Author: Michael Redlich

This week’s Java roundup for July 22nd, 2024 features news highlighting: the release of WildFly 33; Spring Cloud Data Flow 2.11.4; the second milestone release of Apache TomEE 10.0; LangChain4j 0.33; Micronaut 4.5.1; Eclipse Store 1.4; and an update on Jakarta EE 11.

JDK 23

Build 34 of the JDK 23 early-access builds was made available this past week featuring updates from Build 33 that include fixes for various issues. Further details on this release may be found in the release notes, and details on the new JDK 23 features may be found in this InfoQ news story.

JDK 24

Build 8 of the JDK 24 early-access builds was also made available this past week featuring updates from Build 7 that include fixes for various issues. More details on this release may be found in the release notes.

For JDK 23 and JDK 24, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, provided an update on the upcoming release of Jakarta EE 11, writing:

The Jakarta EE Platform project continues the work toward finalizing Jakarta EE 11. The refactoring of the TCK shows promising results. Hopefully, we will be able to announce a release date shortly. Check in to the weekly Jakarta EE Platform call that happens every Tuesday at 11:00 AM Eastern (Daylight Savings) Time.

The road to Jakarta EE 11 included four milestone releases with the potential for release candidates as necessary before the GA release in 3Q2024.

BellSoft

BellSoft has released versions 24.0.2 for JDK 22, 23.1.4 for JDK 21 and 23.0.5 for JDK 17 of their Liberica Native Image Kit builds as part of the Oracle Critical Patch Update for July 2024 to address several CVEs and bugs.

Spring Framework

The release of Spring Cloud Data Flow 2.11.4 primarily addresses: CVE-2024-37084, Remote Code Execution in Spring Cloud Data Flow, a vulnerability where an attacker, who has access to the Skipper Server API, can use a crafted upload request to write an arbitrary file to any location on the file system which could lead to compromising the server; and PRISMA-2023-0067, where an attacker can send a specially-crafted request to take advantage of an improper input validation by the StreamReadContraints class causing a denial of service. Other improvements include: the ability for a user to specify the application version when creating a schedule; and a new endpoint, /tasks/thinexecutions, for more efficient retrieval of task executions pages without all the extra detail. Further details on this release may be found in the release notes.

Version 4.24.0 of Spring Tools 4.24.0 has been released with notable changes such as: support for Spring Expression Language (SpEL) syntax highlighting and validation inside Java and embedded Spring Data queries; syntax highlighting and validation for MySQL and PostgreSQL queries; and support for bean name code completion and navigation for name attribute of the Jakarta Annotations @Resource annotation. More details on this release may be found in the release notes.

WildFly

The release of WildFly 33 delivers bug fixes, component upgrades and new features such as: an enhanced overriding of base configuration settings using a YAML file by using the YAML file to add unmanaged deployments to the configuration; the core-management subsystem now allows developers to enable scanning of deployments for usage of classes/methods in the SmallRye and Hibernate ORM libraries annotated with @Experimental and @Incubating, respectively; and utilities to reload a server to a different stability level in the testsuite. Further details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.

Micronaut

The Micronaut Foundation has released version 4.5.1 of Micronaut Framework featuring Micronaut Core 4.5.4, bug fixes, improvements in documentation and updates to modules: Micronaut Micrometer, Micronaut OpenAPI, Micronaut Security, Micronaut SourceGen, Micronaut Data, Micronaut Reactor, Micronaut Test Resources, Micronaut Test, Micronaut gRPC, Micronaut Validation and Micronaut Views. More details on this release may be found in the release notes.

Eclipse Foundation

The release of Eclipse Store 1.4.0 provides bug fixes and new features: integration with Amazon S3 Express One Zone; enhancements to S3 cloud storage with the addition of a default folder for the S3 connector into configuration and support for directory buckets; and a new API to import and export the serializer type dictionary. Further details on this release may be found in the release notes.

The release of Eclipse Serializer 1.4.0 aligns with Eclipse Store 1.4.0 with no documented updates or release notes.

Apache Software Foundation

The second milestone release of Apache TomEE 10.0.0, aimed at JakartaEE 10, ships with bug fixes, dependency upgrades and notable changes such as: a minimal JDK 17 version; an implementation of the OIDC section of the Jakarta EE Security specification; and an initial integration of some MicroProfile updates. More details on this release may be found in the release notes.

JHipster

The release of JHipster Lite 1.14.0 ships with dependency upgrades and enhancements such as: the use of string templates instead of string concatenation; fields that are only assigned in the constructor should be redd only; and unchanged variables should be marked as const. Further details on this release may be found in the release notes.

LangChain4j

Version 0.33.0 of LangChain for Java (LangChain4j) features new integrations: Redis via the new RedisChatMemoryStore class; and embedding models from OVHcloud. Other notable changes include: support for audio, video and PDF inputs in Google Gemini; support for embedding removal in Chroma; and support for storing metadata and embedding removal in Pinecone. Developers should note that a breaking change was necessary to fix split package issues. More details on this release may be found in the release notes.

Arquillian

The release of Arquillian 1.9.1.Final provides dependency upgrades and notable changes such as: replace use of the Java ThreadLocal class with the Java Hashtable class due to a memory leak in Arquillian Warp; support for the @ArquillianResource annotation parameter injection on methods annotated with @Deployment; and a resolution to integration test build issue to ensure that versions get updated. Further details on this release may be found in the changelog.

Jox

As a follow-up from the release of Jox 0.3.0, as described in the July 15, 2024 Java news roundup, details related to their new structured concurrency module were made available by Adam Warski, Chief R&D Officer at SoftwareMill, who told InfoQ:

We’ve added a “programmer-friendly” API for structured concurrency. This blog describes it in detail, and contrasts it with what’s proposed by the structured concurrency JEP.

Introduced to the Java community in February 2024, Jox is a new virtual threads library that implements an efficient Channel data structure in Java designed to be used with virtual threads.

This week’s Java roundup for July 8th, 2024 features news highlighting: JEP 472, Prepare to Restrict the Use of JNI, proposed to be targeted for JDK 24; milestone and point releases for Spring Framework; the monthly Piranha Cloud release; and the releases of Gradle 8.9 and Arquillian 1.9.

OpenJDK

JEP 472, Prepare to Restrict the Use of JNI, has been promoted from its Candidate to Proposed to Target for JDK 24. The JEP proposes to restrict the use of the inherently unsafe Java Native Interface (JNI) in conjunction with the use of restricted methods in the Foreign Function & Memory (FFM) API, delivered in JDK 22. The alignment strategy, starting in the upcoming release of JDK 23, will have the Java runtime display warnings about the use of JNI unless an FFM user enables unsafe native access on the command line. It is anticipated that in release after JDK 23, using JNI will throw exceptions instead of warnings. The review is expected to conclude on July 15, 2024.

JDK 23

Build 31 of the JDK 23 early-access builds was made available this past week featuring updates from Build 30 that include fixes for various issues. Further details on this release may be found in the release notes, and details on the new JDK 23 features may be found in this InfoQ news story.

JDK 24

Build 6 of the JDK 24 early-access builds was also made available this past week featuring updates from Build 5 that include fixes for various issues. More details on this release may be found in the release notes.

For JDK 23 and JDK 24, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

The fifth milestone release of Spring Framework 6.2.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: a new SmartHttpMessageConverter interface that addresses several limitations in the GenericHttpMessageConverter interface while providing a contract more consistent with the Spring WebFlux Encoder and Decoder interfaces; allow custom implementations of the ObjectProvider interface to declare only a single method for improved unit testing; and a resolution to the SimpleClientHttpResponse class throwing an IOException when the response body is empty and status code is >= 400. Further details on this release may be found in the release notes.

Similarly, Spring Framework 6.1.11 has been released with bug fixes, improvements in documentation, dependency upgrades and new features such as: ensure the varargs component type for the Java MethodHandle class is not null in the Spring Expression Language ReflectionHelper class; and the overloaded getTypeForFactoryMethod() method, defined in the AbstractAutowireCapableBeanFactory class, should catch a NoClassDefFoundError and return null. This version will be included in the upcoming releases of Spring Boot 3.3.2 and 3.2.8. More details on this release may be found in the release notes.

Versions 2024.0.2 and 2023.1.8, both service releases of Spring Data, feature bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.3.2 and 3.2.8; Spring Data MongoDB 4.3.2 and 4.2.8; Spring Data Elasticsearch 5.3.2 and 5.2.8; and Spring Data Neo4j 7.3.2 and 7.2.8. These versions can be consumed by the upcoming releases of Spring Boot 3.3.2 and 3.2.8, respectively.

Spring Cloud 2023.0.3, codenamed Leyton, has been released featuring featuring bug fixes and notable updates to sub-projects: Spring Cloud Kubernetes 3.1.3; Spring Cloud Function 4.1.3; Spring Cloud OpenFeign 4.1.3; Spring Cloud Stream 4.1.3; and Spring Cloud Gateway 4.1.5. This release is based on Spring Boot 3.2.7. Further details on this release may be found in the release notes.

The release of Spring HATEOAS 2.3.1 and 2.2.3 feature dependency upgrades and an improved parser for the Internet Engineering Task Force (IETF) RFC-8288 specification, Web Linking, to support advanced link header expressions. More details on these releases may be found in the release notes for version 2.3.1 and version 2.2.3.

Quarkus

Quarkus 3.12.2, the second maintenance release, features resolutions to notable issues such as: a Jakarta CDI ContextNotActiveException from an implementation of the SecurityIdentityAugmentor interface since the release of Quarkus 3.10; classes annotated with the Jakarta RESTful Web Services @Provider annotation not registered for native image when the server part of the Quarkus REST Client extension is not included; and executing the Quarkus CLI to add an extension reorders the properties and adds a timestamp in gradle.properties file. Further details on this release may be found in the changelog.

