will evolve and ultimately replace ASM.

After its review has concluded, JEP 423, Region Pinning for G1, has been promoted from Proposed to Target to Targeted for JDK 22. This JEP proposes to reduce GC latency by implementing region pinning to the G1 garbage collector. This will extend G1 so that arbitrary regions may be pinned during both major and minor collection operations so that disabling the garbage collection process may be avoided while implementing JNI critical regions.

JEP 464, Scoped Values (Second Preview), has been promoted from its JEP Draft 8318898 to Candidate status, then quickly promoted to Proposed to Target for JDK 22. Formerly known as Extent-Local Variables (Incubator), this JEP proposes to re-preview the API in JDK 22, without change, in order to gain additional experience and feedback from the previous round of preview, JEP 446, Scoped Values (Preview), delivered in JDK 21, and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads. The review is expected to conclude on December 7, 2023.

JDK 22

Build 25 of the JDK 22 early-access builds was made available this past week featuring updates from Build 25 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 22, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE

The second milestone release of Jakarta Data 1.0.0 provides: a rename of artifact names, e.g., jakarta-data-api to jakarta.data-api, to align with all the Jakarta EE specifications; delay implementation of the static metamodel to further work out issues related to reflection and annotation processors; and a refinement on the copyright document to bind values with placeholders. Further details on this release may be found in the release notes.

Version 1.0.3 of Eclipse JNoSQL, the compatible implementation of the Jakarta NoSQL specification, has been released featuring key database upgrades such as: MongoDB driver 4.11.1; Hazelcast 5.3.6; Apache Solr 9.4.0; Couchbase Library 3.4.11; and ArangoDB Library 7.2.0. There were also enhancements implemented in the update methods for improved overall project functionality. More details on this release may be found in the release notes.

BellSoft

BellSoft has released versions 17 and 21 of their Liberica JDK, their downstream distribution of OpenJDK, with Coordinated Restore at Checkpoint (CRaC) that enable developers to build running application snapshots and reduce the startup and warmup time of Java applications. These new builds will be available for x86_64 and AArch64 CPU architectures and Linux operating systems.

Spring Framework

VMware has disclosed two vulnerabilities: CVE-2023-34053, Spring Framework Server Web Observations DoS Vulnerability; and CVE-2023-34055, Spring Boot Server Web Observations DoS Vulnerability, that affect Spring Framework versions 6.0.0 to 6.0.13 and Spring Boot versions 3.1.0 to 3.1.5, 3.0.0 to 3.0.12 and 2.7.0 to 2.7.17. Both of these vulnerabilities allow an attacker to provide specially crafted HTTP requests that may cause a denial-of-service under the following conditions:

• The application uses Spring MVC or Spring WebFlux.
• The io.micrometer:micrometer-core artifact is on the classpath.
• An implementation of the Micrometer ObservationRegistry interface is configured in the application to record observations.

Developers are therefore encouraged to upgrade to Spring Framework 6.0.14 and Spring Boot 2.7.18, 3.0.13 and 3.1.6.

Versions 3.2.0-RC1, 3.1.6, 3.0.10 and 2.1.15 of Spring Shell have been released featuring bug fixes and dependency upgrades to Spring Boot 3.2.0, 3.1.6, 3.0.13 and 2.7.18, respectively. The 3.0 and 2.1 release trains have been declared as end-of-life in conjunction with their Spring Boot counterparts. New features in version 3.2.0-RC1 and 3.1.6 include: support for zsh completions and modal views; and minor changes to the Terminal UI. Further details on this release may be found in the release notes for version 3.2.0-RC1, version 3.1.6, version 3.0.10 and version 2.1.15.

Quarkus

Red Hat has released version 3.6.0 of Quarkus featuring notable changes such as: support for custom authorization schemes for OIDC bearer tokens; improvements to server-sent events (SSEs) that allow a REST client to return the entire SSE event and for these events to be filtered; and support for expressions in the @SecureField annotation similar to that of the Jakarta Annotations @RolesAllowed annotation. More details on this release may be found in the changelog.

Red Hat has also announced that JDK 17 will be the minimal version for the upcoming release of Quarkus 3.7, scheduled to be released at the end of January 2024. InfoQ will follow up with a more detailed news story.

