Author: Michael Redlich
Java News Roundup: Java Turns 29, Kotlin 2.0, Semantic Kernel for Java 1.0, More OpenJDK Updates
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for May 20th, 2024 features news highlighting: Java’s 29th birthday; the release of Kotlin 2.0 and Semantic Kernel for Java 1.0; JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), targeted for JDK 23; and four JEPs proposed to target for JDK 23
Java Turns 29
On May 23rd, 1995, Java 1.0 was introduced to developers who attended the Sun World ‘95 conference. A Java community was born and 29 years later, the community has evolved to include 370 global Java User Groups, 370 Java Champions and many Java-related conferences in a given calendar year. There have been 22 formal releases
At Devnexus 2024, Sharat Chander, Senior Director, Product Management & Developer Engagement at Oracle, announced that JavaOne will return to celebrate Java’s 30th birthday. It will be held March 17-20, 2025 in Redwood Shores, California. Please stay tuned for the call for papers.
OpenJDK
After its review has concluded, JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), has been promoted from Proposed to Target to Targeted for JDK 23. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the two previous rounds of preview, namely JEP 463, Implicit Classes and Instance Main Methods (Second Preview), delivered in JDK 22, and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This JEP proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. The latest draft of the specification document by Gavin Bierman, Consulting Member of Technical Staff at Oracle, is open for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.
JEP 482, Flexible Constructor Bodies (Second Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes a second round of preview and a name change to obtain feedback from the previous round of preview, namely JEP 447, Statements before super(…) (Preview), delivered in JDK 22. This feature allows statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors. Changes in this JEP include: a treatment of local classes; and a relaxation of the restriction that fields can not be accessed before an explicit constructor invocation to a requirement that fields can not be read before an explicit constructor invocation. Gavin Bierman, Consulting Member of Technical Staff at Oracle, has provided an initial specification of this JEP for the Java community to review and provide feedback. The review is expected to conclude on May 27, 2024.
JEP 481, Scoped Values (Third Preview), has been promoted from Candidate to Proposed to Target for JDK 23. Formerly known as Extent-Local Variables (Incubator), this JEP proposes a third preview, with one change, in order to gain additional experience and feedback from one round of incubation and two rounds of preview, namely: JEP 464, Scoped Values (Second Preview), delivered in JDK 22; JEP 446, Scoped Values (Preview), delivered in JDK 21; and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads. The change in this feature is related to the operation parameter of the callWhere() method, defined in the ScopedValue class, is now a functional interface which allows the Java compiler to infer whether a checked exception might be thrown. With this change, the getWhere() method is no longer needed and has been removed. The review is expected to conclude on May 29, 2024
JEP 480, Structured Concurrency (Third Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes a third preview, without change, in order to gain more feedback from the previous two rounds of preview, namely: JEP 462, Structured Concurrency (Second Preview), delivered in JDK 22; and JEP 453, Structured Concurrency (Preview), delivered in JDK 21. This feature simplifies concurrent programming by introducing structured concurrency to “treat groups of related tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability.” The review is expected to conclude on May 27, 2024.
JEP 471, Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal, has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes to deprecate the memory access methods in the Unsafe class for removal in a future release. These unsupported methods have been superseded by standard APIs, namely; JEP 193, Variable Handles, delivered in JDK 9; and JEP 454, Foreign Function & Memory API, delivered in JDK 22. The review is expected to conclude on May 27, 2024.
JDK 23
Build 24 of the JDK 23 early-access builds was made available this past week featuring updates from Build 23 that include fixes for various issues. Further details on this release may be found in the release notes.
Jakarta EE 11
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has provided an update on the upcoming GA release of Jakarta EE 11. Nine (9) specifications, namely – Jakarta Annotations 3.0, Jakarta Authorization 3.0, Jakarta Contexts and Dependency Injection 4.1, Jakarta Expression Language 6.0, Jakarta Interceptors 2.2, Jakarta RESTful Web Services 4.0, Jakarta Persistence 3.2, Jakarta Validation 3.1 and Jakarta WebSocket 2.2 – have been finalized for Jakarta EE 11. The remaining seven (7) updated specifications are in various stages of review.
Spring Framework
It was a busy week over at Spring as the various teams have delivered numerous milestone and point releases on Spring Boot, Spring Framework, Spring Cloud Data Flow, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Session, Spring Integration, Spring Modulith, Spring Batch, Spring AMQP, Spring for Apache Kafka and Spring for Apache Pulsar. More details may be found in this InfoQ news story.
Kotlin
JetBrains has released version 2.0 of Kotlin that finalizes the new frontend for the Kotlin compiler, codenamed K2, to unify all supported Kotlin platforms by which all compiler backends now share a significant amount of logic and a unified pipeline. Kotlin 2.0 promises faster compilation speed and support for Compose Multiplatform projects. JetBrains has also been developing a K2 Kotlin Mode, currently in alpha, for IntelliJ IDEA. Further details on this release may be found in the what’s new page. InfoQ will follow up with a more detailed news story.
Quarkus
Quarkus 3.10.2, the second maintenance release, ships with notable changes such as: a resolution to a QuarkusErrorHandler runtime error upon invoking a REST client endpoint that accepts a @BeanParam on a bean containing a List field annotated with @RestForm; and set the correct configuration key upon generating a native build from Gradle. More details on this release may be found in the changelog.
Open Liberty
IBM has released version 24.0.0.5 of Open Liberty featuring resolutions to the following Common Vulnerabilities and Exposures (CVEs) where a remote attacker can send a specially crafted request causing the server to consume memory resources resulting in a denial-of-service
- CVE-2024-27268, a vulnerability in WebSphere Application Server Liberty versions 18.0.0.2 through 24.0.0.4.
- CVE-2024-22353, a vulnerability in WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.4.
- CVE-2024-25026, a vulnerability in WebSphere Application Server versions 8.5 and 9.0, and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4.
Notable bug fixes include: a ClassCastException upon using SIP Servlet 1.1 and WebSocket features; the featureUtility connection test to a base URL of a custom repository returns a HTTP 400 response code and fails to recognize it as a working repository. Further details on all of the bug fixes may be found in this list of issues.
Microsoft
After more than a year in development, Microsoft has introduced the general availability of Semantic Kernel for Java, an SDK that meshes Large Language Models (LLMs) with popular programming languages. Version 1.0 delivers: tool calling that enables an AI service to request the invocation of native Java functions; support for both text-to-audio and audio-to-text conversions with their audio service; an enhanced type conversion that allows user to register types and serialize/deserialize them to and from prompts; and the introduction of hooks to monitor key points such as function calls, enabling users to log or intercept them for better tracking and debugging. InfoQ will follow up with a more detailed news story.
Infinispan
Infinispan 15.0.4, the fourth maintenance release, provides notable changes such as: a resolution to a flaky test found in the TracingSecurityTest class; the addition of node names in the tracing spans; and a simplification of the default server configuration files. More details on this release may be found in the release notes and in this InfoQ news story on the release of Infinispan 15.0.0.
JHipster Lite
The release of JHipster Lite 1.9.0 ships with bug fixes, dependency upgrades and new features/enhancements such as: the addition of the Gradle frontend server plugin; removal of the gradleapp property from generate.sh as Gradle is now fully supported; and a simplification of lint-staged configuration. Further details on this release may be found in the release notes.
Langchain4j
Version 0.31.0 of LangChain for Java (LangChain4j) features new integrations: embedding models, Cohere and Jina; web search engines, Google and Tavily; the Jina scoring (re-ranking) model; and the Azure Cosmos DB for NoSQL embedding store. Breaking changes include: a rename of the Judge0 package from dev.langchain4j.code to dev.langchain4j.code.judge0; and a migration of the Anthropic language model from Gson to Jackson. More details on this release may be found in the release notes.
Java News Roundup: OpenJDK Updates, Piranha Cloud, Spring Data 2024.0.0, GlassFish, Micrometer
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for May 13th, 2024 features news highlighting: JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), proposed to target for JDK 23; the May 2024 edition of Piranha Cloud; Spring Data 2024.0.0; and point and milestone releases of Spring Framework, GlassFish and Micrometer.
OpenJDK
JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), has been promoted from Candidate to Proposed to Target for JDK 23. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the two previous rounds of preview, namely JEP 463, Implicit Classes and Instance Main Methods (Second Preview), delivered in JDK 22, and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This JEP proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. The latest draft of the specification document by Gavin Bierman, Consulting Member of Technical Staff at Oracle, is open for review by the Java community. More details on JEP 445 may be found in this InfoQ news story. The review is expected to conclude on May 21, 2024.
JEP 482, Flexible Constructor Bodies (Second Preview), has been promoted from its JEP Draft 8325803 to Candidate status. This JEP proposes a second round of preview and a name change to obtain feedback from the previous round of preview, namely JEP 447, Statements before super(…) (Preview), delivered in JDK 22. This feature allows statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors. Changes in this JEP include: a treatment of local classes; and a relaxation of the restriction that fields can not be accessed before an explicit constructor invocation to a requirement that fields can not be read before an explicit constructor invocation. Gavin Bierman, Consulting Member of Technical Staff at Oracle, has provided an initial specification of this JEP for the Java community to review and provide feedback.
JEP 481, Scoped Values (Third Preview), has been promoted from its JEP Draft 8331056 to Candidate status. Formerly known as Extent-Local Variables (Incubator), this JEP proposes a third preview, with one change, in order to gain additional experience and feedback from one round of incubation and two rounds of preview, namely: JEP 464, Scoped Values (Second Preview), delivered in JDK 22; JEP 446, Scoped Values (Preview), delivered in JDK 21; and JEP 429, Scoped Values (Incubator), delivered in JDK 20. This feature enables sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads. The change in this feature is related to the operation parameter of the callWhere() method, defined in the ScopedValue class, is now a functional interface which allows the Java compiler to infer whether a checked exception might be thrown. With this change, the getWhere() method is no longer needed and has been removed.
JDK 23
Build 23 of the JDK 23 early-access builds was made available this past week featuring updates from Build 22 that include fixes for various issues. Further details on this release may be found in the release notes.
GlassFish
The sixth milestone release of GlassFish 8.0.0 provides bug fixes, dependency upgrades and notable improvements such as: an improved Jakarta Contexts and Dependency Injection TCK; a new Jakarta JSON Processing standalone TCK runner; and an improved class loader matching for implementations of the Weld BeanDeploymentArchive interface. More details on this release may be found in the release notes.
GraalVM
Oracle Labs has released version 0.10.2 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides notable changes such as: a new parameter that allows for skip building a native image for POM-type modules defaulting to false for backwards compatibility; and an improved ClassPathDirectoryAnalyzer class that includes a check for the boolean value of ignoreExistingResourcesConfig field. Further details on this release may be found in the changelog.
Spring Framework
The second milestone release of Spring Framework 6.2.0 ships with bug fixes, improvements in documentation, dependency upgrades and new features such as: a new pathVariableOrNull() method added to the ServerRequest interface as a nullable variant of pathVariable() method for Kotlin extensions; a new generateCodeForArgument() method in CodeFlow class to provide the same functionality as the one defined in the SpelNodeImpl class; and a new CompilableIndexAccessor interface to support compiling expressions that use a custom implementation of the IndexAccessor interface. More details on this release may be found in the release notes.