Micrometer

The first milestone release of Micrometer Metrics 1.14.0 delivers dependency upgrades and new features such as: support for the @MeterTag annotation added to the @Counted annotation to complement the existing support in the @Timed annotation; allow a custom implementation of the Java ThreadFactory interface for the OtlpMeterRegistry class; and the addition of a counter of failed attempts to retrieve a connection from the MongoMetricsConnectionPoolListener class. More details on this release may be found in the release notes.

Similarly, versions 1.13.2 and 1.12.8 of Micrometer Metrics feature dependency upgrades and notable bug fixes: avoid an unnecessary calling of the convention name on each scrape for each metric to create the Metrics metadata because the convention name has already been computed; an IllegalArgumentException due to histogram inconsistency in the PrometheusMeterRegistry class; and a fix in the log to include the stack trace in the publish() method, defined in the OtlpMeterRegistry class, due to the “Failed to publish metrics to OTLP receiver” error message containing no actionable context. Further details on these releases may be found in the release notes for version 1.13.2 and version 1.12.8.

The first milestone release of Micrometer Tracing 1.4.0 provides dependency upgrades and two new features: the Micrometer Metrics @Nullable annotations added to methods and fields in the micrometer-tracing-bridge directories and the sampled() and nextSpan(Span) methods defined in the TraceContext and Tracer interfaces, respectively; and the ability to propagate values from the Context inner class, defined in the Micrometer Metrics Observation interface, to the Baggage interface. More details on this release may be found in the release notes.

Similarly, versions 1.3.2 and 1.2.8 of Micrometer Tracing ship with dependency upgrades to Micrometer Metrics 1.13.2 and 1.12.8, respectively, and OpenTelemetry Semantic Attributes 1.33.4-alpha. Further details on these releases may be found in the release notes for version 1.3.2 and version 1.2.8.

Project Reactor

The fourth milestone release of Project Reactor 2024.0.0 provides dependency upgrades to reactor-core 3.7.0-M4, reactor-netty 1.2.0-M4 and reactor-pool 1.1.0-M4. There was also a realignment to version 2024.0.0-M4 with the reactor-kafka 1.4.0-M1, reactor-addons 3.6.0-M1 and reactor-kotlin-extensions 1.3.0-M1 artifacts that remain unchanged. More details on this release may be found in the changelog.

Next, Project Reactor 2023.0.8, the eighth maintenance release, provides dependency upgrades to reactor-core 3.6.8, reactor-netty 1.1.21 and reactor-pool 1.0.7. There was also a realignment to version 2023.0.8 with the reactor-kafka 1.3.23, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.

Next, Project Reactor 2022.0.21, the twenty-first maintenance release, provides dependency upgrades to reactor-core 3.5.19 and reactor-netty 1.1.21 and reactor-pool 1.0.7. There was also a realignment to version 2022.0.21 with the reactor-kafka 1.3.23, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.

And finally, the release of Project Reactor 2020.0.46, codenamed Europium-SR46, provides dependency upgrades to reactor-core 3.4.40 and reactor-netty 1.0.47. There was also a realignment to version 2020.0.46 with the reactor-kafka 1.3.23, reactor-pool 0.2.12, reactor-addons 3.4.10, reactor-kotlin-extensions 1.1.10 and reactor-rabbitmq 1.5.6 artifacts that remain unchanged. Further details on this release may be found in the changelog.

Piranha Cloud

The release of Piranha 24.7.0 delivers bug fixes, dependency upgrades and a move of numerous utilities such as: Eclipse JAXB; OmniFaces JWT Authorization; OmniFish Transact; and Eclipse Parsson; to their own respective Piranha extension. This release also includes a new DefaultPiranhaBuilder class that implements the PiranhaBuilder interface. More details on this release may be found in their documentation and issue tracker.

Apache Software Foundation

The release of Apache Tomcat 9.0.91 ships with bug fixes and notable changes such as: ensure that the include directives in a tag file, both absolute and relative, are processed correctly when packaging in a JAR file; and expand the implementation of the filter value of the AuthenticatorBase.AllowCorsPreflight inner enum class in conjunction with the allowCorsPreflightBypass() method, defined in the AuthenticatorBase class, so that it applies to all requests that match the configured URL patterns for the CORS filter, rather than only applying if the CORS filter is mapped to /*. Further details on this release may be found in the release notes.

The release of Apache Camel 4.7.0 delivers bug fixes, dependency upgrades and improvements/new features such as: the addition of an endpoint service location to AWS, Azure and Google Cloud Platform components; a new developer console for the RestRegistry interface where a list of known REST services may be obtained; and a migration of the TransformerKey and ValidatorKey classes from implementation to the SPI. More details on this release may be found in the release notes.

Arquillian

Arquillian 1.9.0.Final has been released featuring notable changes such as: disable the Maven MultiThreadedBuilder class by default such that the build logs are readable on Continuous Integration; and restore use of the JUnit BeforeEachCallback and AfterEachCallback listener interfaces as the before() and after() methods, defined in the TestRunnerAdaptor interface, are called within the listeners. More details on this release may be found in the changelog.

Gradle

The release of Gradle 8.9.0 delivers: an improved error and warning reporting for variant issues during dependency resolution; structural details exposed of Java compilation errors for IDE integrators, allowing for easier analysis and resolving issues; and the ability to display more detailed information about JVMs used by Gradle. Further details on this release may be found in the release notes.

This week’s Java roundup for June 17th, 2024 features news highlighting: the Payara Platform release for June 2024; all 16 Jakarta EE 11 specifications having passed their respective reviews; Open Liberty 24.0.0.6; Micronaut 4.5.0; and two Quarkus point releases.

OpenJDK

Christian Stein, Principal Member of Technical Staff at Oracle, has announced that version 7.4.0 of the Regression Test Harness for the JDK, jtreg, released in May 2024, is now the default version for the JDK 24 early-access builds.

JDK 23

Build 28 of the JDK 23 early-access builds was made available this past week featuring updates from Build 27 that include fixes for various issues. Further details on this release may be found in the release notes, and details on the new JDK 23 features may be found in this InfoQ news story.

JDK 24

Build 3 of the JDK 24 early-access builds was also made available this past week featuring updates from Build 2 that include fixes for various issues. Release notes are not yet available.

For JDK 23 and JDK 24, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE

The final two specifications targeted for Jakarta EE 11, Jakarta Authentication 3.1 and Jakarta Security 4.0, have passed their respective release reviews this past week. This means that all 16 specifications updated for Jakarta EE 11 are now complete!

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, explained that efforts are focused on finalizing the TCK and completing the required changes in the Jakarta EE Platform, Web Profile and Core Profile before the final GA release of Jakarta EE 11.

Spring Framework

It was a busy week over at Spring as the various teams have delivered numerous milestone and point releases on Spring Boot, Spring Framework, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Session, Spring Integration, Spring Modulith, Spring AMQP, Spring for Apache Kafka, Spring for Apache Pulsar and Spring Tools. More details may be found in this InfoQ news story.

Payara

Payara has released their June 2024 edition of the Payara Platform that includes Community Edition 6.2024.6 and Enterprise Edition 6.15.0 and Enterprise Edition 5.64.0. All three editions feature: optimized Multi-Release JAR class loading for faster application startup and operation; and an improved thread expiration validation to resolve an inconsistent session timeout when using Session Replication with the --lite command line option.

There was also an upgrade to Payara Security Connectors 3.1.1 and 2.7.1 for the version 6 release train, Community and Enterprise, and the version 5 release train, respectively.

Further details on these releases may be found in the release notes for Community Edition 6.2024.6 and Enterprise Edition 6.15.0 and Enterprise Edition 5.64.0.

Helidon

Helidon 4.0.10, the tenth maintenance release, provides notable changes such as: a new inner class, MethodStateCache, defined in the MethodInvoker class that implements a new method caching strategy in fault tolerance; a resolution to handle an invalid end-of-line when parsing HTTP headers and add the appropriate tests; and improvements in validating JWT tokens. More details on this release may be found in the changelog.

Quarkus

Quarkus 3.11.2, the second maintenance release, ships with resolutions to notable issues such as: a NullPointerException due to the setListeners() method, defined in the ShutdownRecorder class, not being called in the when QUARKUS_INIT_AND_EXIT is used; a misspelled URL for a JQuery WebJar resource throws an StringIndexOutOfBoundsException instead of redirecting to an HTTP 404 status code; and a failure in using the Gradle quarkusDev parameter when usage analytics are enabled. Further details on this release may be found in the changelog.

Two days after the release of Quarkus 3.11.2, Quarkus 3.11.3, the third maintenance release, provides dependency upgrades and notable changes such as: compatibility with Maven Daemon (mvnd) 1.0; support for the ISO 8601 date/time format in the HTTP access logs; and a resolution to various issues with the lastModified property using the Quarkus REST extension. More details on this release may be found in the changelog.

Open Liberty

IBM has released version 24.0.0.6 of Open Liberty featuring: faster startup of Spring Boot applications using Spring Boot 3.0 InstantOn with CRaC; and InstantOn support for the Jakarta Messaging specification with IBM MQ and JCache Session Persistence feature.

This release also addresses CVE 2024-22354, a vulnerability affecting IBM WebSphere Application Server 8.5 and 9.0, and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5, that are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack.

Micronaut

The Micronaut Foundation has released version 4.5.0 of the Micronaut Framework featuring Micronaut Core 4.5.3, bug fixes, improvements in documentation and updates to modules: Micronaut Data, Micronaut Servlet and Micronaut Micrometer.

This release also introduces new modules: Micronaut JSON Schema, for generating JSON schema definitions from classes at build time; Micronaut Sourcegen, for writing source generators and generating Builder and Wither classes; and Micronaut Guice, that allows the import of existing Guice modules.

Further details on this release may be found in the release notes.