Open Liberty

IBM has released version 23.0.0.12-beta of Open Liberty featuring support for Jakarta Data 1.0.0-M1 that includes: a new BasicRepository interface for basic repository methods; new insert() and update() methods in CrudRepository interface; and new @Insert, @Update, @Delete and @Save annotations. This release also delivers a configurable quiesce timeout stage when the shutdown time of the Liberty runtime takes longer than the default of 30 seconds. This allows for services that need more time to finish processing requests.

Helidon

Helidon 4.0.1, the first maintenance release, delivers notable changes such as: support for the Proxy Protocol for the Helidon Web Server component; performance improvements to the WebServer interface; and the enabled() method defined in the CrossOriginConfig.Builder class now returns an Optional instead of boolean to resolve a CORS issue. Further details on this release may be found in the changelog.

Similarly, the release of Helidon 3.2.4 provides dependency upgrades and notable changes such as: a collection of new classes for lazy OCI Vault configurations; a migration of OpenTracing-related classes and interfaces to the Helidon Tracing API; and a resolution to correctly handle IPv6 addresses for a requested URL. More details on this release may be found in the changelog.

Hibernate

The release of Hibernate Reactive 2.2.0.Final ships with compatibility with Hibernate ORM 6.4.0.Final and Vert.x SQL driver 4.5.0. Red Hat has also provided versions 2.2.1.Final and 2.0.7.Final that are compatible with Hibernate ORM versions 6.3.2.Final and 6.2.13.Final, respectively. Further details on this release may be found in the release notes.

The first alpha release of Hibernate Search 7.1.0 provides an incubating feature that allows a vector search in the Apache Lucene backend and provides tools to search over binary or text data. Also, Hibernate Search will no longer fail to boot when reading nested JARs in Spring Boot 3.2+. More details on this release may be found in the release notes.

Grails Foundation

The release of Grails 5.3.4 delivers dependency upgrades and notable changes such as: enable the GitHub CodeQL workflow for all main branches; the addition of a SnakeYAML bill of materials (BOM) to to override the SpringBoot BOM; and a cleanup of the JavaDocs to include escaping of special chars in Javadoc, refactoring of code, define explicit types and remove unnecessary uses of variables. Further details on this release may be found in the release notes.

Apache Software Foundation

The third alpha release of Apache Groovy 5.0.0 ships with bug fixes, dependency upgrades and improvements such as: support for JDK 22; implementation of missing features from the library compiler in the groovyc command line; and a new indexOf(element) extension methods for array types. More details on this release may be found in the release notes.

Similarly, the release of Apache Groovy 4.0.16 also provides bug fixes, dependency upgrades and improvements such as: support for JDK 22; and a new allThreads() method defined in the DefaultGroovyStaticMethods class to complement the existing currentThread() method defined in the Java Thread class. Further details on this release may be found in the release notes.

To maintain alignment with Quarkus, Camel Quarkus 3.6.0 has been released featuring resolved issues such as: an intermittent AssertionFailedError upon executing the QuartzQuarkusSchedulerAutowiredWithSchedulerBeanTest class; and a cleanup of usage of hard coded hosts in tests that use containers. More details on this release may be found in the release notes.

The release of Apache Maven 3.9.6 provides dependency upgrades and the ability to exclude plugins from validation. Further details on this release may be found in the release notes.

JDKMon

Versions 21.0.0 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version features full support for JDK 21 by moving all dependencies to the latest LTS version.

PrimeFaces

Versions 12.0.7, 11.0.13, 10.0.20 and 8.0.25 of PrimeFaces have been released featuring an upgrade to JSON in Java 20231013 to resolve CVE-2023-5072, a vulnerability that allows an attacker to take advantage of a bug in the JSON parser such that an input string of modest size can lead to indefinite amounts of memory being used and cause a denial of service. More details on these releases may be found in the release notes for version 12.0.7, version 11.0.13, version 10.0.20 and version 8.0.25.

Jupyter for Java

Jupyter for Java, a new GitHub organization created to simplify the discovery of various ways to use Java with Jupyter notebooks. Created by Max Rydahl Andersen, Distinguished Engineer at Red Hat, this project currently contains five repositories that provide resources and examples.

Gradle

The release of Gradle 8.5.0 delivers new features such as: full support for compiling, testing and running on JDK 21; improvements in the Kotlin DSL that include faster first use and version catalog support in precompiled Kotlin script plugins; and improved reporting of errors and warnings. Further details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

Subscribe on:

Apple Podcasts
Google Podcasts
Soundcloud
Spotify
Overcast
Podcast Feed

.
From this page you also have access to our recorded show notes. They all have clickable links that will take you directly to that part of the audio.