Similarly, versions 6.1.7, 6.0.20 and 5.3.35 of Spring Framework have also been released featuring bug fixes, improvements in documentation and notable improvements such as:
All three versions provide a dependency upgrade to Protect Reactor 2023.0.6, 2022.0.19 and 2020.0.44, respectively. Further details on these releases may be found in the release notes for version 6.1.7, version 6.0.20 and version 5.3.35.
Spring Data 2024.0.0 has been released providing new features: support for value expressions for improved in expressions in entity- and property-related annotations that aligns with Spring Framework @Value annotation; and compatibility with the new MongoDB 5.0 driver containing a deprecated API that has now been removed. There were also upgrades to sub-projects such as: Spring Data Commons 3.3.0; Spring Data MongoDB 4.3.0; Spring Data Elasticsearch 5.3.0; and Spring Data Neo4j 7.3.0. This new version will be included in the upcoming release of Spring Boot 3.3.0. More details on this release may be found in the release notes.
Similarly, versions 2023.1.6 and 2023.0.12 of Spring Data have been released providing bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.2.6 and 3.1.12; Spring Data MongoDB 4.2.6 and 4.1.12; Spring Data Elasticsearch 5.2.6 and 5.1.12; and Spring Data Neo4j 7.2.6 and 7.1.12. These versions may also be consumed by the upcoming releases of Spring Boot 3.2.6 and 3.1.12, respectively.
The release of Spring Web Services 4.0.11 ships with a dependency upgrade to Spring Framework 6.0.20 and notable changes: elimination of starting/stopping of an instance of the Apache ActiveMQ EmbeddedActiveMQ Artemis server before/after every test method from the JmsIntegrationTest class to improve test performance; and override the securement password using the MessageContext interface from the Wss4jHandler class to efficiently support per-request credentials. Further details on this release may be found in the release notes.
Quarkus
The release of Quarkus 3.10.1 delivers dependency upgrades and notable changes such as: elimination of a possible NullPointerException when the getResources() method defined in the QuarkusClassLoader class returns null; and a resolution to an issue mocking an implementation of the GitInfo interface with @MockitoConfig, an annotation that makes use of the AnnotationsTransformer API which does not work for synthetic beans, that is beans whose metadata are programmatically created in a Quarkus extension. More details on this release may be found in the changelog.
Apache Software Foundation
The release of Apache Tomcat 10.1.24 provides bug fixes and notable changes such as: a refactor of handling trailer fields to use an instance of the MimeHeaders class to store trailer fields; correct error handling from the onError() method defined in the AsyncListener interface for asynchronous dispatch requests; and a resolution to WebDAV locks for non existing resources for thread safety and removal. Further details on this release may be found in the release notes.
Hibernate
The first alpha release of Hibernate Search 7.2.0 delivers dependency upgrades and improvements to the Search DSL such as: the ability to apply queryString and simpleQueryString predicates for numeric and date fields; define the minimum number of terms that should match using the match predicate; and a new @DistanceProjection annotation to map a constructor parameter to a distance projection. More details on this release may be found in the release notes.
Micrometer
The release of Micrometer Metrics 1.13.0 delivers bug fixes, improvements in documentation, dependency upgrades and many new features such as: support for the @Counted annotation on classes and an update to the CountedAspect class to handle when @Counted is used on a class; removal of an unnecessary call to getConventionName() defined in the PrometheusMeterRegistry class; and allow for customizing a start log message in an implementation of the PushMeterRegistry abstract class. Further details on this release may be found in the release notes.
Similarly, versions 1.12.6 and 1.11.12 of Micrometer Metrics provide dependency upgrades and resolutions to bug fixes such as: a NullPointerException in the DefaultJmsProcessObservationConvention class; and the AnnotationHandler can’t see methods from the parent class. More details on these releases may be found in the release notes for version 1.12.6 and version 1.11.12.
The release of Micrometer Tracing 1.3.0 ships with bug fixes, dependency upgrades and new features such as: a new TestSpanReporter class for improved integration tests that include components declared as beans that generate traces; and an implementation of the setParent() and setNoParent() methods, declared in the Tracer interface, in the SimpleSpanBuilder class. Further details on this release may be found in the release notes.
Similarly, versions 1.2.6 and 1.1.13 of Micrometer Tracing provide dependency upgrades to Micrometer Metrics 1.12.6 and 1.11.12, respectively and a resolution to an instance of the ObservationAwareBaggageThreadLocalAccessor class losing scope in the wrong order due to the JUnit @ParameterizedTest annotation executing tests in parallel which interferes with the baggage scopes resulting in return results in wrong spans and traces. More details on these releases may be found in the release notes for version 1.2.6 and version 1.1.13
Project Reactor
The second milestone release of Project Reactor 2024.0.0 provides dependency upgrades to reactor-core 3.7.0-M2, reactor-pool 1.1.0-M2 and reactor-netty 1.2.0-M2. There was also a realignment to version 2024.0.0-M2 with the reactor-kafka 1.4.0-M1, reactor-addons 3.6.0-M1 and reactor-kotlin-extensions 1.3.0-M1 artifacts that remain unchanged. Further details on this release may be found in the changelog.
Next, Project Reactor 2023.0.6, the sixth maintenance release, provides dependency upgrades to reactor-core 3.6.6. There was also a realignment to version 2023.0.6 with the reactor-netty 1.1.19, reactor-kafka 1.3.23, reactor-pool 1.0.5, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.
Next, Project Reactor 2022.0.19, the nineteenth maintenance release, provides dependency upgrades to reactor-core 3.5.17 and reactor-netty 1.1.19. There was also a realignment to version 2022.0.19 with the reactor-kafka 1.3.23, reactor-pool 1.0.5, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.
And finally, the release of Project Reactor 2020.0.44, codenamed Europium-SR44, provides dependency upgrades to reactor-core 3.4.38 and reactor-netty 1.0.45. There was also a realignment to version 2020.0.44 with the reactor-kafka 1.3.23, reactor-pool 0.2.12, reactor-addons 3.4.10, reactor-kotlin-extensions 1.1.10 and reactor-rabbitmq 1.5.6 artifacts that remain unchanged. More details on this release may be found in the changelog.
Piranha Cloud
The release of Piranha 24.5.0 delivers notable changes such as: a new Tomcat10xExtension class to provide compatibility with Tomcat 10.0+; a new Glassfish7xExtension class to provide compatibility with GlassFish 7.0+; and removal of the SourceSpy project map. Further details on this release may be found in their documentation and issue tracker.
JobRunr
Version 7.1.2 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released providing a resolution to a BeanCreationException from within the validateTables() method defined in the DatabaseCreator class due to the table-prefix property not properly set. More details on this release may be found in the release notes.
Java Operator SDK
The release of Java Operator SDK 4.9.0 features dependency upgrades and removal of an invalid log message from the ReconciliationDispatcher class. Further details on this release may be found in the release notes.
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for May 6th, 2024 features news highlighting: the May edition of the Payara Platform; and new JEP candidates, namely: JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), JEP 480, Structured Concurrency (Third Preview), JEP 479, Remove the Windows 32-bit x86 Port, and JEP 478, Key Derivation API (Preview).
OpenJDK
JEP 467, Markdown Documentation Comments, has been promoted from Proposed to Target to Targeted for JDK 23. This feature proposes to enable JavaDoc documentation comments to be written in Markdown rather than a mix of HTML and JavaDoc @ tags. This will allow for documentation comments that are easier to write and easier to read in source form.
JEP 477, Implicitly Declared Classes and Instance Main Methods (Third Preview), has been promoted from its JEP Draft 8323335 to Candidate status. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the two previous rounds of preview, namely JEP 463, Implicit Classes and Instance Main Methods (Second Preview), to be delivered in the upcoming release of JDK 22, and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This JEP proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. The latest draft of the specification document by Gavin Bierman, Consulting Member of Technical Staff at Oracle, is open for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.
JEP 480, Structured Concurrency (Third Preview), has been promoted from its JEP Draft 8330818 to Candidate status. This JEP proposes a third preview, without change, in order to gain more feedback from the previous two rounds of preview, namely: JEP 462, Structured Concurrency (Second Preview), delivered in JDK 22; and JEP 453, Structured Concurrency (Preview), delivered in JDK 21. This feature simplifies concurrent programming by introducing structured concurrency to “treat groups of related tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability.”
JEP 479, Remove the Windows 32-bit x86 Port, has been promoted from its JEP Draft 8330623 to Candidate status. This JEP proposes to fully remove the Windows 32-bit x86 port following its deprecation as described in JEP 449, Deprecate the Windows 32-bit x86 Port for Removal, delivered in JDK 21. The goals are to: remove all code paths in the code base that apply only to Windows 32-bit; cease all testing and development efforts targeting the Windows 32-bit platform; and simplify OpenJDK’s build and test infrastructure, aligning with current computing standards.
JEP 478, Key Derivation API (Preview), has been promoted from its JEP Draft 8189808 to Candidate status. This JEP proposes to introduce an API for Key Derivation Functions (KDFs), cryptographic algorithms for deriving additional keys from a secret key and other data, with goals to: allow security providers to implement KDF algorithms in either Java or native code; and enable the use of KDFs in implementations of JEP 452, Key Encapsulation Mechanism.
JDK 23
Build 22 of the JDK 23 early-access builds was made available this past week featuring updates from Build 21 that include fixes for various issues. Further details on this release may be found in the release notes.
Spring Framework
It was a quiet week over at Spring, however the latest edition of A Bootiful Podcast, facilitated by Josh Long, Spring Developer Advocate at Broadcom, was published this past week featuring Spring Boot co-founders, Phil Webb, Software Engineer at Broadcom, and Dr. David Syer, Senior Staff Engineer at Broadcom, on the occasion of the 10th anniversary of the release of Spring Boot 1.0.
Payara
Payara has released their May 2024 edition of the Payara Platform that includes Community Edition 6.2024.5 and Enterprise Edition 6.13.0. Both editions feature component upgrades and resolutions to notable issues such as: not being able to delete system properties via the Admin Console; an HTTP/2 warning in the log file despite HTTP/2 having been disabled; and a JDK 21 compilation error stating the “The Security Manager is deprecated and will be removed in a future release.” More details on these releases may be found in the release notes for Community Edition 6.2024.5 and Enterprise Edition 6.14.0.
Open Liberty
IBM has released version 24.0.0.5-beta of Open Liberty featuring previews of updated Jakarta EE 11 specifications, namely: Jakarta Contexts and Dependency Injection 4.1; Jakarta Concurrency 3.1; Jakarta Data 1.0; Jakarta Expression Language 6.0; Jakarta Pages 4.0; and Jakarta Servlet 6.1. This release also includes support for using InstantOn with IBM MQ messaging.