Apache Software Foundation

The twenty-first milestone release of Apache Tomcat 11.0.0 along with point releases, 10.1.25 and 9.0.90, all feature bug fixes and notable changes such as: ensure that static resources deployed via a JAR file remain accessible when the context is configured to use a bloom filter; the default value of the discardFacades attribute, defined in the Connector class, is now true for improved safety; and an update to Commons Daemon 1.4.0. More details on these releases may be found in the release notes for version 11.0.0-M11, version 10.1.25 and version 9.0.90.

The release of Apache Camel 3.21.5 delivers bug fixes and improvements such as: removal of the now deprecated fireEvent() method from the Jakarta CDI BeanManager interface; and an improved JMSCorrelationID message header, defined in the Jakarta Messaging Message interface, to handle message brokers that have bugs. This is the last planned patch release for Camel 3.21 release train. Further details on this release may be found in the release notes.

The release of Apache Maven 3.9.8 ships with bug fixes, dependency upgrades and improvements such as: display the reason(s) why a model builder discards a model; an improvement to the SimplexTransferListener class to handle absent source/target files; and the list of plugins in the validation report are now sorted in alphabetical order. More details on this release may be found in the release notes.

JobRunr

Version 7.2.1 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released that primarily fixes a ConcurrentModificationException that may be thrown due to concurrent updates to an instance of a Job class. This completes the transition from Kotlin 1.7 to Kotlin 2.0 by correctly naming the necessary artifact. This version also provides an enhancement that validates an implementation of the JobRequest interface when using the JobBuilder or the RecurringJobBuilder classes. Further details on this release may be found in the release notes.

JHipster

The release of JHipster Lite 1.11.0 ships with bug fixes, dependency upgrades and new features/enhancements such as: a new ElementReplacer interface dedicated to insert text at the end of file; and an improved JHipster Lite logging. More details on this release may be found in the release notes.

Infinispan

Infinispan 15.0.5.Final, the fifth maintenance release, delivers notable changes such as: an optimized lookupResource() method, defined in the ResourceManagerImpl class, for improved processing of resources; a file cleanup in the RocksDB cache store before executing tests; and return an HTTP 400 (Bad Request) response code if a user requests initialization of an internal cache.

OpenXava

The release of OpenXava 7.3.3 ships with bug fixes, dependency upgrades and Maven improvements with new archetypes, openxava-project-management-archetype and openxava-crm-archetype, available in both English and Spanish. Further details on this release may be found in the release notes.

Keycloak

Keycloak 25.0.1, the first maintenance release, provides bug fixes and enhancements: use of a proper Apache FreeMarker template for the refurbished Account and Admin Consoles; and enhanced masking in the CLI with values passed using the --config-keystore parameter.

Gradle

The first release candidate of Gradle 8.9 delivers: an improved error and warning reporting for variant issues during dependency resolution; structural details exposed of Java compilation errors for IDE integrators, allowing for easier analysis and resolving issues; and the ability to display more detailed information about JVMs used by Gradle. More details on this release may be found in the release notes.

There was a flurry of activity in the Spring ecosystem during the week of June 17th, 2024, highlighting point releases of: Spring Boot 3.3.1 and 3.2.7; Spring Security 6.3.1, 6.2.5 and 5.8.13; Spring Session 3.3.1 and 3.2.4; and Spring Modulith 1.2.1, 1.1.6 and 1.0.9.

Spring Boot

The release of Spring Boot versions 3.3.1 and 3.2.7 deliver improvements in documentation, dependency upgrades and resolutions to notable issues such as: an IllegalArgumentException when trying to use an instance of the Tomcat Http11Nio2Protocol class with Spring Boot-configured SSL; and an instance of the DataSourceProperties class fails to bind if the java.sql module isn’t included. Further details on these releases may be found in the release notes for version 3.3.1 and version 3.2.7.

Spring Framework

Spring Framework 6.1.10, the tenth maintenance release, provides bug fixes (that include regressions from version 6.1.9), improvements in documentation and new features: an instance of the PersistenceExceptionTranslationInterceptor class now defensively retrieves PersistenceExceptionTranslator interface beans to cover scenarios where the translator has not been initialized before shutdown; and support for all “connection reset” exception phrases from the DisconnectedClientHelper class. This version is included in the release of Spring Boot 3.2.7 and 3.3.1. More details on this release may be found in the release notes.

Spring Security

Versions 6.3.1, 6.2.5 and 5.8.13 of Spring Security have been released that ship with bug fixes, dependency upgrades, build updates and new features such as: enhanced logging from within the check() method, defined in the RequestMatcherDelegatingAuthorizationManager class, that did not provide useful information; and an update to the ldap.adoc file to include the required dependencies to avoid issues that developers have experienced while setting up LDAP. Further details on these releases may be found in the release notes for version 6.3.1, version 6.2.5 and version 5.8.13.

Spring Authorization Server

Versions 1.3.1 and 1.2.5 of Spring Authorization Server have been released featuring dependency upgrades and resolutions to issues: a ClassNotFoundException due to AOT hints preventing compilation when using JdbcOAuth2AuthorizationService or JdbcRegisteredClientRepository classes; and authentication for an X509 client certificate enforces the value assigned to the client_id field in the YAML configuration file without first checking on client authentication method. More details on these releases may be found in the release notes for version 1.3.1 and version 1.2.5.

Spring for GraphQL

Versions 1.3.1 and 1.2.7 of Spring for GraphQL have been released providing bug fixes, improvements in documentation, dependency upgrades and new features: support for returning instances of the Reactor Flux class from methods annotated with @EntityMapping to complement existing support for List, Mono and CompletableFuture; and allow the use of GraphQL Java 21.x in the Spring for GraphQL 1.2 release train. These versions are included in the release of Spring Boot 3.2.7 and 3.3.1, respectively. Further details on these releases may be found in the release notes for version 1.3.1 and version 1.2.7.

Spring Session

Versions 3.3.1 and 3.2.4 of Spring Session have been released with dependency upgrades and a new feature that resolves an issue in which a default implementation of the UserDetails interface, User, is returned instead of a user-defined custom implementation. More details on these releases may be found in the release notes for version 3.3.1 and version 3.2.4.

Spring Integration

Versions 6.3.1 and 6.2.6 of Spring Integration have been released featuring bug fixes, improvements in documentation, dependency upgrades and a new feature that provides the ZeroMqMessageHandler class with an optional topic for distributing messages into subscriptions that must be wrapped with an additional empty frame. This would complement the existing default topic. Further details on these releases may be found in the release notes for version 6.3.1 and version 6.2.6.

Spring Modulith

Versions 1.2.1 and 1.1.6 of Spring Modulith have been released featuring: an improved configuration of the ApplicationModuleDetectionStrategy interface via the spring.modulith.detection-strategy property that will accept values direct-sub-packages (default) or explicitly-annotated; a resolution to named interface detection accidentally picking up nested declarations in a nested interfaces scenario; and dependency upgrades to Spring Boot 3.3.1 and 3.2.7, respectively. More details on these releases may be found in the release notes for version 1.2.1 and version 1.1.6.

Spring AMQP

Version 3.1.6 of Spring AMQP has been released featuring dependency upgrades and resolutions to issues: the release() method, defined in the ActiveObjectCounter class, is unreachable due to the SimpleMessageListenerContainer class not having released the consumer variable; and elimination of an interrupted thread after performing target logic by moving the cancelTimeoutTaskIfAny() method, defined in the RabbitFuture class, into a finally block. Further details on this release may be found in the release notes.

Spring for Apache Kafka

Versions 3.2.1 and 3.1.6 of Spring for Apache Kafka have been released providing bug fixes, dependency upgrades and a new feature that adds tracing headers, now mapped to a string, in the AbstractKafkaHeaderMapper class after the migration from Sleuth to Micrometer. These versions are included in the release of Spring Boot 3.2.7 and 3.3.1, respectively. More details on these releases may be found in the release notes for version 3.2.1 and version 3.1.6.

Spring for Apache Pulsar

Versions 1.1.1 and 1.0.7 of Spring for Apache Pulsar have been released featuring numerous dependency upgrades that include: Micrometer Metrics 1.13.1 and 1.12.7, respectively; Reactive Client for Apache Pulsar 0.5.6; and Spring Framework 6.1.9. These versions are included in the release of Spring Boot 3.2.7 and 3.3.1, respectively. Further details on these releases may be found in the release notes for version 1.1.1 and version 1.0.7.

Spring Tools

Less than a week after the release of version 4.23.0, version 4.23.1 of Spring Tools has been released to deliver important fixes such as: adding preferences/settings for enabling/disabling JPQL, HQL and SQL syntax validation as well as severities for syntax problems inside Spring Data queries that were missing; and a StackOverflowException from within the AnnotationHierarchies class upon opening a Spring Boot project in VSCode. More details on this release may be found in the release notes.

This week’s Java roundup for May 27th, 2024 features news highlighting: four JEPs targeted for JDK 23, namely: JEP 482, Flexible Constructor Bodies (Second Preview), JEP 481, Scoped Values (Third Preview), JEP 480, Structured Concurrency (Third Preview) and JEP 471, Deprecate the Memory-Access Methods in Unsafe for Removal; and the releases of JHipster 8.5, Gradle 8.8 and Spring AI 1.0-M1.

OpenJDK

After its review has concluded, JEP 482, Flexible Constructor Bodies (Second Preview), has been promoted from Proposed to Target to Targeted for JDK 23. This JEP proposes a second round of preview and a name change to obtain feedback from the previous round of preview, namely JEP 447, Statements before super(…) (Preview), delivered in JDK 22. This feature allows statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors. Changes in this JEP include: a treatment of local classes; and a relaxation of the restriction that fields can not be accessed before an explicit constructor invocation to a requirement that fields can not be read before an explicit constructor invocation. Gavin Bierman, Consulting Member of Technical Staff at Oracle, has provided an initial specification of this JEP for the Java community to review and provide feedback.