Eclipse Foundation
The release of Eclipse Store 1.3.2 ships with bug fixes and improved Spring Framework integration featuring: the removal of the @Component annotation from the EclipseStoreConfigConverter class to prevent two beans from conflicting with each other; and the addition of configuration to disable the automatic creation of default instances of the StorageFoundation interface or Storage class. Further details on this release may be found in the release notes.
Apache Software Foundation
Versions 11.0.0-M20 and 9.0.89 of Apache Tomcat both provide bug fixes and notable changes such as: a refactor of handling trailer fields to use an instance of the MimeHeaders class to store trailer fields; improved parsing of HTTP headers to use common parsing code; a more robust parsing of patterns from the ExtendedAccessLogValve class; and additional time scale options to allow timescales to apply a “time-taken” token in the AccessLogValve and ExtendedAccessLogValve classes. More details on these releases may be found in the release notes for version 11.0.0-M20 and version 9.0.89.
Infinispan
The release of Infinispan 15.0.3.Final delivers notable changes such as: implementations of the ServerTask and ClusterExecutor interfaces should run user code in the blocking thread pool for improved control; lock Single-Instance File System directories to avoid shared usage among multiple caches mapped to the same directory; and a drop in support for OpenSSL due to the performance of the JDK implementation of TLS is now comparable with native. Further details on this release may be found in the release notes and more information on the recent release of Infinispan 15.0.0 may be found in this InfoQ news story.
JobRunr
Version 7.1.1 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released to deliver notable bug fixes and enhancements such as: a SevereJobRunrException thrown from the BackgroundJobServer class due to not being able to resolve an instance of the ConcurrentJobModificationException class; the DeleteDeletedJobsPermanentlyTask class does not use correct configuration resulting in jobs declared as DELETED are not permanently deleted after the configured time period; and an improvement in database migrations. More details on this release may be found in the release notes.
Testcontainers for Java
The release of Testcontainers for Java 1.19.8 ships with bug fixes, improvements in documentation, dependency upgrades and new features such as: a new getDatabaseName() method added to the ClickHouseContainer class to avoid an UnsupportedOperationException; eliminate the use of the non-monotonic currentTimeMillis() method in favor of the nanoTime() method defined in the Java System class as calculating a time lapse in the former may result in a negative number; and a new convenience method, getGrpcHostAddress(), added to the WeaviateContainer class to obtain the gRPC host. Further details on this release may be found in the release notes.
OpenXava
The release of OpenXava 7.3.1 provides bug fixes, improvements in documentation, dependency upgrades and notable new features such as: a new method, isJava21orBetter(), defined in the XSystem utility class to complement the corresponding methods to check for JDK 9 and JDK 17; and new automated tests for date, date/time and popup calendar related issues. More details on this release may be found in the release notes.
Java News Roundup: WildFly 32, JEPs Proposed to Target for JDK 23, Hibernate 6.5, JobRunr 7.1
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for April 22nd, 2024 features news highlighting: the release of WildFly 32; JEP 476, Module Import Declarations (Preview), JEP 474, ZGC: Generational Mode by Default, and JEP 467, Markdown Documentation Comments, proposed to target for JDK 23; Hibernate ORM 6.5; and JobRunr 7.1.
OpenJDK
One week after having been declared a candidate, JEP 476, Module Import Declarations (Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This preview feature proposes to enhance the Java programming language with the ability to succinctly import all of the packages exported by a module with a goal to simplify the reuse of modular libraries without requiring to import code to be in a module itself. The review is expected to conclude on May 1, 2024.
JEP 474, ZGC: Generational Mode by Default, has also been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes to use the Z Garbage Collector (ZGC) from non-generational to generational mode by default. The non-generational mode will be deprecated and removed in a future JDK release. This will ultimately reduce the cost of maintaining the two modes such that future development can primarily focus on JEP 439, Generational ZGC. The review is expected to conclude on April 30, 2024. InfoQ will follow up with a more detailed news story.
JEP 467, Markdown Documentation Comments, has been promoted from Candidate to Proposed to Target for JDK 23. This feature proposes to enable JavaDoc documentation comments to be written in Markdown rather than a mix of HTML and JavaDoc @ tags. This will allow for documentation comments that are easier to write and easier to read in source form. The review is expected to conclude on May 4, 2024. InfoQ will follow up with a more detailed news story.
JDK 23
Build 20 of the JDK 23 early-access builds was made available this past week featuring updates from Build 19 that include fixes for various issues. Further details on this release may be found in the release notes.
BellSoft
BellSoft has released versions 24.0.1 for JDK 22, 23.1.3 for JDK 21 and 23.0.4 for JDK 17 of their Liberica Native Image Kit builds as part of the Oracle Critical Patch Update for April 2024 to address several security and bug fixes. A total of 10 CVEs have been resolved. These include: CVE-2023-41993, a vulnerability in which processing web content may lead to arbitrary code execution; and CVE-2024-21085, a vulnerability in which an unauthenticated attacker, with network access via multiple protocols, can compromise Oracle Java SE and Oracle GraalVM Enterprise Edition resulting in the unauthorized ability to cause a partial denial of service.
Spring Framework
Versions 3.3.0-M1 3.2.4 and 3.1.11 of Spring Shell have been released featuring notable resolutions to issues such as: use of the GridView class with zero column/row sizes causing an item to be placed into the bottom-right when user expects it to be in the top-left; and a race condition and resulting ConcurrentModificationException, primarily seen on WindowsOS, from the TerminalUI class when updating the screen. These releases build on Spring Boot 3.3.0-RC1, 3.2.5 and 3.1.11, respectively. More details on this release may be found in the release notes for version 3.3.0-M1, version 3.2.4 and version 3.1.11.
WildFly
The release of WildFly 32 features the version 1.0 release of WildFly Glow, a set of command-line provisioning tools that analyzes deployments and identifies the set of Galleon feature-packs and Galleon layers that are required by applications. Along with bug fixes and dependency upgrades, other new features include: support for the Jakarta MVC 2.1 specification; support for an instance of the Java SSLContext class that can dynamically delegate to different SSL contexts based on the destination’s host and port; and the ability to create channels defining component versions used to provision WildFly using the WildFly Channel project that may be separately maintained from WildFly’s feature packs. Further details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.
Micronaut
The Micronaut Foundation has released version 4.4.1 of the Micronaut Framework featuring Micronaut Core 4.4.6, bug fixes, improvements in documentation, and updates to modules: Micronaut Views, Micronaut gRPC, Micronaut Test Resources and Micronaut Maven Plugin. More details on this release may be found in the release notes.
Open Liberty
IBM has released version 24.0.0.4 of Open Liberty featuring: support for JDK 22; and updates to eight (8) Open Liberty guides to use the MicroProfile Reactive Messaging 3.0, MicroProfile 6.1 and Jakarta EE 10 specifications. There were also security fixes for: CVE-2023-51775, a vulnerability in the Javascript Object Signing and Encryption for Java (jose4j component) before version 0.9.4 that allows an attacker to cause a denial of service via a large PBES2 value; and CVE-2024-27270, a cross-site scripting vulnerability in IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 that allows an attacker to embed arbitrary JavaScript code in a specially crafted URI.
Helidon
The release of Helidon 4.0.8 ships with notable changes such as: support for a span event listener with a new SpanListener interface for improved tracing callbacks; and the use of delegation instead of inheritance from the Java BufferedOutputStream class to ensure the use of virtual thread-friendly locks in the JDK code and avoids thread pinning due to synchronized blocks in the JDK. Further details on this release may be found in the changelog.
Hibernate
The release of Hibernate ORM 6.5.0.Final delivers new features such as: Java time objects marshaled directly through the JDBC driver as defined by JDBC 4.2 to replace the use of java.sql.Date, java.sql.Time or java.sql.Timestamp classes; a configurable query cache layout to minimize higher memory consumption from storing the full data in the cache; and support for Java records as a parameter in the Jakarta Persistence @IdClass annotation; and support for auto-enabled filters. This release also includes a technical preview of the Jakarta Data specification that will be included in the upcoming release of Jakarta EE 11.
Apache Software Foundation
The release of Apache Camel 4.4.2 provides bug fixes, dependency upgrades and improvements such as: the ability to set the error handler on the route level to complement the existing error handler on the global lever in the Camel YAML DSL component; and support for the restConfiguration property in the Camel XML IO DSL component. More details on this release may be found in the release notes.
Similarly, version 4.0.5 of Apache Camel has also been released with bug fixes, dependency upgrades and improvement such as: a resolution to the PubSubApiConsumer class failing to load the POJO enum, defined in PubSubDeserializeType, on some platforms in the Camel Salesforce component; and a more robust way to obtain the correlationID for brokers in the Camel JMS component. Further details on this release may be found in the release notes.
JobRunr
Version 7.1.0 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released to deliver bug fixes, dependency upgrades and new features such as: support for virtual threads when using GraalVM Native mode; and improved initialization of the BackgroundJobServer class in Spring with improved support for JSR 310, Date and Time API. More details on this release may be found in the release notes.
Details on the new features of JobRunr 7.0.0, released on April 9, 2024 may be found in this webinar hosted by Ron Dehuysser, creator of JobRunr.
JDKUpdater
Versions 14.0.39+69 of JDKUpdater, a new utility that provides developers the ability to keep track of updates related to builds of OpenJDK and GraalVM. Introduced in mid-March by Gerrit Grunwald, principal engineer at Azul, this new release includes: a resolution to an issue related to the latest download view closing problem; and the ability to open the latest version download view from notification. Further details on this release may be found in the release notes.
TornadoVM
TornadoVM has announced that SAPMachine, a downstream distribution of OpenJDK maintained by SAP, has been added to their TornadoVM Installer utility. This complements the existing downstream distributions, namely: Oracle OpenJDK, Amazon Corretto, GraalVM and Mandrel.
Gradle
The first release candidate of Gradle 8.8 delivers: full support for JDK 22; a preview feature to configure the Gradle daemon JVM using toolchains; improved IDE performance with large projects; and improvements to build authoring, error and warning messages, the build cache, and the configuration cache. More details on this release may be found in the release notes.
Java News Roundup: Jakarta Data and Jakarta NoSQL Milestones, Class-File API Targeted for JDK 23
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for March 25th, 2024 features news highlighting: JEP 466, Class-File API (Second Preview), targeted for JDK 23; milestone releases of Jakarta Data and Jakarta NoSQL specifications; the second release candidate for JobRunr 7.0.0; and point releases for Spring projects, Quarkus, Helidon and LangChain4j.
OpenJDK
After its review has concluded, JEP 466, Class-File API (Second Preview), has been promoted from Proposed to Target to Targeted for JDK 23. This JEP proposes a second round of preview to obtain feedback from the previous round of preview: JEP 457, Class-File API (Preview), delivered in JDK 22. This feature provides an API for parsing, generating, and transforming Java class files. This will initially serve as an internal replacement for ASM, the Java bytecode manipulation and analysis framework, in the JDK with plans to have it opened as a public API. Goetz has characterized ASM as “an old codebase with plenty of legacy baggage” and provided background information on how this draft will evolve and ultimately replace ASM.
JDK 23
Build 16 of the JDK 23 early-access builds was made available this past week featuring updates from Build 15 that include fixes for various issues. Further details on this release may be found in the release notes.
Jakarta EE
The fourth milestone release of the Jakarta Data 1.0.0 specification features notable changes such as: removal of the countBy() method from the BasicRepository interface as it was a magical method name query and considered awkward; replace Sort by Sort where appropriate to allow sorting by a member of a super entity; and a new method, elements(), added to the inner Cursor interface, defined in the PageRequest interface, that automatically packages elements as an unmodifiable list. More details on this release may be found in the changelog.
Similarly, the first milestone release of Jakarta NoSQL 1.0.0 specification features notable changes such as: removal of the Document, Key-Value and Column Family APIs as they are now maintained in Jakarta Data; and the addition of new annotations, @MappedSuperclass, @Embeddable, @Inheritance, @DiscriminatorColumn and @DiscriminatorValue for improved support of NoSQL databases. More details on this release may be found in the changelog.
Spring Framework
Spring Cloud 2023.0.1, codenamed Leyton, has been released featuring bug fixes and notable updates to sub-projects: Spring Cloud Kubernetes 3.1.1; Spring Cloud Function 4.1.1; Spring Cloud OpenFeign 4.1.1; Spring Cloud Stream 4.1.1; and Spring Cloud Gateway 4.1.2. This release is based on Spring Boot 3.2.4. More details on this release may be found in the release notes.
The release of Spring for GraphQL 1.2.6 delivers bug fixes, improvements in documentation, dependency upgrades and new features: recommended use of the PERSISTED_QUERY_MARKER field defined in the GraphQL PersistedQuerySupport class to avoid a GraphQL AssertException due to persisted queries that don’t contain standard queries; use either first or after arguments to determine forward pagination in conjunction with the last and before arguments to determine backward pagination. This version will be shipped with the upcoming releases of Spring Boot 3.1.11 and 3.2.5. More details on this release may be found in the release notes.
Quarkus
The release of Quarkus 3.9.1 provides notable changes such as: the new naming strategy for Quarkus reactive extensions; support for OIDC Client JWT Bearer authentication; and an initial release of the new declarative Quarkus WebSockets extension. More details on this release may be found in the changelog.
Helidon
The release of Helidon 3.2.7 features notable changes such as: a replacement of the deprecated the overloaded from() methods, defined in the Multi interface, with corresponding create() methods; and a replacement of the deprecated readTransaction() and writeTransaction() methods, defined in the Neo4j Session interface, with the executeRead() and executeWrite() methods, respectively, in the Neo4jHealthCheck class. More details on this release may be found in the changelog.
Similarly, the of release of Helidon 2.6.7 ships with notable changes such as: a refresh of the MicroProfile Fault Tolerance static method cache upon CDI shutdown; support for disabling security providers through configuration; and a resolution to a NullPointerException from a disable feature in the OidcSupport class. More details on this release may be found in the changelog.
Open Liberty
IBM has released version 24.0.0.3 of Open Liberty featuring: enabling of default verbose garbage collection on IBM Java and IBM Semeru Runtimes; support for back-channel logout on OpenID Connect clients and servers; and a resolution to CVE-2023-50312, a vulnerability in IBM WebSphere Application Server Liberty versions 17.0.0.3 through 24.0.0.2 that could provide weaker-than-expected security for outbound TLS connections caused by a failure to honor user configuration.
Apache Software Foundation
Versions 10.1.20 and 8.5.100 of Apache Tomcat ship with notable changes such as: ensure that the URI, query string and protocol are not corrupted when restoring a saved POST request body after a successful FORM authentication; and align error handling for the Writer and OutputStream classes to ensure the use of either class once the response has been recycled triggers a NullPointerException provided that discardFacades is configured with the default value of true. For the milestone release, the team decided to reduce the minimal Java version to JDK 17. More details on these releases may be found in the release notes for version 10.1.20 and version 8.5.100.
The release of Apache Camel 4.5.0 provides bug fixes, dependency upgrades and new features such as: the creation of new Camel Milvus, Camel Qdrant and Camel AWS Bedrock components to support the Milvus and Qdrant vector databases and AWS Bedrock, respectively; and improved support for the bind command in Camel JBang with the ability to set properties and enhanced error handling. More details on this release may be found in the release notes.
Eclipse Foundation
Versions 4.5.7 and 4.4.9 of Eclipse Vert.x 4.5.7 both deliver notable changes such as: a resolution to CVE-2024-29025, a vulnerability in Netty versions before 4.1.108.Final by which an attacker can send a chunked post consisting of many small fields that will be accumulated, with no limits, in the bodyListHttpData list; and a resolution to Vert.x building its virtual thread factory at runtime with the correct reflection calls. More details on these releases may be found in the release notes for version 4.5.7 and version 4.4.9.
The release of Eclipse JKube 1.16.2 provides notable fixes such as: the addition of a JKubeBuildStrategy field in the WatcherContext class to throw an exception if using a Kubernetes Watch (k8s:watch/k8sWatch) in a buildpacks build strategy; the OpenShift Maven plugin generates a YAML file with a route target port that doesn’t correctly map to the target port causing a Kubernetes pod that is not accessible through the route if the service port is different than the target port. More details on this release may be found in the release notes.
TornadoVM
TornadoVM 1.0.3, the third maintenance release, delivers bug fixes and improvements such as: support for multiple Java threads running different instances of the TornadoVM execution plans; new API extensions to query and apply filters to backends and devices from the TornadoExecutionPlan class; and support for the TornadoNativeArray class data types to obtain memory segments without the header offset. More details on this release may be found in the release notes.
JobRunr
The second release candidate of JobRunr 7.0.0, a library for background processing in Java that is distributed and backed by persistent storage, features bug fixes, enhancements and new features: the ability to configure a shutdown period of BackgroundJobServer class; access to labels via JobContext class; and use of the Spring Data Redis LettuceConnectionFactory class to obtain an instance of the Lettuce RedisClient class. More details on this release, including information about the version 7.0.0 GA release on April 9, 2024, may be found in the release notes.
LangChain4j
Versions 0.29.1 and 0.29.0 of LangChain4j have been released providing notable features such as: advanced retrieval augmented generation (RAG) with Azure AI Search; support for function calling Mistral AI; and a new module to support AWS Anthropic Claude on Bedrock. More details on these releases may be found in the release notes for version 0.29.1 and version 0.29.0.
Java Operator SDK
The release of Java Operator SDK 4.8.2 features: a resolution to pruning issues of fields being delivered from the server by ignoring server-managed fields for server-side apply (SSA) matching; and improved integration tests by increasing the timeout from 20 to 40 minutes. More details on this release may be found in the release notes.
MicroStream
The release of MicroStream 8.1.2 provides code cleaning and adjustment for direct byte buffers in order to avoid possible VM crashes due to a removed check in G1GC in JDK 21.0.2. More details on this release may be found in the release notes.
Java News Roundup: New JEP Drafts, Infinispan 15, Payara Platform, Alpaquita Containers with CRaC
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for March 11th, 2024 features news highlighting: new JEP drafts, Stream Gatherers (Second Preview) and Hot Code Heap; Infinispan 15; the March 2024 edition of Payara Platform; Alpaquita Containers with CRaC; the first release candidate of JobRunr 7.0; and milestone and point releases for Spring projects, Quarkus, Helidon and Micronaut.
OpenJDK
Viktor Klang, Software Architect, Java Platform Group at Oracle, has introduced JEP Draft 8327844, Stream Gatherers (Second Preview), that proposes a second round of preview from the previous round, namely JEP 461, Stream Gatherers (Preview), to be delivered in the upcoming release of JDK 22. This will allow additional time for feedback and more experience with this feature with no user-facing changes over JEP 461. This feature was designed to enhance the Stream API to support custom intermediate operations that will “allow stream pipelines to transform data in ways that are not easily achievable with the existing built-in intermediate operations.” More details on this JEP may be found in the original design document and this InfoQ news story.
Dmitry Chuyko, Performance Architect at BellSoft, has introduced JEP Draft 8328186, Hot Code Heap, that proposes to “extend the segmented code cache with a new optional ‘hot’ code heap to compactly accommodate a part of non-profiled methods, and to extend the compiler control mechanism to mark certain methods as ‘hot’ so that they compile into the hot code heap.”
JDK 23
Build 14 of the JDK 23 early-access builds was made available this past week featuring updates from Build 13 that include fixes for various issues. More details on this release may be found in the release notes.
JDK 22
Build 36 remains the current build in the JDK 22 early-access builds. Further details on this build may be found in the release notes.
For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.
BellSoft
BellSoft has released their Alpaquita Containers product, which includes Alpaquita Linux and Liberica JDK, with support for Coordinated Restore at Checkpoint (CRaC). Performance measurements reveal a 164x faster startup and 1.1x smaller images. InfoQ will follow up with a more detailed news story.
Spring Framework
Versions 6.1.5, 6.0.18 and 5.3.33 of Spring Framework have been released to primarily address CVE-2024-22259, Spring Framework URL Parsing with Host Validation (2nd report), a vulnerability in which applications that use the UriComponentsBuilder class to parse an externally provided URL and perform validation checks on the host of the parsed URL, may be vulnerable to an open redirect attack or a server-side-request forgery attack if the URL is used after passing validation checks. New features include: allow the UriTemplate class to be built with an empty template; and a refinement of the getContentLength() method defined in classes that implement the HttpMessageConverter interface to return value null safety. These versions will be shipped with the upcoming releases of Spring Boot 3.2.4 and Spring Boot 3.1.10, respectively. More details on these releases may be found in the release notes for version 6.1.5, version 6.0.18 and version 5.3.33.
The second milestone release of Spring Data 2024.0.0 provides new features: predicate-based QueryEngine for Spring Data Key-Value; and a transaction option derivation for MongoDB based on @Transactional annotation labels. There were also upgrades to sub-projects such as: Spring Data Commons 3.3.0-M2; Spring Data MongoDB 4.3.0-M2; Spring Data Elasticsearch 5.3.0-M2; and Spring Data Neo4j 7.3.0-M2. More details on this release may be found in the release notes.
Similarly, versions 2023.1.4 and 2023.0.10 of Spring Data have been released providing bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.2.4 and 3.1.10; Spring Data MongoDB 4.2.4 and 4.1.10; Spring Data Elasticsearch 5.2.4 and 5.1.10; and Spring Data Neo4j 7.2.4 and 7.1.10. These versions may also be consumed by the upcoming releases of Spring Boot 3.2.4 and 3.1.10, respectively.
The release of Spring AI 0.8.1 delivers new features such as support for: the Google Gemini AI model; VertexAI Gemini Chat; Gemini Function Calling; and native compilation of Gemini applications. More details on this release may be found in the list of issues.
Payara
Payara has released their March 2024 edition of the Payara Platform that includes Community Edition 6.2024.3 and Enterprise Edition 6.12.0. Both editions feature notable changes such as: more control in system package selection with Apache Felix that streamlines configuration and reduces potential conflicts; a resolution for generated temporary files in the /tmp folder upon deployment that weren’t getting deleted; and improved reliability to set the correct status when restarting a server instance from the Admin UI. More details on these releases may be found in the release notes for Community Edition 6.2024.3 and Enterprise Edition 6.12.0.