After its review has concluded, JEP 481, Scoped Values (Third Preview), has been promoted from Proposed to Target to Targeted for JDK 23. Formerly known as Extent-Local Variables (Incubator), this JEP proposes a third preview, with one change, in order to gain additional experience and feedback from one round of incubation and two rounds of preview, namely: JEP 464, Scoped Values (Second Preview), delivered in JDK 22; JEP 446, Scoped Values (Preview), delivered in JDK 21; and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads. The change in this feature is related to the operation parameter of the callWhere() method, defined in the ScopedValue class, is now a functional interface which allows the Java compiler to infer whether a checked exception might be thrown. With this change, the getWhere() method is no longer needed and has been removed.

After its review has concluded, JEP 480, Structured Concurrency (Third Preview), has been promoted from Proposed to Target to Targeted for JDK 23. This JEP proposes a third preview, without change, in order to gain more feedback from the previous two rounds of preview, namely: JEP 462, Structured Concurrency (Second Preview), delivered in JDK 22; and JEP 453, Structured Concurrency (Preview), delivered in JDK 21. This feature simplifies concurrent programming by introducing structured concurrency to “treat groups of related tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability.”

After its review has concluded, JEP 471, Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal, has been promoted from Proposed to Target to Targeted for JDK 23. This JEP proposes to deprecate the memory access methods in the Unsafe class for removal in a future release. These unsupported methods have been superseded by standard APIs, namely; JEP 193, Variable Handles, delivered in JDK 9; and JEP 454, Foreign Function & Memory API, delivered in JDK 22.

Build 23-loom+4-102 of the Project Loom early-access builds are based on JDK 23 Build 25 and improves the implementation of Java monitors (synchronized methods) to work better with virtual threads.

Build 22-jextract+5-33 of the Project Jextract early-access builds, also known as Project Panama, are based on JDK 22 and provides a recommendation in which the quarantine attribute from the bits may need to be removed before using the jextract binaries on macOS Catalina or later.

JDK 23

Build 25 of the JDK 23 early-access builds was made available this past week featuring updates from Build 24 that include fixes for various issues. Further details on this release may be found in the release notes.

Jakarta EE

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has provided an additional update on the upcoming GA release of Jakarta EE 11.

Nine (9) specifications, namely – Jakarta Annotations 3.0, Jakarta Authorization 3.0, Jakarta Contexts and Dependency Injection 4.1, Jakarta Expression Language 6.0, Jakarta Interceptors 2.2, Jakarta RESTful Web Services 4.0, Jakarta Persistence 3.2, Jakarta Validation 3.1 and Jakarta WebSocket 2.2 – have been finalized for Jakarta EE 11.

Five (5) specifications, namely – Jakarta Concurrency 3.1, Jakarta Data 1.0, Jakarta Faces 4.1, Jakarta Pages 4.0 and Jakarta Servlet 6.1 – should have their respective reviews completed during the week of June 3, 2024.

And reviews for the remaining two (2) specifications, Jakarta Authentication 3.0 and Jakarta Security 4.0, should start during the week of June 10, 2024.

Discussing the remaining work required for the GA release, Grimstad stated:

There is some work to be done on the TCK and the specification documents before the release reviews of the Jakarta EE 11 Platform, Jakarta EE 11 Web Profile, and Jakarta EE 11 Core Profile specifications can start. This will likely happen in late June or early July, so we are on track according to the release plan.

GlassFish

GlassFish 7.0.15, fifteenth maintenance release in the 7.0.0 release train, provides improvements in documentation, dependency upgrades and notable resolutions to issues such as: a ClassCastException due to improper classloader matching in the Weld BeanDeploymentArchive interface; cluster monitoring data not being displayed in the Admin Console; and an IllegalArgumentException in the toString() method, defined in the Application class, due to a bundle without descriptor being valid. More details on this release may be found in the release notes.

TornadoVM

TornadoVM 1.0.5, the fifth maintenance release, ships with bug fixes and improvements such as: support for Vector types at the API level in the variants of the Floatx class with variants of Intx class; an improved OpenCL build log; an improvements in the TornadoOptions and TornadoLogger classes where all options (debug, events, etc.) have been moved to the former and all debugging has been moved to the latter.

Spring Framework

It was a very quiet week at Spring compared to the release activity during the week of May 20, 2024.

Following the release of Spring Boot 3.3.0, 3.2.6 and 3.1.12, versions 3.0.16 and 2.7.21 were released this past week featuring many dependency upgrades and notable bug fixes: when graceful shutdown of Tomcat is aborted, it may report that it completed successfully; and resolving an instance of the BuildpackReference class, created from a URL-like String, can fail on Windows. Further details on these releases may be found in the release notes for version 3.0.16 and version 2.7.21.

Spring Cloud 2023.0.2, codenamed Leyton, and 2022.0.7 Enterprise Edition have been released featuring featuring bug fixes and notable updates to sub-projects: Spring Cloud Kubernetes 3.1.2; Spring Cloud Function 4.1.2; Spring Cloud OpenFeign 4.1.2; Spring Cloud Stream 4.1.2; and Spring Cloud Gateway 4.1.4. This release is based on Spring Boot 3.3.0. More details on this release may be found in the release notes.

The first milestone release of Spring AI 1.0.0 delivers new features such as: a new ChatClient fluent API, composed of the ChatClient interface and Builder inner class, providing methods to construct an instance of a Prompt class, which is then passed as input to an AI model; eight (8) new AI models; updated existing models; and support for Testcontainers. Developers interested in learning more can follow this example application.

Versions 3.3.0-RC1, 3.2.5 and 3.1.12 of Spring Shell have been released featuring a breaking change ​​that replaces the use of the Spring Boot ApplicationArguments interface with a plain String array in the ShellRunner interface and its implementations. Default methods to bridge new methods were created and old methods were deprecated with a plan to remove them in Spring Shell 3.4.x. This is part of on-going work to remove all Spring Boot classes from the Spring Shell core package. These versions build upon Spring Boot 3.3.0, 3.2.5 and 3.1.12, respectively, and JLine 3.26.1. Further details on these releases may be found in the release notes for version 3.3.0-RC1, version 3.2.5 and version 3.1.12.

Helidon

The release of Helidon 4.0.9 ships with notable changes such as: a resolution to an IndexOutOfBoundsException generated from the first(String) method, defined in the Parameters interface, due to index 0 being out of bounds for an array of length 0; a refactor of the OCI metrics library code is organized so other implementations can extend common types without having to also include the OCI metrics library CDI module; and improvements to the WebClientSecurity class against absent or disabled tracing. More details on this release may be found in the release notes.

Quarkus

The release of Quarkus 3.11 delivers notable changes such as: a new OidcRedirectFilter interface to dynamically customize OIDC redirects; initial support of security integration for the WebSockets Next extension; and a new Infinispan Cache extension that will replace the now-deprecated @CacheResult annotation. Further details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.

Micronaut

The Micronaut Foundation has released version 4.4.3 of the Micronaut Framework featuring Micronaut Core 4.4.10, bug fixes, improvements in documentation and updates to modules: Micronaut Data and Micronaut Test Resources. More details on this release may be found in the release notes.

WildFly

WildFly 32.0.1, first maintenance release, delivers component upgrades and notable resolutions to issues such as: a ClassCastException when running live-only High Availability policy in the messaging-activemq subsystem; a possible NoSuchElementException upon deploying multiple OpenAPI endpoints; and restoration of the io.smallrye.opentelemetry module to the OpenTelemetryDependencyProcessor class as this module is required on the deployment classpath since that contains the CDI provider method providing the implementation of the OpenTelemetry Tracer interface. Further details on this release may be found in the release notes.

Hibernate

The release of Hibernate Reactive 2.3.1.Final ships with dependency upgrades and a resolution to a NullPointerException due to a method that converts the generated ID from the database to a ResultSet was not implemented. This release is compatible with Hibernate ORM 6.5.2.Final. More details on this release may be found in the release notes.

Apache Software Foundation

Apache Maven 4.0.0-beta-3 provides bug fixes, dependency upgrades and improvements such as: initial support for Maven 4.0 API to be usable outside of the runtime; changes in the PathType interface to control the type of path where each dependency can be placed; and support for the fatjar, a dependency type to be used when dependency is considered self contained. Further details on this release may be found in the release notes.

Similarly, Apache Maven 3.9.7 ships with bug fixes, dependency upgrades and new features: support for wildcards in an OS version to specify wildcard in the OS version tag; and the ability to ignore transitive dependency repositories using the mvn -itr command. More details on this release may be found in the release notes.

Maintaining alignment with Quarkus, the release of Camel Quarkus 3.11.0, composed of Camel 4.6.0 and Quarkus 3.11.0, provides resolutions to notable issues such as: Quarkus Infinispan not compatible with Camel Infinispan due to differences in Infinispan version support; and improved auto-configuration by moving the options for the SupervisingRouteController interface into its own group. Further details on this release may be found in the release notes.

JobRunr

Version 7.2.0 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released featuring bug fixes, dependency upgrades and new features such as: support for Spring Boot 3.3.0 where JobRunr now declares the spring-boot-starter dependency with a provided scope; support for Kotlin 2.0.0 (support for Kotlin 1.7.0 ahs been dropped); and deleting a job using the JobScheduler or JobRequestScheduler classes will be retried if a ConcurrentJobModificationException is thrown. More details on this release may be found in the release notes.

JHipster

The release of JHipster 8.5.0 delivers: support for Spring Boot 3.3.0; a resolution to issues with OIDC claims in the SecurityUtils class when the syncUserWithIdp boolean is set to false; and resolutions to multiple issues with SonarCloud, used by JHipster for code quality. Further details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.

JDKUpdater

Versions 14.0.53+75 and 14.0.51+73 of JDKUpdater, a new utility that provides developers the ability to keep track of updates related to builds of OpenJDK and GraalVM. Introduced in mid-March by Gerrit Grunwald, principal engineer at Azul, these releases include: an update in the base URL for CVE details; and modifications related to menu items. More details on this release may be found in the release notes for version 14.0.53+75 and version 14.0.51+73.