Micronaut
The Micronaut Foundation has released version 4.3.6 of the Micronaut Framework featuring Micronaut Core 4.3.11, bug fixes, improvements in documentation, and updates to modules: Micronaut Serialization, Micronaut Azure, Micronaut RxJava 3 and Micronaut Validation. Further details on this release may be found in the release notes.
Quarkus
Quarkus 3.2.11.Final, a maintenance LTS release, ships with dependency upgrades and security fixes to address:
- CVE-2024-25710, a denial of service caused by an infinite loop for a corrupted DUMP file.
- CVE-2024-1597, a PostgreSQL JDBC Driver vulnerability that allows an attacker to inject SQL if using
PreferQueryMode=SIMPLE. - CVE-2024-1023, a memory leak due to the use of Netty
FastThreadLocaldata structures in Vert.x. - CVE-2024-1300, a memory leak when a TCP server is configured with TLS and SNI support.
- CVE-2024-1726 security checks for some inherited endpoints performed after serialization in RESTEasy Reactive may trigger a denial of service
More details on this release may be found in the changelog.
Helidon
The release of Helidon 4.0.6 provides notable changes such as: support for injecting instances of the UniversalConnectionPool interface; a deprecation of the await(long, TimeUnit) method defined in the Awaitable interface in favor of await(Duration); and enhance the Status class with additional standard HTTP status codes, namely: 203, Non-Authoritative Information; 207, Multi-Status; 507, Insufficient Storage; 508, Loop Detected; 510, Not Extended; and 511, Network Authentication Required. More details on this release may be found in the changelog.
Infinispan
Red Hat has released version 15.0.0 of Infinispan that delivers new features such as: a JDK 17 baseline; support for Jakarta EE; a connector to the Redis Serialization Protocol; support for distributed vector indexes and KNN queries; and improved tracing subsystem. More details on this release may be found in the release notes and InfoQ will follow up with a more detailed news story.
Micrometer
Version 1.13.0-M2 of Micrometer Metrics 1.13.0 delivers bug fixes, dependency upgrades and new features such as: align the JettyClientMetrics class with Jetty 12; support for Prometheus 1.x; and support for the @Counted annotation on classes with an update on the CountedAspect class to handle when @Counted annotates a class. More details on this release may be found in the release notes.
Similarly, versions 1.12.4 and 1.11.10 of Micrometer Metrics ship with bug fixes, dependency upgrades and a new feature in which the INSTANCE field, defined in the DefaultHttpClientObservationConvention class, was declared as final as being non-final seemed to be accidental. More details on these releases may be found in the release notes for version 1.12.4 and version 1.11.10.
Versions 1.3.0-M2, 1.2.4 and 1.1.11 of Micrometer Tracing provides bug fixes, dependency upgrades to Micrometer Metrics 1.13.0-M2, 1.12.4 and 1.11.10, respectively and a completed task that excludes the benchmarks module from the BOM because they are not published. More details on these releases may be found in the version 1.3.0-M2, version 1.2.4 and version 1.1.11.
Project Reactor
Project Reactor 2023.0.4, the fourth maintenance release, provides dependency upgrades to reactor-core 3.6.4 and reactor-netty 1.1.17. There was also a realignment to version 2023.0.4 with the reactor-kafka 1.3.23, reactor-pool 1.0.5, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.
Next, Project Reactor 2022.0.17, the seventeenth maintenance release, provides dependency upgrades to reactor-core 3.5.15 and reactor-netty 1.1.17. There was also a realignment to version 2022.0.17 with the reactor-kafka 1.3.23, reactor-pool 1.0.5, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.
And finally, the release of Project Reactor 2020.0.42, codenamed Europium-SR42, provides dependency upgrades to reactor-core 3.4.36 and reactor-netty 1.0.43 and. There was also a realignment to version 2020.0.42 with the reactor-kafka 1.3.23, reactor-pool 0.2.12, reactor-addons 3.4.10, reactor-kotlin-extensions 1.1.10 and reactor-rabbitmq 1.5.6 artifacts that remain unchanged. More details on this release may be found in the changelog.
Apache Software Foundation
Versions 5.0.0-alpha-7 and 4.0.20 of Apache Groovy feature bug fixes, dependency upgrades and an improvement to the getMessage() method defined in the MissingMethodException class to eliminate truncating the error message at 60 characters. More details on these releases may be found in the release notes for version 5.0.0-alpha-7 and version 4.0.20.
The release of Apache Camel 4.4.1 provides bug fixes, dependency upgrades and notable improvements such as: support for the ${} expressions with dependencies in Camel JBang; and port validation in Camel GRPC should check if a port was specified. More details on this release may be found in the release notes.
Eclipse Foundation
Version 4.5.5 of Eclipse Vert.x has been released delivering notable changes such as: a deprecation of the toJson() method defined in the Buffer interface in favor of toJsonValue(); a resolution to an OutOfMemoryException after an update to the Certificate Revocation List; and a new requirement that an implementation of the CompositeFuture interface must unregister itself against its component upon completion. More details on this release may be found in the release notes and list of deprecations and breaking changes.
The release of Eclipse Mojarra 4.0.6, the compatible implementation to the Jakarta Faces specification, ships with notable changes such as: ensure that the getViews() method defined in the ViewHandler class also returns programmatic facelets; and removal of the SKIP_ITERATION enumeration as it was superseded by the VisitHint enumeration. More details on this release may be found in the release notes.
Piranha
The release of Piranha 24.2.0 delivers notable changes to the Piranha CLI such as: the ability to generate a macOS GraalVM binary; and the addition of a version and coreprofile sub-commands. Further details on this release may be found in their documentation and issue tracker.
JobRunr
The first release candidate of JobRunr 7.0.0, a library for background processing in Java that is distributed and backed by persistent storage, features bug fixes, enhancements and new features: built-in support for virtual threads that are enabled by default when using JDK 21; and the InMemoryStorageProvider class now allows for a poll interval as small as 200ms that is useful for testing. Breaking changes include: the delete(String id) method in the JobScheduler class has been renamed to deleteRecurringJob(String id); and updates to the StorageProvider interface and the Page and PageRequest classes that include new features. More details on this release may be found in the release notes.
JBang
Version 0.115.0 of JBang delivers bug fixes and new features such as: arguments passed to an alias are now appended (instead of being replaced) to any arguments that are already defined in the alias; and support for specifying system properties when using the jbang app install command. More details on this release may be found in the release notes.
LangChain4j
Version 0.28.0 of LangChain for Java (LangChain4j) provides many bug fixes, new integrations with Anthropic and Zhipu AI, and notable updates such as: a new Filter API to support embedded stores like Milvus and Pinecone; the ability to load recursively and with glob/regex filtering with the FileSystemDocumentLoader class; and an implementation of the missing parameters in the rest of the Azure OpenAI APIs with a clean up of the existing responseFormat parameter so that all parameters are in the consistently in the same order. Further details on this release may be found in the release notes.
Java Operator SDK
The release of Java Operator SDK 4.8.1 features dependency upgrades and notable improvements such as: explicit use of the fixed thread pool; add logging for tracing issues with events; and changes to the primary to secondary index edge case for the dynamic mapper in the DefaultPrimaryToSecondaryIndex class. More details on this release may be found in the release notes.
Gradle
The third release candidate of Gradle 8.7 provides continuous improvement in: support for Java 22 for compiling, testing, and running JVM-based projects; build cache improvements for Groovy DSL script compilation; and improvements to lazy configuration, error and warning messages, the configuration cache, and the Kotlin DSL. More details on this release may be found in the release notes.
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for February 5th, 2024 features news highlighting: the first release candidate of JDK 22, JBoss Enterprise Application Platform 8.0, IBM Semeru Runtimes first quarter 2024 updates, LangChain4j 0.27.0, and multiple point releases for Micronaut, Helidon and Eclipse Vert.x.
JDK 23
Build 9 of the JDK 23 early-access builds was made available this past week featuring updates from Build 8 that include fixes for various issues. More details on this release may be found in the release notes.
JDK 22
Build 35 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 34 that include fixes to various issues. Further details on this build may be found in the release notes.
As per the JDK 22 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, formally declared that JDK 21 has entered its first release candidate as there are no unresolved P1 bugs in Build 35. The anticipated GA release is scheduled for March 19, 2024.
The final set of 12 features for the GA release in March 2024 will include:
For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE 11
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE developer advocate at the Eclipse Foundation, has provided an update on the road to Jakarta EE 11 with a more formal milestone release plan that follows up on the recent release of Jakarta EE 11-M1. Developers can expect milestones 2, 3 and 4 to be released in March, April and May 2024, respectively. As Grimstad stated: “It is the first time we are using Milestones for a Jakarta EE release. Hopefully, it will turn out to be a good idea that will help us complete the release as planned in June/July this year [2024].”
Eclipse GlassFish
The second milestone release of GlassFish 8.0.0 delivers notable changes such as: removal of CDI tests using the @ManagedBean annotation due to the Jakarta Managed Beans specification having been removed from the Jakarta EE Platform; a resolution to the startserv script that incorrectly reported a bash syntax error; and a resolution to the ConcurrentModificationException in the context map propagator. More details on this release may be found in the release notes.
Spring Framework
The release of Spring Tools 4.21.1 features bug fixes, early access builds for Eclipse 2024-03 milestone, and improvements: availability of viewing and editing of log levels in VSCode for live running Spring Boot apps, if enabled on the the application via Spring Boot Actuators; and the ability to show “Refactor Preview” in VSCode before applying the changes from OpenRewrite recipes. Further details on this release may be found in the release notes.
JBoss Enterprise Application Platform
Red Hat has released version 8.0 of the JBoss Enterprise Application Platform extends Java support in the cloud with security enhancements, improved cloud workflow tools, and compatibility with Jakarta EE 10, contributing to streamlined application modernization for customers and continued support for enterprise Java application development. InfoQ will follow up with a more detailed news story.
Micronaut
The Micronaut Foundation has released version 4.3.0 of the Micronaut Framework featuring Micronaut Core 4.3.4, bug fixes, dependency upgrades and updates to modules such as: Micronaut GCP, Micronaut Liquibase, Micronaut Data and Micronaut Validation. New modules, Micronaut Chatbots and Micronaut EclipseStore, were also introduced in this version. More details on this release may be found in the release notes.
Similarly, the follow up release of Micronaut Framework 4.3.1 features Micronaut Core 4.3.5, bug fixes, dependency upgrades and updates to modules: Micronaut Security, Micronaut Data, and Micronaut Logging. Further details on this release may be found in the release notes.
IBM Semeru Runtimes
IBM has released version 9.0 of Universal Base Image (UBI) minimal Liberty container images, a stripped down image which allows for the production of smaller application images, with support for Semeru Runtimes Java 21 JRE. The UBI 9 minimal images are available starting with the release of Open Liberty 24.0.0.1.