Gradle

The release of Gradle 8.8 delivers: full support for JDK 22; a preview feature to configure the Gradle daemon JVM using toolchains; improved IDE performance with large projects; and improvements to build authoring, error and warning messages, the build cache, and the configuration cache. Further details on this release may be found in the release notes.

This week’s Java roundup for May 20th, 2024 features news highlighting: Java’s 29th birthday; the release of Kotlin 2.0 and Semantic Kernel for Java 1.0; JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), targeted for JDK 23; and four JEPs proposed to target for JDK 23

Java Turns 29

On May 23rd, 1995, Java 1.0 was introduced to developers who attended the Sun World ‘95 conference. A Java community was born and 29 years later, the community has evolved to include 370 global Java User Groups, 370 Java Champions and many Java-related conferences in a given calendar year. There have been 22 formal releases

At Devnexus 2024, Sharat Chander, Senior Director, Product Management & Developer Engagement at Oracle, announced that JavaOne will return to celebrate Java’s 30th birthday. It will be held March 17-20, 2025 in Redwood Shores, California. Please stay tuned for the call for papers.

OpenJDK

After its review has concluded, JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), has been promoted from Proposed to Target to Targeted for JDK 23. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the two previous rounds of preview, namely JEP 463, Implicit Classes and Instance Main Methods (Second Preview), delivered in JDK 22, and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This JEP proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. The latest draft of the specification document by Gavin Bierman, Consulting Member of Technical Staff at Oracle, is open for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.

JEP 482, Flexible Constructor Bodies (Second Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes a second round of preview and a name change to obtain feedback from the previous round of preview, namely JEP 447, Statements before super(…) (Preview), delivered in JDK 22. This feature allows statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors. Changes in this JEP include: a treatment of local classes; and a relaxation of the restriction that fields can not be accessed before an explicit constructor invocation to a requirement that fields can not be read before an explicit constructor invocation. Gavin Bierman, Consulting Member of Technical Staff at Oracle, has provided an initial specification of this JEP for the Java community to review and provide feedback. The review is expected to conclude on May 27, 2024.

JEP 481, Scoped Values (Third Preview), has been promoted from Candidate to Proposed to Target for JDK 23. Formerly known as Extent-Local Variables (Incubator), this JEP proposes a third preview, with one change, in order to gain additional experience and feedback from one round of incubation and two rounds of preview, namely: JEP 464, Scoped Values (Second Preview), delivered in JDK 22; JEP 446, Scoped Values (Preview), delivered in JDK 21; and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads. The change in this feature is related to the operation parameter of the callWhere() method, defined in the ScopedValue class, is now a functional interface which allows the Java compiler to infer whether a checked exception might be thrown. With this change, the getWhere() method is no longer needed and has been removed. The review is expected to conclude on May 29, 2024

JEP 480, Structured Concurrency (Third Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes a third preview, without change, in order to gain more feedback from the previous two rounds of preview, namely: JEP 462, Structured Concurrency (Second Preview), delivered in JDK 22; and JEP 453, Structured Concurrency (Preview), delivered in JDK 21. This feature simplifies concurrent programming by introducing structured concurrency to “treat groups of related tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability.” The review is expected to conclude on May 27, 2024.

JEP 471, Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal, has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes to deprecate the memory access methods in the Unsafe class for removal in a future release. These unsupported methods have been superseded by standard APIs, namely; JEP 193, Variable Handles, delivered in JDK 9; and JEP 454, Foreign Function & Memory API, delivered in JDK 22. The review is expected to conclude on May 27, 2024.

JDK 23

Build 24 of the JDK 23 early-access builds was made available this past week featuring updates from Build 23 that include fixes for various issues. Further details on this release may be found in the release notes.

Jakarta EE 11

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has provided an update on the upcoming GA release of Jakarta EE 11. Nine (9) specifications, namely – Jakarta Annotations 3.0, Jakarta Authorization 3.0, Jakarta Contexts and Dependency Injection 4.1, Jakarta Expression Language 6.0, Jakarta Interceptors 2.2, Jakarta RESTful Web Services 4.0, Jakarta Persistence 3.2, Jakarta Validation 3.1 and Jakarta WebSocket 2.2 – have been finalized for Jakarta EE 11. The remaining seven (7) updated specifications are in various stages of review.

Spring Framework

It was a busy week over at Spring as the various teams have delivered numerous milestone and point releases on Spring Boot, Spring Framework, Spring Cloud Data Flow, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Session, Spring Integration, Spring Modulith, Spring Batch, Spring AMQP, Spring for Apache Kafka and Spring for Apache Pulsar. More details may be found in this InfoQ news story.

Kotlin

JetBrains has released version 2.0 of Kotlin that finalizes the new frontend for the Kotlin compiler, codenamed K2, to unify all supported Kotlin platforms by which all compiler backends now share a significant amount of logic and a unified pipeline. Kotlin 2.0 promises faster compilation speed and support for Compose Multiplatform projects. JetBrains has also been developing a K2 Kotlin Mode, currently in alpha, for IntelliJ IDEA. Further details on this release may be found in the what’s new page. InfoQ will follow up with a more detailed news story.

Quarkus

Quarkus 3.10.2, the second maintenance release, ships with notable changes such as: a resolution to a QuarkusErrorHandler runtime error upon invoking a REST client endpoint that accepts a @BeanParam on a bean containing a List field annotated with @RestForm; and set the correct configuration key upon generating a native build from Gradle. More details on this release may be found in the changelog.

Open Liberty

IBM has released version 24.0.0.5 of Open Liberty featuring resolutions to the following Common Vulnerabilities and Exposures (CVEs) where a remote attacker can send a specially crafted request causing the server to consume memory resources resulting in a denial-of-service

• CVE-2024-27268, a vulnerability in WebSphere Application Server Liberty versions 18.0.0.2 through 24.0.0.4.
• CVE-2024-22353, a vulnerability in WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.4.
• CVE-2024-25026, a vulnerability in WebSphere Application Server versions 8.5 and 9.0, and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4.

Notable bug fixes include: a ClassCastException upon using SIP Servlet 1.1 and WebSocket features; the featureUtility connection test to a base URL of a custom repository returns a HTTP 400 response code and fails to recognize it as a working repository. Further details on all of the bug fixes may be found in this list of issues.

Microsoft

After more than a year in development, Microsoft has introduced the general availability of Semantic Kernel for Java, an SDK that meshes Large Language Models (LLMs) with popular programming languages. Version 1.0 delivers: tool calling that enables an AI service to request the invocation of native Java functions; support for both text-to-audio and audio-to-text conversions with their audio service; an enhanced type conversion that allows user to register types and serialize/deserialize them to and from prompts; and the introduction of hooks to monitor key points such as function calls, enabling users to log or intercept them for better tracking and debugging. InfoQ will follow up with a more detailed news story.

Infinispan

Infinispan 15.0.4, the fourth maintenance release, provides notable changes such as: a resolution to a flaky test found in the TracingSecurityTest class; the addition of node names in the tracing spans; and a simplification of the default server configuration files. More details on this release may be found in the release notes and in this InfoQ news story on the release of Infinispan 15.0.0.

JHipster Lite

The release of JHipster Lite 1.9.0 ships with bug fixes, dependency upgrades and new features/enhancements such as: the addition of the Gradle frontend server plugin; removal of the gradleapp property from generate.sh as Gradle is now fully supported; and a simplification of lint-staged configuration. Further details on this release may be found in the release notes.

Langchain4j

Version 0.31.0 of LangChain for Java (LangChain4j) features new integrations: embedding models, Cohere and Jina; web search engines, Google and Tavily; the Jina scoring (re-ranking) model; and the Azure Cosmos DB for NoSQL embedding store. Breaking changes include: a rename of the Judge0 package from dev.langchain4j.code to dev.langchain4j.code.judge0; and a migration of the Anthropic language model from Gson to Jackson. More details on this release may be found in the release notes.

This week’s Java roundup for May 20th, 2024 features news highlighting: Java’s 29th birthday; the release of Kotlin 2.0 and Semantic Kernel for Java 1.0; JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), targeted for JDK 23; and four JEPs proposed to target for JDK 23

Java Turns 29

On May 23rd, 1995, Java 1.0 was introduced to developers who attended the Sun World ‘95 conference. A Java community was born and 29 years later, the community has evolved to include 370 global Java User Groups, 370 Java Champions and many Java-related conferences in a given calendar year. There have been 22 formal releases

At Devnexus 2024, Sharat Chander, Senior Director, Product Management & Developer Engagement at Oracle, announced that JavaOne will return to celebrate Java’s 30th birthday. It will be held March 17-20, 2025 in Redwood Shores, California. Please stay tuned for the call for papers.

OpenJDK

After its review has concluded, JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), has been promoted from Proposed to Target to Targeted for JDK 23. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the two previous rounds of preview, namely JEP 463, Implicit Classes and Instance Main Methods (Second Preview), delivered in JDK 22, and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This JEP proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. The latest draft of the specification document by Gavin Bierman, Consulting Member of Technical Staff at Oracle, is open for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.

JEP 482, Flexible Constructor Bodies (Second Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes a second round of preview and a name change to obtain feedback from the previous round of preview, namely JEP 447, Statements before super(…) (Preview), delivered in JDK 22. This feature allows statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors. Changes in this JEP include: a treatment of local classes; and a relaxation of the restriction that fields can not be accessed before an explicit constructor invocation to a requirement that fields can not be read before an explicit constructor invocation. Gavin Bierman, Consulting Member of Technical Staff at Oracle, has provided an initial specification of this JEP for the Java community to review and provide feedback. The review is expected to conclude on May 27, 2024.

JEP 481, Scoped Values (Third Preview), has been promoted from Candidate to Proposed to Target for JDK 23. Formerly known as Extent-Local Variables (Incubator), this JEP proposes a third preview, with one change, in order to gain additional experience and feedback from one round of incubation and two rounds of preview, namely: JEP 464, Scoped Values (Second Preview), delivered in JDK 22; JEP 446, Scoped Values (Preview), delivered in JDK 21; and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads. The change in this feature is related to the operation parameter of the callWhere() method, defined in the ScopedValue class, is now a functional interface which allows the Java compiler to infer whether a checked exception might be thrown. With this change, the getWhere() method is no longer needed and has been removed. The review is expected to conclude on May 29, 2024

JEP 480, Structured Concurrency (Third Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes a third preview, without change, in order to gain more feedback from the previous two rounds of preview, namely: JEP 462, Structured Concurrency (Second Preview), delivered in JDK 22; and JEP 453, Structured Concurrency (Preview), delivered in JDK 21. This feature simplifies concurrent programming by introducing structured concurrency to “treat groups of related tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability.” The review is expected to conclude on May 27, 2024.

JEP 471, Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal, has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes to deprecate the memory access methods in the Unsafe class for removal in a future release. These unsupported methods have been superseded by standard APIs, namely; JEP 193, Variable Handles, delivered in JDK 9; and JEP 454, Foreign Function & Memory API, delivered in JDK 22. The review is expected to conclude on May 27, 2024.

JDK 23

Build 24 of the JDK 23 early-access builds was made available this past week featuring updates from Build 23 that include fixes for various issues. Further details on this release may be found in the release notes.

Jakarta EE 11

In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has provided an update on the upcoming GA release of Jakarta EE 11. Nine (9) specifications, namely – Jakarta Annotations 3.0, Jakarta Authorization 3.0, Jakarta Contexts and Dependency Injection 4.1, Jakarta Expression Language 6.0, Jakarta Interceptors 2.2, Jakarta RESTful Web Services 4.0, Jakarta Persistence 3.2, Jakarta Validation 3.1 and Jakarta WebSocket 2.2 – have been finalized for Jakarta EE 11. The remaining seven (7) updated specifications are in various stages of review.

Spring Framework

It was a busy week over at Spring as the various teams have delivered numerous milestone and point releases on Spring Boot, Spring Framework, Spring Cloud Data Flow, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Session, Spring Integration, Spring Modulith, Spring Batch, Spring AMQP, Spring for Apache Kafka and Spring for Apache Pulsar. More details may be found in this InfoQ news story.

Kotlin

JetBrains has released version 2.0 of Kotlin that finalizes the new frontend for the Kotlin compiler, codenamed K2, to unify all supported Kotlin platforms by which all compiler backends now share a significant amount of logic and a unified pipeline. Kotlin 2.0 promises faster compilation speed and support for Compose Multiplatform projects. JetBrains has also been developing a K2 Kotlin Mode, currently in alpha, for IntelliJ IDEA. Further details on this release may be found in the what’s new page. InfoQ will follow up with a more detailed news story.

Quarkus

Quarkus 3.10.2, the second maintenance release, ships with notable changes such as: a resolution to a QuarkusErrorHandler runtime error upon invoking a REST client endpoint that accepts a @BeanParam on a bean containing a List field annotated with @RestForm; and set the correct configuration key upon generating a native build from Gradle. More details on this release may be found in the changelog.

Open Liberty

IBM has released version 24.0.0.5 of Open Liberty featuring resolutions to the following Common Vulnerabilities and Exposures (CVEs) where a remote attacker can send a specially crafted request causing the server to consume memory resources resulting in a denial-of-service

• CVE-2024-27268, a vulnerability in WebSphere Application Server Liberty versions 18.0.0.2 through 24.0.0.4.
• CVE-2024-22353, a vulnerability in WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.4.
• CVE-2024-25026, a vulnerability in WebSphere Application Server versions 8.5 and 9.0, and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4.

Notable bug fixes include: a ClassCastException upon using SIP Servlet 1.1 and WebSocket features; the featureUtility connection test to a base URL of a custom repository returns a HTTP 400 response code and fails to recognize it as a working repository. Further details on all of the bug fixes may be found in this list of issues.

Microsoft

After more than a year in development, Microsoft has introduced the general availability of Semantic Kernel for Java, an SDK that meshes Large Language Models (LLMs) with popular programming languages. Version 1.0 delivers: tool calling that enables an AI service to request the invocation of native Java functions; support for both text-to-audio and audio-to-text conversions with their audio service; an enhanced type conversion that allows user to register types and serialize/deserialize them to and from prompts; and the introduction of hooks to monitor key points such as function calls, enabling users to log or intercept them for better tracking and debugging. InfoQ will follow up with a more detailed news story.

Infinispan

Infinispan 15.0.4, the fourth maintenance release, provides notable changes such as: a resolution to a flaky test found in the TracingSecurityTest class; the addition of node names in the tracing spans; and a simplification of the default server configuration files. More details on this release may be found in the release notes and in this InfoQ news story on the release of Infinispan 15.0.0.

JHipster Lite

The release of JHipster Lite 1.9.0 ships with bug fixes, dependency upgrades and new features/enhancements such as: the addition of the Gradle frontend server plugin; removal of the gradleapp property from generate.sh as Gradle is now fully supported; and a simplification of lint-staged configuration. Further details on this release may be found in the release notes.

Langchain4j

Version 0.31.0 of LangChain for Java (LangChain4j) features new integrations: embedding models, Cohere and Jina; web search engines, Google and Tavily; the Jina scoring (re-ranking) model; and the Azure Cosmos DB for NoSQL embedding store. Breaking changes include: a rename of the Judge0 package from dev.langchain4j.code to dev.langchain4j.code.judge0; and a migration of the Anthropic language model from Gson to Jackson. More details on this release may be found in the release notes.

This week’s Java roundup for May 13th, 2024 features news highlighting: JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), proposed to target for JDK 23; the May 2024 edition of Piranha Cloud; Spring Data 2024.0.0; and point and milestone releases of Spring Framework, GlassFish and Micrometer.

OpenJDK

JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), has been promoted from Candidate to Proposed to Target for JDK 23. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the two previous rounds of preview, namely JEP 463, Implicit Classes and Instance Main Methods (Second Preview), delivered in JDK 22, and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This JEP proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. The latest draft of the specification document by Gavin Bierman, Consulting Member of Technical Staff at Oracle, is open for review by the Java community. More details on JEP 445 may be found in this InfoQ news story. The review is expected to conclude on May 21, 2024.

JEP 482, Flexible Constructor Bodies (Second Preview), has been promoted from its JEP Draft 8325803 to Candidate status. This JEP proposes a second round of preview and a name change to obtain feedback from the previous round of preview, namely JEP 447, Statements before super(…) (Preview), delivered in JDK 22. This feature allows statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors. Changes in this JEP include: a treatment of local classes; and a relaxation of the restriction that fields can not be accessed before an explicit constructor invocation to a requirement that fields can not be read before an explicit constructor invocation. Gavin Bierman, Consulting Member of Technical Staff at Oracle, has provided an initial specification of this JEP for the Java community to review and provide feedback.

JEP 481, Scoped Values (Third Preview), has been promoted from its JEP Draft 8331056 to Candidate status. Formerly known as Extent-Local Variables (Incubator), this JEP proposes a third preview, with one change, in order to gain additional experience and feedback from one round of incubation and two rounds of preview, namely: JEP 464, Scoped Values (Second Preview), delivered in JDK 22; JEP 446, Scoped Values (Preview), delivered in JDK 21; and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads. The change in this feature is related to the operation parameter of the callWhere() method, defined in the ScopedValue class, is now a functional interface which allows the Java compiler to infer whether a checked exception might be thrown. With this change, the getWhere() method is no longer needed and has been removed.

JDK 23

Build 23 of the JDK 23 early-access builds was made available this past week featuring updates from Build 22 that include fixes for various issues. Further details on this release may be found in the release notes.

GlassFish

The sixth milestone release of GlassFish 8.0.0 provides bug fixes, dependency upgrades and notable improvements such as: an improved Jakarta Contexts and Dependency Injection TCK; a new Jakarta JSON Processing standalone TCK runner; and an improved class loader matching for implementations of the Weld BeanDeploymentArchive interface. More details on this release may be found in the release notes.

GraalVM

Oracle Labs has released version 0.10.2 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides notable changes such as: a new parameter that allows for skip building a native image for POM-type modules defaulting to false for backwards compatibility; and an improved ClassPathDirectoryAnalyzer class that includes a check for the boolean value of ignoreExistingResourcesConfig field. Further details on this release may be found in the changelog.

Spring Framework

The second milestone release of Spring Framework 6.2.0 ships with bug fixes, improvements in documentation, dependency upgrades and new features such as: a new pathVariableOrNull() method added to the ServerRequest interface as a nullable variant of pathVariable() method for Kotlin extensions; a new generateCodeForArgument() method in CodeFlow class to provide the same functionality as the one defined in the SpelNodeImpl class; and a new CompilableIndexAccessor interface to support compiling expressions that use a custom implementation of the IndexAccessor interface. More details on this release may be found in the release notes.

Similarly, versions 6.1.7, 6.0.20 and 5.3.35 of Spring Framework have also been released featuring bug fixes, improvements in documentation and notable improvements such as:

All three versions provide a dependency upgrade to Protect Reactor 2023.0.6, 2022.0.19 and 2020.0.44, respectively. Further details on these releases may be found in the release notes for version 6.1.7, version 6.0.20 and version 5.3.35.

Spring Data 2024.0.0 has been released providing new features: support for value expressions for improved in expressions in entity- and property-related annotations that aligns with Spring Framework @Value annotation; and compatibility with the new MongoDB 5.0 driver containing a deprecated API that has now been removed. There were also upgrades to sub-projects such as: Spring Data Commons 3.3.0; Spring Data MongoDB 4.3.0; Spring Data Elasticsearch 5.3.0; and Spring Data Neo4j 7.3.0. This new version will be included in the upcoming release of Spring Boot 3.3.0. More details on this release may be found in the release notes.