IBM has also released the 1Q2024 quarterly update of the Semeru Runtime, Open Edition versions 21.0.2, 17.0.10, 11.0.22 and 8.0.402 based on Eclipse OpenJ9 0.43 and OpenJDK jdk-21.0.2+13, jdk-17.0.10+7, jdk-11.0.22+7 and jdk8u402-b06, respectively. This release contains the latest CPU and security fixes from the Oracle Critical Patch Update for January 2024.
Quarkus
Red Hat has released version 3.7.2 of Quarkus with notable changes such as: a resolution to SSL requests hang when an endpoint returns a CompletableFuture; always execute the OpenIDConnectSecurityFilter class at runtime to ensure that the OpenAPI document will use the runtime value of the quarkus.oidc.auth-server-url property; and a new CheckCrossReferences class to check the cross references of canonical IDs. More details on this release may be found in the changelog.
Helidon
The release of Helidon 4.0.5 delivers notable resolutions to issues such as: tests defined in the KafkaSeTest class failing on Windows OS; a NullPointerException from a user test by adding a null check for the resource path in the HelidonTelemetryContainerFilter class; and problems handling character encodings in URIs. Further details on this release may be found in the changelog.
Similarly, Helidon 3.2.6 has been released providing dependency upgrades and notable changes such as: manually count the number of offered tasks instead of relying solely on the inaccurate value returned by the getActiveCount() method defined in the ThreadPool class; and a resolution to the currentSpan() method defined in the TracerProviderHelper class throwing a NullPointerException in situations where an implementation of the TracerProvider class is null. More details on this release may be found in the changelog.
Hibernate
The release of Hibernate ORM 6.4.4.Final ships with dependency upgrades and resolutions to issues such as: a NullPointerException upon using the default instance of the BytecodeProvider interface after upgrading WildFly to Hibernate 6.4.3; a memory leak using the BasicTypeRegistry class; and an IllegalStateException due to an unsupported combination of tuples in queries. Further details on this release may be found in the list of issues.
Eclipse Vert.x
Versions 4.5.3 and 4.4.8 of Eclipse Vert.x both ship with notable resolutions to issues such as: CVE-2024-1300, a vulnerability that allows an attacker to send Transport Layer Security (TLS) client “hello” messages with fake server names, triggering a JVM out-of-memory error due to a memory leak in TCP servers configured with support for TLS and Server Name Indication (SNI); a NullPointerException in the decodeError() method defined in the PgDecoder class; and temporary files generated by the WebClient interface not being removed. More details on these releases may be found in the release notes for version 4.5.3 and version 4.4.8.
Eclipse JKube
The release of Eclipse JKube 1.16.0 provides notable changes such as: support for the Spring Boot application properties placeholders generated from the configuration; a new JKubeArchiveDecompressor class with initial support for .tgz and .zip files; and support for parsing Docker image names with IPv6 address literals. Further details on this release may be found in the release notes.
Infinispan
The release of Infinispan 14.0.24 provides many dependency upgrades and improvements: prevent leaks from an implementation of the Java MBeanServer interface from within the HotRodClient class; and enable the Insights Java Client by default. More details on this release may be found in the release notes.
LangChain for Java
Version 0.27.0 of LangChain for Java (LangChain4j) provides many bug fixes, new integrations with Infinispan and MongoDB, and notable updates such as: improved support for AstraDB and Cassandra; a fallback strategy for the LanguageModelQueryRouter class; and an enhance to the ServiceOutputParser class that allows the outputFormatInstructions() method to document nested objects in the jsonStructure() method. Further details on this release may be found in the release notes.
JHipster
Version 1.4.0 of JHipster Lite have been released to deliver bug fixes, dependency upgrades and new features/enhancements such as: a new module to auto-enable Spring local profile for development; support for programmatically declare dependencies in a Maven profile; and a rename of getJavaVersion() method to javaVersion() to align with the JHipster Lite convention of not using the get prefix. More details on this release may be found in the release notes.
Testcontainers for Java
The release of Testcontainers for Java 1.19.5 ships with a downgrade of Apache Commons Compress from version 1.25.0 to version 1.24.0 to avoid classpath conflicts due to a recent change in Commons Compress 1.25.0. Further details on this release may be found in the release notes.
Java Operator SDK
The release of Java Operator SDK 4.8.0 features notable changes such as: improved logging of conflicting exceptions; the ability for multiple controllers reconciling same resource type, but with different labels; and a resolution to multiple dependents of same type exceptions. More details on this release may be found in the release notes.
Multik
Version 0.2.3 of Multik, the multidimensional array library for Kotlin, has been migrated to Kotlin 1.9.22. New features include: use of pinned arrays to optimize the sin, cos, log, exp functions in Kotlin/Native; implementation of complex numbers in Kotlin/Native using the Vector128 class; and enhanced performance on Windows OS and Apple Silicon processors. Further details on this release may be found in the release notes.
Gradle
Gradle 7.6.4, the fourth maintenance release, features: an upgrade to Apache Ant 1.10.14 to address CVE-2020-11979, a vulnerability in which an attacker can inject modified source files into a build process due to the fixcrlf task deleting temporary files and creating new ones without the permissions assigned to the current user; an upgrade to Google Guava 32.1.1 to address CVE-2023-2976, a vulnerability in the FileBackedOutputStream class that allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files created by the class; and an upgrade to Apache Ivy 2.5.2 to address CVE-2022-46751, a vulnerability in Apache Ivy in which an attacker can exfiltrate data, access resources only the machine running Ivy, or disturb the execution of Ivy in different ways due to improper restriction of XML External Entity Reference. More details on this release may be found in the release notes.
Java News Roundup: WildFly 31, Eclipse Store 1.1, Liberica NIK, Quarkus, JHipster Lite
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for January 22nd, 2024 features news highlighting: WildFly 31.0.0, Eclipse Store 1.1.0, BellSoft Liberica Native Image Kit, multiple Quarkus and JHipster Lite releases and Jakarta EE 11 updates.
OpenJDK
After its review had concluded JEP 455, Primitive Types in Patterns, instanceof, and switch (Preview), has been promoted from Proposed to Target to Targeted for JDK 23. This JEP, under the auspices of Project Amber, proposes to enhance pattern matching by allowing primitive type patterns in all pattern contexts, and extend instanceof and switch to work with all primitive types. Aggelos Biboudis, Principal Member of Technical Staff at Oracle, has recently published an updated draft specification for this feature.
JDK 23
Build 7 of the JDK 23 early-access builds was made available this past week featuring updates from Build 6 that include fixes for various issues. More details on this release may be found in the release notes.
JDK 22
Build 33 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 32 that include fixes to various issues. Further details on this build may be found in the release notes.
For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE 11
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has provided an update on the progress of Jakarta EE 11 and beyond. As per the Jakarta EE Specification Process, the Jakarta EE Specification Committee will conduct a progress review of the planned Jakarta EE 11 release and vote on a ballot to approve. If the ballot does not pass, the release date of Jakarta EE 11 could be delayed.
Also, the Jakarta EE Working Group has been thinking beyond Jakarta EE 11 and discussing some ideas for new specifications, such as Jakarta AI. The group has created this Google Doc for the Java community to review and provide input/feedback.
Spring Framework
The Spring Framework team has disclosed that versions 6.1.3 and 6.0.16, released on January 11, 2024, addressed CVE-2024-22233, Spring Framework Server Web DoS Vulnerability, that allows an attacker to provide a specially crafted HTTP request that may cause a denial-of-service condition if the application uses Spring MVC and Spring Security 6.1.6+ or 6.2.1+ is on the classpath.
Version 3.2.1 and 3.1.8 of Spring Shell have been released deliver notable changes: a resolution for the command alias not working on the type level when the subcommand is empty; a split of the JLine dependencies due to issues with native image and to avoid importing classes that may not be needed in an application; and a resolution to the shell cursor not being restored in the terminal multiplexer (tmux) if the shell is hiding the cursor. Both versions build upon Spring Boot 3.2.2 and 3.1.8, respectively. More details on these releases may be found in the release notes for version 3.2.1 and version 3.1.8.
The release of Spring Cloud Commons 4.1.1 has been released featuring a bug fix in which implementations of the Spring Framework BeanPostProcessor interface were not registered correctly when the @LoadBalanced annotation bean was instantiated during auto-configuration. Further details on this release may be found in the release notes.
BellSoft
BellSoft has released versions 23.1.2 for JDK 21 and 23.0.3 for JDK 17 of their Liberica Native Image Kit builds as part of the Oracle Critical Patch Update for January 2024 to address several security and bug fixes. Other notable improvements include: support for AWT and JavaFX fullscreen mode; intrinsified memory copying routines on AMD64 platforms and, where available, they now use AVX instructions for better performance; and SubstrateVM monitor enter/exit routines for accelerated startup of native images.
WildFly
Red Hat has released version 31 of WildFly with application server features such as: support for MicroProfile 6.1, Hibernate ORM 6.4.2, Hibernate Search 7.0.0 and Jakarta MVC 2.1; and the ability to exchange messages from the MicroProfile Reactive Messaging 3.0 specification with Advances Messaging Queuing Protocol (AMQP) 1.0. This release also introduces WildFly Glow, a command line and a set of tools to “provision a trimmed WildFly server instance that contains the server features that are required by an application.” InfoQ will follow up with a more detailed news story.
Quarkus
Red Hat has also released version 3.6.7 of Quarkus with notable changes such as: ensure that the refreshed CSRF cookie retains its original value based on the presence of the token header; dependency management for the Hibernate JPA 2 Metamodel Generator; and a resolution to entity manager issues with Spring Data JPA when using multiple persistence units. More details on this release may be found in the changelog.
Quarkus 3.2.10.Final, the tenth maintenance release in the 3.2 LTS release train, primarily delivers resolutions to CVEs such as: CVE-2023-5675, an authorization flaw with endpoints used in Quarkus RestEasy Reactive and Classic applications customized by Quarkus extensions using the annotation processor; and CVE-2023-6267, an annotation-based security flaw in which the JSON body that a resource may consume is being processed, i.e., deserialized, prior to the security constraints being evaluated and applied. Further details on this release may be found in the changelog.
Helidon
The release of Helidon 4.0.4 delivers notable changes such as: a resolution to the currentSpan() method defined in the TracerProviderHelper class throwing a NullPointerException in situations where an implementation of the TracerProvider class is null; a cleanup and simplification of the logic to determine which type of IP addresses, v4 or v6, to consider during name resolution in WebClient configuration; and security propagation is now disabled when not properly configured. More details on this release may be found in the changelog.
Micronaut
The Micronaut Foundation has released version 4.2.4 of the Micronaut Framework featuring Micronaut Core 4.2.4, bug fixes, dependency upgrades and updates to modules: Micronaut AWS, Micronaut Flyway, Micronaut JAX-RS, Micronaut JMS, Micronaut MicroStream, Micronaut MQTT and Micronaut Servlet. Further details on this release may be found in the release notes.