Similarly, versions 2023.1.6 and 2023.0.12 of Spring Data have been released providing bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.2.6 and 3.1.12; Spring Data MongoDB 4.2.6 and 4.1.12; Spring Data Elasticsearch 5.2.6 and 5.1.12; and Spring Data Neo4j 7.2.6 and 7.1.12. These versions may also be consumed by the upcoming releases of Spring Boot 3.2.6 and 3.1.12, respectively.

The release of Spring Web Services 4.0.11 ships with a dependency upgrade to Spring Framework 6.0.20 and notable changes: elimination of starting/stopping of an instance of the Apache ActiveMQ EmbeddedActiveMQ Artemis server before/after every test method from the JmsIntegrationTest class to improve test performance; and override the securement password using the MessageContext interface from the Wss4jHandler class to efficiently support per-request credentials. Further details on this release may be found in the release notes.

Quarkus

The release of Quarkus 3.10.1 delivers dependency upgrades and notable changes such as: elimination of a possible NullPointerException when the getResources() method defined in the QuarkusClassLoader class returns null; and a resolution to an issue mocking an implementation of the GitInfo interface with @MockitoConfig, an annotation that makes use of the AnnotationsTransformer API which does not work for synthetic beans, that is beans whose metadata are programmatically created in a Quarkus extension. More details on this release may be found in the changelog.

Apache Software Foundation

The release of Apache Tomcat 10.1.24 provides bug fixes and notable changes such as: a refactor of handling trailer fields to use an instance of the MimeHeaders class to store trailer fields; correct error handling from the onError() method defined in the AsyncListener interface for asynchronous dispatch requests; and a resolution to WebDAV locks for non existing resources for thread safety and removal. Further details on this release may be found in the release notes.

Hibernate

The first alpha release of Hibernate Search 7.2.0 delivers dependency upgrades and improvements to the Search DSL such as: the ability to apply queryString and simpleQueryString predicates for numeric and date fields; define the minimum number of terms that should match using the match predicate; and a new @DistanceProjection annotation to map a constructor parameter to a distance projection. More details on this release may be found in the release notes.

Micrometer

The release of Micrometer Metrics 1.13.0 delivers bug fixes, improvements in documentation, dependency upgrades and many new features such as: support for the @Counted annotation on classes and an update to the CountedAspect class to handle when @Counted is used on a class; removal of an unnecessary call to getConventionName() defined in the PrometheusMeterRegistry class; and allow for customizing a start log message in an implementation of the PushMeterRegistry abstract class. Further details on this release may be found in the release notes.

Similarly, versions 1.12.6 and 1.11.12 of Micrometer Metrics provide dependency upgrades and resolutions to bug fixes such as: a NullPointerException in the DefaultJmsProcessObservationConvention class; and the AnnotationHandler can’t see methods from the parent class. More details on these releases may be found in the release notes for version 1.12.6 and version 1.11.12.

The release of Micrometer Tracing 1.3.0 ships with bug fixes, dependency upgrades and new features such as: a new TestSpanReporter class for improved integration tests that include components declared as beans that generate traces; and an implementation of the setParent() and setNoParent() methods, declared in the Tracer interface, in the SimpleSpanBuilder class. Further details on this release may be found in the release notes.

Similarly, versions 1.2.6 and 1.1.13 of Micrometer Tracing provide dependency upgrades to Micrometer Metrics 1.12.6 and 1.11.12, respectively and a resolution to an instance of the ObservationAwareBaggageThreadLocalAccessor class losing scope in the wrong order due to the JUnit @ParameterizedTest annotation executing tests in parallel which interferes with the baggage scopes resulting in return results in wrong spans and traces. More details on these releases may be found in the release notes for version 1.2.6 and version 1.1.13

Project Reactor

The second milestone release of Project Reactor 2024.0.0 provides dependency upgrades to reactor-core 3.7.0-M2, reactor-pool 1.1.0-M2 and reactor-netty 1.2.0-M2. There was also a realignment to version 2024.0.0-M2 with the reactor-kafka 1.4.0-M1, reactor-addons 3.6.0-M1 and reactor-kotlin-extensions 1.3.0-M1 artifacts that remain unchanged. Further details on this release may be found in the changelog.

Next, Project Reactor 2023.0.6, the sixth maintenance release, provides dependency upgrades to reactor-core 3.6.6. There was also a realignment to version 2023.0.6 with the reactor-netty 1.1.19, reactor-kafka 1.3.23, reactor-pool 1.0.5, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.

Next, Project Reactor 2022.0.19, the nineteenth maintenance release, provides dependency upgrades to reactor-core 3.5.17 and reactor-netty 1.1.19. There was also a realignment to version 2022.0.19 with the reactor-kafka 1.3.23, reactor-pool 1.0.5, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.

And finally, the release of Project Reactor 2020.0.44, codenamed Europium-SR44, provides dependency upgrades to reactor-core 3.4.38 and reactor-netty 1.0.45. There was also a realignment to version 2020.0.44 with the reactor-kafka 1.3.23, reactor-pool 0.2.12, reactor-addons 3.4.10, reactor-kotlin-extensions 1.1.10 and reactor-rabbitmq 1.5.6 artifacts that remain unchanged. More details on this release may be found in the changelog.

Piranha Cloud

The release of Piranha 24.5.0 delivers notable changes such as: a new Tomcat10xExtension class to provide compatibility with Tomcat 10.0+; a new Glassfish7xExtension class to provide compatibility with GlassFish 7.0+; and removal of the SourceSpy project map. Further details on this release may be found in their documentation and issue tracker.

JobRunr

Version 7.1.2 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released providing a resolution to a BeanCreationException from within the validateTables() method defined in the DatabaseCreator class due to the table-prefix property not properly set. More details on this release may be found in the release notes.

Java Operator SDK

The release of Java Operator SDK 4.9.0 features dependency upgrades and removal of an invalid log message from the ReconciliationDispatcher class. Further details on this release may be found in the release notes.

This week’s Java roundup for May 6th, 2024 features news highlighting: the May edition of the Payara Platform; and new JEP candidates, namely: JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), JEP 480, Structured Concurrency (Third Preview), JEP 479, Remove the Windows 32-bit x86 Port, and JEP 478, Key Derivation API (Preview).

OpenJDK

JEP 467, Markdown Documentation Comments, has been promoted from Proposed to Target to Targeted for JDK 23. This feature proposes to enable JavaDoc documentation comments to be written in Markdown rather than a mix of HTML and JavaDoc @ tags. This will allow for documentation comments that are easier to write and easier to read in source form.

JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), has been promoted from its JEP Draft 8323335 to Candidate status. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the two previous rounds of preview, namely JEP 463, Implicit Classes and Instance Main Methods (Second Preview), to be delivered in the upcoming release of JDK 22, and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This JEP proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. The latest draft of the specification document by Gavin Bierman, Consulting Member of Technical Staff at Oracle, is open for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.

JEP 480, Structured Concurrency (Third Preview), has been promoted from its JEP Draft 8330818 to Candidate status. This JEP proposes a third preview, without change, in order to gain more feedback from the previous two rounds of preview, namely: JEP 462, Structured Concurrency (Second Preview), delivered in JDK 22; and JEP 453, Structured Concurrency (Preview), delivered in JDK 21. This feature simplifies concurrent programming by introducing structured concurrency to “treat groups of related tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability.”

JEP 479, Remove the Windows 32-bit x86 Port, has been promoted from its JEP Draft 8330623 to Candidate status. This JEP proposes to fully remove the Windows 32-bit x86 port following its deprecation as described in JEP 449, Deprecate the Windows 32-bit x86 Port for Removal, delivered in JDK 21. The goals are to: remove all code paths in the code base that apply only to Windows 32-bit; cease all testing and development efforts targeting the Windows 32-bit platform; and simplify OpenJDK’s build and test infrastructure, aligning with current computing standards.

JEP 478, Key Derivation API (Preview), has been promoted from its JEP Draft 8189808 to Candidate status. This JEP proposes to introduce an API for Key Derivation Functions (KDFs), cryptographic algorithms for deriving additional keys from a secret key and other data, with goals to: allow security providers to implement KDF algorithms in either Java or native code; and enable the use of KDFs in implementations of JEP 452, Key Encapsulation Mechanism.

JDK 23

Build 22 of the JDK 23 early-access builds was made available this past week featuring updates from Build 21 that include fixes for various issues. Further details on this release may be found in the release notes.

Spring Framework

It was a quiet week over at Spring, however the latest edition of A Bootiful Podcast, facilitated by Josh Long, Spring Developer Advocate at Broadcom, was published this past week featuring Spring Boot co-founders, Phil Webb, Software Engineer at Broadcom, and Dr. David Syer, Senior Staff Engineer at Broadcom, on the occasion of the 10th anniversary of the release of Spring Boot 1.0.

Payara

Payara has released their May 2024 edition of the Payara Platform that includes Community Edition 6.2024.5 and Enterprise Edition 6.13.0. Both editions feature component upgrades and resolutions to notable issues such as: not being able to delete system properties via the Admin Console; an HTTP/2 warning in the log file despite HTTP/2 having been disabled; and a JDK 21 compilation error stating the “The Security Manager is deprecated and will be removed in a future release.” More details on these releases may be found in the release notes for Community Edition 6.2024.5 and Enterprise Edition 6.14.0.

Open Liberty

IBM has released version 24.0.0.5-beta of Open Liberty featuring previews of updated Jakarta EE 11 specifications, namely: Jakarta Contexts and Dependency Injection 4.1; Jakarta Concurrency 3.1; Jakarta Data 1.0; Jakarta Expression Language 6.0; Jakarta Pages 4.0; and Jakarta Servlet 6.1. This release also includes support for using InstantOn with IBM MQ messaging.

Eclipse Foundation

The release of Eclipse Store 1.3.2 ships with bug fixes and improved Spring Framework integration featuring: the removal of the @Component annotation from the EclipseStoreConfigConverter class to prevent two beans from conflicting with each other; and the addition of configuration to disable the automatic creation of default instances of the StorageFoundation interface or Storage class. Further details on this release may be found in the release notes.

Apache Software Foundation

Versions 11.0.0-M20 and 9.0.89 of Apache Tomcat both provide bug fixes and notable changes such as: a refactor of handling trailer fields to use an instance of the MimeHeaders class to store trailer fields; improved parsing of HTTP headers to use common parsing code; a more robust parsing of patterns from the ExtendedAccessLogValve class; and additional time scale options to allow timescales to apply a “time-taken” token in the AccessLogValve and ExtendedAccessLogValve classes. More details on these releases may be found in the release notes for version 11.0.0-M20 and version 9.0.89.

Infinispan

The release of Infinispan 15.0.3.Final delivers notable changes such as: implementations of the ServerTask and ClusterExecutor interfaces should run user code in the blocking thread pool for improved control; lock Single-Instance File System directories to avoid shared usage among multiple caches mapped to the same directory; and a drop in support for OpenSSL due to the performance of the JDK implementation of TLS is now comparable with native. Further details on this release may be found in the release notes and more information on the recent release of Infinispan 15.0.0 may be found in this InfoQ news story.

JobRunr

Version 7.1.1 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released to deliver notable bug fixes and enhancements such as: a SevereJobRunrException thrown from the BackgroundJobServer class due to not being able to resolve an instance of the ConcurrentJobModificationException class; the DeleteDeletedJobsPermanentlyTask class does not use correct configuration resulting in jobs declared as DELETED are not permanently deleted after the configured time period; and an improvement in database migrations. More details on this release may be found in the release notes.

Testcontainers for Java

The release of Testcontainers for Java 1.19.8 ships with bug fixes, improvements in documentation, dependency upgrades and new features such as: a new getDatabaseName() method added to the ClickHouseContainer class to avoid an UnsupportedOperationException; eliminate the use of the non-monotonic currentTimeMillis() method in favor of the nanoTime() method defined in the Java System class as calculating a time lapse in the former may result in a negative number; and a new convenience method, getGrpcHostAddress(), added to the WeaviateContainer class to obtain the gRPC host. Further details on this release may be found in the release notes.

OpenXava

The release of OpenXava 7.3.1 provides bug fixes, improvements in documentation, dependency upgrades and notable new features such as: a new method, isJava21orBetter(), defined in the XSystem utility class to complement the corresponding methods to check for JDK 9 and JDK 17; and new automated tests for date, date/time and popup calendar related issues. More details on this release may be found in the release notes.

This week’s Java roundup for April 22nd, 2024 features news highlighting: the release of WildFly 32; JEP 476, Module Import Declarations (Preview), JEP 474, ZGC: Generational Mode by Default, and JEP 467, Markdown Documentation Comments, proposed to target for JDK 23; Hibernate ORM 6.5; and JobRunr 7.1.

OpenJDK

One week after having been declared a candidate, JEP 476, Module Import Declarations (Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This preview feature proposes to enhance the Java programming language with the ability to succinctly import all of the packages exported by a module with a goal to simplify the reuse of modular libraries without requiring to import code to be in a module itself. The review is expected to conclude on May 1, 2024.

JEP 474, ZGC: Generational Mode by Default, has also been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes to use the Z Garbage Collector (ZGC) from non-generational to generational mode by default. The non-generational mode will be deprecated and removed in a future JDK release. This will ultimately reduce the cost of maintaining the two modes such that future development can primarily focus on JEP 439, Generational ZGC. The review is expected to conclude on April 30, 2024. InfoQ will follow up with a more detailed news story.

JEP 467, Markdown Documentation Comments, has been promoted from Candidate to Proposed to Target for JDK 23. This feature proposes to enable JavaDoc documentation comments to be written in Markdown rather than a mix of HTML and JavaDoc @ tags. This will allow for documentation comments that are easier to write and easier to read in source form. The review is expected to conclude on May 4, 2024. InfoQ will follow up with a more detailed news story.

JDK 23

Build 20 of the JDK 23 early-access builds was made available this past week featuring updates from Build 19 that include fixes for various issues. Further details on this release may be found in the release notes.

BellSoft

BellSoft has released versions 24.0.1 for JDK 22, 23.1.3 for JDK 21 and 23.0.4 for JDK 17 of their Liberica Native Image Kit builds as part of the Oracle Critical Patch Update for April 2024 to address several security and bug fixes. A total of 10 CVEs have been resolved. These include: CVE-2023-41993, a vulnerability in which processing web content may lead to arbitrary code execution; and CVE-2024-21085, a vulnerability in which an unauthenticated attacker, with network access via multiple protocols, can compromise Oracle Java SE and Oracle GraalVM Enterprise Edition resulting in the unauthorized ability to cause a partial denial of service.

Spring Framework

Versions 3.3.0-M1 3.2.4 and 3.1.11 of Spring Shell have been released featuring notable resolutions to issues such as: use of the GridView class with zero column/row sizes causing an item to be placed into the bottom-right when user expects it to be in the top-left; and a race condition and resulting ConcurrentModificationException, primarily seen on WindowsOS, from the TerminalUI class when updating the screen. These releases build on Spring Boot 3.3.0-RC1, 3.2.5 and 3.1.11, respectively. More details on this release may be found in the release notes for version 3.3.0-M1, version 3.2.4 and version 3.1.11.

WildFly

The release of WildFly 32 features the version 1.0 release of WildFly Glow, a set of command-line provisioning tools that analyzes deployments and identifies the set of Galleon feature-packs and Galleon layers that are required by applications. Along with bug fixes and dependency upgrades, other new features include: support for the Jakarta MVC 2.1 specification; support for an instance of the Java SSLContext class that can dynamically delegate to different SSL contexts based on the destination’s host and port; and the ability to create channels defining component versions used to provision WildFly using the WildFly Channel project that may be separately maintained from WildFly’s feature packs. Further details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.

Micronaut

The Micronaut Foundation has released version 4.4.1 of the Micronaut Framework featuring Micronaut Core 4.4.6, bug fixes, improvements in documentation, and updates to modules: Micronaut Views, Micronaut gRPC, Micronaut Test Resources and Micronaut Maven Plugin. More details on this release may be found in the release notes.

Open Liberty

IBM has released version 24.0.0.4 of Open Liberty featuring: support for JDK 22; and updates to eight (8) Open Liberty guides to use the MicroProfile Reactive Messaging 3.0, MicroProfile 6.1 and Jakarta EE 10 specifications. There were also security fixes for: CVE-2023-51775, a vulnerability in the Javascript Object Signing and Encryption for Java (jose4j component) before version 0.9.4 that allows an attacker to cause a denial of service via a large PBES2 value; and CVE-2024-27270, a cross-site scripting vulnerability in IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 that allows an attacker to embed arbitrary JavaScript code in a specially crafted URI.

Helidon

The release of Helidon 4.0.8 ships with notable changes such as: support for a span event listener with a new SpanListener interface for improved tracing callbacks; and the use of delegation instead of inheritance from the Java BufferedOutputStream class to ensure the use of virtual thread-friendly locks in the JDK code and avoids thread pinning due to synchronized blocks in the JDK. Further details on this release may be found in the changelog.

Hibernate

The release of Hibernate ORM 6.5.0.Final delivers new features such as: Java time objects marshaled directly through the JDBC driver as defined by JDBC 4.2 to replace the use of java.sql.Date, java.sql.Time or java.sql.Timestamp classes; a configurable query cache layout to minimize higher memory consumption from storing the full data in the cache; and support for Java records as a parameter in the Jakarta Persistence @IdClass annotation; and support for auto-enabled filters. This release also includes a technical preview of the Jakarta Data specification that will be included in the upcoming release of Jakarta EE 11.

Apache Software Foundation

The release of Apache Camel 4.4.2 provides bug fixes, dependency upgrades and improvements such as: the ability to set the error handler on the route level to complement the existing error handler on the global lever in the Camel YAML DSL component; and support for the restConfiguration property in the Camel XML IO DSL component. More details on this release may be found in the release notes.

Similarly, version 4.0.5 of Apache Camel has also been released with bug fixes, dependency upgrades and improvement such as: a resolution to the PubSubApiConsumer class failing to load the POJO enum, defined in PubSubDeserializeType, on some platforms in the Camel Salesforce component; and a more robust way to obtain the correlationID for brokers in the Camel JMS component. Further details on this release may be found in the release notes.

JobRunr

Version 7.1.0 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released to deliver bug fixes, dependency upgrades and new features such as: support for virtual threads when using GraalVM Native mode; and improved initialization of the BackgroundJobServer class in Spring with improved support for JSR 310, Date and Time API. More details on this release may be found in the release notes.

Details on the new features of JobRunr 7.0.0, released on April 9, 2024 may be found in this webinar hosted by Ron Dehuysser, creator of JobRunr.

JDKUpdater

Versions 14.0.39+69 of JDKUpdater, a new utility that provides developers the ability to keep track of updates related to builds of OpenJDK and GraalVM. Introduced in mid-March by Gerrit Grunwald, principal engineer at Azul, this new release includes: a resolution to an issue related to the latest download view closing problem; and the ability to open the latest version download view from notification. Further details on this release may be found in the release notes.

TornadoVM

TornadoVM has announced that SAPMachine, a downstream distribution of OpenJDK maintained by SAP, has been added to their TornadoVM Installer utility. This complements the existing downstream distributions, namely: Oracle OpenJDK, Amazon Corretto, GraalVM and Mandrel.

Gradle

The first release candidate of Gradle 8.8 delivers: full support for JDK 22; a preview feature to configure the Gradle daemon JVM using toolchains; improved IDE performance with large projects; and improvements to build authoring, error and warning messages, the build cache, and the configuration cache. More details on this release may be found in the release notes.