Hibernate
The release of Hibernate Reactive 2.2.2.Final ships with: a dependency upgrade to Hibernate ORM 6.4.2.Final; removal of unused code that caused a ClassCastException in Quarkus at start up; and new annotations, @EnableFor and @DisabledFor, to enable and disable, respectively, tests for database types. More details on this release may be found in the release notes.
The second alpha release of Hibernate Search 7.1.0 provides: compatibility with Hibernate ORM 6.4.2.Final, Lucene 9.9.1 and Elasticsearch 8.12; an integration of the Elasticsearch/OpenSearch vector search capabilities; and the ability to look up the capabilities of each field when inspecting the metamodel. Further details on this release may be found in the release notes.
Eclipse Store
The release of Eclipse Store 1.1.0 delivers new features such as: monitoring support using the Java Management Extensions (JMX) framework; integration with Spring Boot 3.x; and an implementation of JSR 107, Java Temporary Caching API (JCache). More details on this release may be found in the release notes.
Infinispan
Versions 15.0.0.Dev07 and 14.0.22.Final of Infinispan ship with dependency upgrades and resolutions to notable bug fixes such as: a flaky test failure from the testExpirationCompactionOnLogFile() method defined in the SoftIndexFileStoreFileStatsTest class; an IllegalArgumentException from within the getMembersPhysicalAddresses() method defined in the JGroupsTransport class; and a NullPointerException due to a failover of the Hot Rod Client hanging. Further details on these releases may be found in the release notes for version 15.0.0.Dev07 and version 14.0.22.
JHipster
Versions 1.3.0, 1.2.1 and 1.2.0 of JHipster Lite have been released to deliver bug fixes, dependency upgrades and new features/enhancements such as: use of the LinkedHashSet class instead of the HashSet class for improved reproducible generated code; use of Signals and Control Flow, new features of Angular 17; and support for Protocol Buffers. More details on these releases may be found in the release notes for version 1.3.0, version 1.2.1 and version 1.2.0.
Testcontainers for Java
The release of Testcontainers for Java 1.19.4 ships with bug fixes, improvements in documentation and new features such as: an enhancement in the exec command that supports setting a work directory and environmental variables; support for MySQL 8.3; and an increase of the default startup time for Selenium to 60 seconds. Further details on this release may be found in the release notes.
Gradle
The third release candidate of Gradle 8.6 provides continuous improvement in: support for custom encryption keys in the configuration cache via the GRADLE_ENCRYPTION_KEY environment variable; improvements in error and warning reporting; improvements in the Build Init Plugin to support various types of projects; and enhanced build authoring for plugin authors and build engineers to develop custom build logic. More details on this release may be found in the release notes.
Java News Roundup: JDK 22 in Rampdown Phase Two, JEPs for JDK 23, Jakarta EE 11, GraalVM
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for January 15th, 2024 features news highlighting: JEP 455 Proposed to Target for JDK 23, JDK 22 in Rampdown Phase Two, an updated Jakarta EE 11 release plan, GraalVM, and Oracle’s Critical Patch Update for January 2024.
OpenJDK
JEP 455, Primitive Types in Patterns, instanceof, and switch (Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP, under the auspices of Project Amber, proposes to enhance pattern matching by allowing primitive type patterns in all pattern contexts, and extend instanceof and switch to work with all primitive types. Aggelos Biboudis, Principal Member of Technical Staff at Oracle, has recently published an updated draft specification for this feature. The review is expected to conclude on January 22, 2024.
Ron Pressler, Architect and Technical Lead for Project Loom at Oracle, and Alex Buckley, Specification Lead for the Java Language and the Java Virtual Machine at Oracle, have submitted JEP Draft 8323072, Deprecate Memory-Access Methods in sun.misc.Unsafe for Removal. This JEP proposes to deprecate the memory-access methods defined in the sun.misc.Unsafe class for removal in a future release. These now unsupported methods have had supported replacements since: JDK 9 for accessing on-heap memory; and JDK 22 for accessing off-heap memory.
JDK 23
Build 6 of the JDK 23 early-access builds was made available this past week featuring updates from Build 5 that include fixes for various issues. More details on this release may be found in the release notes.
JDK 22
Build 32 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 31 that include fixes to various issues. Further details on this build may be found in the release notes.
As per the JDK 22 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, formally declared that JDK 22 has entered Rampdown Phase Two. This means that: no additional JEPs will be added for JDK 22; and there will be a focus on the P1 and P2 bugs which can be fixed via the Fix-Request Process. Late enhancements are still possible, with the Late-Enhancement Request Process, but Reinhold states that “the bar is now extraordinarily high.” The final set of 12 features for the GA release in March 2024 will include:
For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has announced a change to the targeted Java version for Jakarta EE 11 to support both JDK 21 and JDK 17. As explained by Grimstad:
While this may seem like a significant change, it turns out that it isn’t that dramatic. None of the component specifications were actually planning on exposing any Java 21 features in their APIs. The only one close to it was Jakarta Concurrency 3.1, with the planned support for Java virtual threads. But it turns out that careful API design allows for support if the underlying JVM supports it.
The biggest change is for the Test Compatibility Kit (TCK), which must be able to run on both Java 17 and Java 21. The implementations that had moved their code base to Java 21 are also affected to some degree depending on how far they have gotten and how many Java 17+ features they have started using.
As a result, the Jakarta EE release plan for specification milestone releases has been modified to accommodate this change, but Grimstad maintained that the original GA release of Jakarta will remain at the June/July 2024 timeframe.
GraalVM
Oracle Labs has released GraalVM for JDK 21 Community 21.0.2 featuring fixes based on the Oracle Critical Patch Update for January 2024. These include: a simplified implementation of the ValueAnchorNode class; a resolution to a problem with the -XX:+PrintGCSummary command-line parameter if assertions are enabled; and a resolution to prevent failures from System.console().readPassword. More details on this release may be found in the release notes.
BellSoft
Concurrent with Oracle’s Critical Patch Update (CPU) for January 2024, BellSoft has released CPU patches for versions 21.0.1.0.1, 17.0.9.0.1, 11.0.21.0.1, 8u401 of Liberica JDK, their downstream distribution of OpenJDK, to address this list of CVEs. In addition, Patch Set Update (PSU) versions 21.0.2, 17.0.10, 11.0.22 and 8u402, containing CPU and non-critical fixes, have also been released.
Spring Framework
The first milestone release of Spring Boot 3.3.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: the removal of APIs that were deprecated in a previous release; support for the Micrometer @SpanTag annotation; and support to auto-configure JwtAuthenticationConverter and ReactiveJwtAuthenticationConverter classes for dedicated Spring Security OAuth2 properties. Further details on this release may be found in the release notes.
The release of Spring Boot 3.2.2 ships with improvements in documentation, dependency upgrades and notable bug fixes such as: the getComment() method called within an instance of the JarEntry class returns incorrect results from instances of the NestedJarFile class; a database connection leak when using jOOQ without the spring.jooq.sql-dialect property having been established; and using the MockRestServiceServerAutoConfiguration class together with the Spring Framework RestTemplate class and RestClient interface throws an incorrect exception. More details on this release may be found in the release notes.
Similarly, the release of Spring Boot 3.1.8 provides improvements in documentation, dependency upgrades and notable bug fixes such as: implementations of the SslBundle interface, PropertiesSslBundle and WebServerSslBundle, do not provide useful toString() results; the mark, ^, that indicates an error in the pattern is misplaced within the log message from a PatternParseException; and mixing PEM and JKS certificate material in the server.ssl properties does not work. Further details on this release may be found in the release notes.
The first milestone release of Spring Security 6.3.0 delivers bug fixes, dependency upgrades and new features such as: a new factory method for the RoleHierarchyImpl class for improved definition of the role hierarchy; a new offset to complement the order attribute within the @EnableMethodSecurity annotation to allow applications to select where the interceptors should be placed; and integrate caching into the HandlerMappingIntrospector class. More details on this release may be found in the release notes.
The first milestone release of Spring Authorization Server 1.3.0 provides dependency upgrades and new features such as: the ability to configurable scope validation strategy in the OAuth2ClientCredentialsAuthenticationProvider class; improved error logging to document an invalid or expired authorization code; and support for multi-tenancy using the path component for the issuer of a certificate. Further details on this release may be found in the release notes.
Versions 1.2.0-M1, 1.1.2 and 1.0.5 of Spring Modulith have been released featuring bug fixes, dependency upgrades and improvements such as: eliminate the use of the deprecated fromDataSource() method defined in the Spring Boot DatabaseDriver enum class; avoid the potential for the ModuleTestExecution class to include modules twice if a module is listed as an extra include but already part of the calculated dependencies; and exclude classes generated by Spring AOT from architecture verification as they might otherwise introduce dependencies to application components considered module internals. More details on these releases may be found in the release notes for version 1.2.0-M1, version 1.1.2 and version 1.0.5.
The first milestone release of Spring Session 3.3.0 ships with dependency upgrades and new features such as: a new ReactiveFindByIndexNameSessionRepository interface to provide an Actuator endpoint for non-indexed session repositories; and a new ReactiveRedisIndexedSessionRepository class to provide a /sessions endpoint for Spring WebFlux applications. Further details on this release may be found in the release notes.
The release of Spring for Apache Pulsar 1.0.2 ships with dependency upgrades and a new Bill of Materials module, spring-pulsar-bom, added to the project. This version will be included in the release of Spring Boot 3.2.2 More details on this release may be found in the release notes.
Helidon
The release of Helidon 4.0.3 delivers notable changes such as: support for the use of Map in configured builders to eliminate the use of “complicated” config.detach().asMap() to obtain the child values; restore the access specifiers of the RegistryFactory class and its getInstance() and getRegistry() methods to public for improved backwards compatibility with the 3.x release train; and improved security resulting from the OIDC provider performing authentication against the ID Token first the introduction of an access token refresh mechanism. Further details on this release may be found in the changelog.
Quarkus
The first release candidate of Quarkus 3.7 features notable changes such as: support for the LinkedIn OIDC provider; the ability to observe security events for an authorization check failure or success such that an application could use this to implement a custom security logging mechanism; and support for the Micrometer @MeterTag annotation, making it possible to add additional tags for methods annotated with @Counted and @Timed from method arguments. More details on this release may be found in the release notes.
The Quarkus team has also announced that the Quarkus documentation is now equipped with full-text search that has initially been implemented on the Quarkus Guides page. This replaces the original simple substring search on the title and summary of each guide. This new capability is powered by the Quarkus.io Search application that uses the Hibernate Search extension which provides integration with OpenSearch/Elasticsearch.
Hibernate
The release of Hibernate ORM 6.4.2.Final provides bug fixes and improvements such as: a new CurrentTenantIdentifierResolver interface to allow for non-string tenant identifiers and tenant resolver as a managed bean; and resolutions to the query problem with joined inheritance hierarchy structure and an HQL join entity not generating a delete condition with the use of the @SoftDelete annotation. Further details on this release may be found in the list of issues.
Similarly, the release of Hibernate Reactive 2.2.1.Final ships with notable changes such as: support for the Order class introduced in Hibernate ORM 6.3; support for applying the upsert() method defined in the StatelessSession interface on all databases; and a resolution for issues with out-of-the-box support for arrays of basic Java types. This release is compatible with Hibernate ORM 6.4.1.Final and Vert.x SQL driver 4.5.1. Hibernate Reactive 2.0.8.Final was also released, however despite compatibility with Vertx SQL client 4.5.1, the team has decided to revert the version 2.0.8 upgrade because it was preventing other applications from upgrading to the latest 2.0 version. More details on this release may be found in the release notes.
Apache Software Foundation
The fifth alpha release of Apache Groovy 5.0.0 delivers bug fixes, dependency upgrades and new features/improvements such as: a custom type checker for format strings to find invalid conversion characters, missing parameters, incorrect types and invalid flags; Generate a serialVersionUID for an instance of the Closure class because it implements the Java Serializable interface; and support for matching on a method call that contains variable arguments with the ASTMatcher class. Further details on this release may be found in the release notes.
Similarly, Apache Groovy 4.0.18 has also been released featuring bug fixes, dependency upgrades and improvements such as: the Groovy Docs now list the inherited properties; and a resolution to avoid processing duplicated entries within META-INF folder. More details on this release may be found in the release notes.
The twelfth alpha release of Apache Maven 4.0.0 provides notable changes such as: leveraging the artifact collection filtering and new transitive dependency manager in the Maven Artifact Resolver; use of JLine for improved line editing; and improved consistency during builds by not resolving projects outside the reactor. Further details on this release may be found in the release notes.
Java News Roundup: Final JEP Drafts, Payara 2024 Roadmap, TornadoVM Plugin for IntelliJ
MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for January 8th, 2024 features news highlighting: JEP drafts for final versions of OpenJDK features String Templates and Implicitly Declared Classes and Instance Main Methods; the Payara Platform 2024 roadmap; and a new TornadoVM plugin for IntelliJ IDEA.
OpenJDK
Ron Pressler, Architect and Technical Lead for Project Loom at Oracle, and Jim Laskey, Software Development Director at Oracle, have submitted JEP Draft 8323335, Implicitly Declared Classes and Instance Main Methods (Final) to finalize this feature. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the two previous rounds of preview, namely JEP 463, Implicit Classes and Instance Main Methods (Second Preview), to be delivered in the upcoming release of JDK 22, and JEP 445, Unnamed Classes and Instance Main Methods (Preview), delivered in JDK 21. This JEP proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java Language Architect at Oracle. The latest draft of the specification document by Gavin Bierman, Consulting Member of Technical Staff at Oracle, is open for review by the Java community. More details on JEP 445 may be found in this InfoQ news story.
Laskey has also submitted JEP Draft 8323333, String Templates (Final), to finalize this feature after two rounds of preview, namely JEP 459, String Templates (Second Preview), to be delivered in the upcoming release of JDK 22, and JEP 430, String Templates (Preview), delivered in JDK 21. This JEP proposes to enhance the Java programming language with string templates, string literals containing embedded expressions, that are interpreted at runtime where the embedded expressions are evaluated and verified. Further details on JEP 430 may be found in this InfoQ news story.
JDK 23
Build 5 of the JDK 23 early-access builds was made available this past week featuring updates from Build 4 that include fixes for various issues. More details on this release may be found in the release notes.
JDK 22
Build 31 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 30 that include fixes to various issues. Further details on this build may be found in the release notes.
For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.
Spring Framework
Versions 6.1.3 and 6.0.16 of Spring Framework have been released featuring bug fixes, improvements in documentation, dependency upgrades and new features such as: exclude full request URIs containing sensitive query parameters from remaining mono checkpoints while using the WebClient interface; allow the @CrossOrigin annotation to provide a Access-Control-Allow-Private-Network header from an application to Google Chrome if the Access-Control-Request-Private-Network header (Private Network Access) is sent in the preflight request; and avoid early resolution of the getMostSpecificMethod() method defined in the ClassUtils class from within the CommonAnnotationBeanPostProcessor class due to it being called at an outer level before finding an annotation. These versions will be shipped with the upcoming releases of Spring Boot 3.2.2 and 3.1.8. More details on these releases may be found in the release notes for version 6.1.3 and version 6.0.16.
Versions 2023.1.2 and 2023.0.8 of Spring Data have been released providing bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.2.2 and 3.1.8; Spring Data MongoDB 4.2.2 and 4.1.8; Spring Data Elasticsearch 5.2.2 and 5.1.8; and Spring Data Neo4j 7.2.2 and 7.1.8. These versions may also be consumed by the upcoming releases of Spring Boot 3.2.2 and 3.1.8, respectively.
The release of Spring Web Services 4.0.10 ships with notable changes such as: support for jar:nested, a URI scheme for resources within uber JARs as part of a new loader implementation in Spring Boot 3.2, within the SchemaFactoryUtils class; removal of a duplicate dependency declaration for the Apache HttpComponents HttpClient interface; and a dependency upgrade to Spring Framework 6.0.16. Further details on this release may be found in the release notes.
The release of Spring Cloud Dataflow 2.11.2 delivers notable changes such as: an upgrade to Logback 1.2.13 to resolve CVE-2023-6378, a serialization vulnerability in the Logback receiver component that allows an attacker to mount a denial-of-service attack by sending poisoned data; update the BatchVersion enum and the JdbcSearchableJobExecutionDao class to support use of the JOB_CONFIGURATION_LOCATION field that was removed in Batch5-based schemas that broke some queries; and a resolution to the getJobExecutionsWithStepCountFilteredByTaskExecutionId() method in the aforementioned JdbcSearchableJobExecutionDao class does not support BATCH_ task prefixes. More details on this release may be found in the release notes.
Payara
The Payara team has provided a retrospective on 2023 and a roadmap for the Payara Platform in 2024 and beyond. Highlights in 2023 included: the release of Payara Platform 6; support for JDK 21 and MicroProfile 6.1; and the introduction of Payara Starter. The comprehensive roadmap for 2024 includes: their vision for all Payara products through 2026; detailed individual roadmaps of Payara Server, Payara Micro, Payara Cloud and Payara Developer Tools; and support for Jakarta EE 11, scheduled for a GA release in June/July 2024. More details may be found in Empowering Enterprise Innovation with Jakarta EE, presented at the December 2023 Payara Virtual Conference by Louise Castens, Senior Product Manager at Payara, and Luqman Saeed, Contract Technical Writer at Payara.
TornadoVM
TornadoInsight, an “open-source IntelliJ IDEA plugin for enhancing the developer experience when working with TornadoVM,” was introduced by the TornadoVM team this past week. Key features include: an on-the-fly static checker that scans TornadoVM code in real-time and reports any Java features that are not supported by TornadoVM; and a dynamic testing framework to simplify the testing process for individual TornadoVM tasks. InfoQ will follow up with a more detailed news story.
Micrometer
Versions 1.12.2 and 1.11.8 of Micrometer Metrics both deliver dependency upgrades and notable bug fixes such as: add the missing version declarations in the io.netty:netty-transport-native-epoll artifact in the POM file that yielded a compile error; a rename of the thread that polls meters in the StepMeterRegistry class that shared the same name with a publishing thread; and a fix in the unaryRpcAsync() method defined in the GrpcObservationTest class for improved concurrency. Further details on these releases may be found in the release notes for version 1.12.2 and version 1.11.8.
Similarly, versions 1.2.2 and 1.1.9 of Micrometer Tracing both provide dependency upgrades and notable bug fixes such as: the SimpleTraceContextBuilder class not overriding values from an implementation of the TraceContext interface; and manually created baggage fields do not propagate across threads using the ObservationAwareSpanThreadLocalAccessor class. More details on these releases may be found in the release notes for version 1.2.2 and version 1.1.9.
Project Reactor
Project Reactor 2023.0.2, the second maintenance release, provides dependency upgrades to reactor-core 3.6.2, reactor-netty 1.1.15 and reactor-pool 1.0.5. There was also a realignment to version 2023.0.2 with the reactor-kafka 1.3.22, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.
Next, Project Reactor 2022.0.15, the fifteenth maintenance release, provides dependency upgrades to reactor-core 3.5.14, reactor-netty 1.1.15 and reactor-pool 1.0.5. There was also a realignment to version 2022.0.15 with the reactor-kafka 1.3.22, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.
And finally, the release of Project Reactor 2020.0.40, codenamed Europium-SR40, provides dependency upgrades to reactor-core 3.4.35 and reactor-netty 1.0.41. There was also a realignment to version 2020.0.40 with the reactor-pool 0.2.12, reactor-kafka 1.3.22, reactor-addons 3.4.10, reactor-kotlin-extensions 1.1.10 and reactor-rabbitmq 1.5.6 artifacts that remain unchanged. Further details on this release may be found in the changelog.
Apache Software Foundation
Versions 11.0.0-M16, 10.1.18, 9.0.85 and 8.5.98 of Apache Tomcat all feature bug fixes and notable changes such as: refactor the VirtualThreadExecutor class so that it can be used by the NIO2 connector which was using platform threads despite having been configured to use virtual threads; correct a regression in the fix for issue 67675 that broke TLS key file parsing for format keys typically generated by OpenSSL 1.0.2 that do not specify an explicit pseudo-random function and only rely on the default; and allow multiple operations with the same name on introspected MBeans, fixing a regression caused by the introduction of a second addSslHostConfig() method. More details on these releases may be found in the release notes for version 11.0.0-M16, version 10.1.18, version 9.0.85 and version 8.5.98.
After the release of Apache Cocoon 2.3.0, the team has recently decided to retire the 2.1 and 3.0 branches of Cocoon. The 2.1 branch, initially released more than 20 years ago, is now considered obsolete. The 3.0 branch was an attempt to rewrite Cocoon from scratch, but was never finalized. Apache Cocoon, a Spring-based framework (since version 2.2), is built around the concepts of separation of concerns and component-based development.
Grails
The Grails Foundation has released versions 5.3.6 and 3.3.18 of the Grails Framework with notable changes such as: revert the recent upgrade to SnakeYAML, Micronaut, Spring and Spring Boot because they were not backward compatible; add a workflow to manually trigger a release to SDKMan; and update the NexusPublishing extension to increase the delay of retries from 2000 to 3000 milliseconds. Further details on these releases may be found in the release notes for version 5.3.6 and version 3.3.18.
Piranha Cloud
The release of Piranha 23.12.0 delivers notable changes such as: a resolution to a Windows build failure by downgrading Eclipse WaSP, the compatible implementation for Jakarta Pages and Jakarta Standard Tag Library, from version 3.2.1 to 3.2.0; a new UberPiranha class and corresponding uber module to initialize Piranha on the command line; and the ability to set a temporary directory for Piranha Uber. More details on this release may be found in their documentation and issue tracker.
OpenXava
The release of OpenXava 7.2.2 provides dependency upgrades and notable bug fixes such as: multiple @RowStyle annotations applied to the same row, but only one is considered; the @ListProperties annotation does not support several properties when used in conjunction with the @Tree or @Editor("TreeView") annotations; and database connection leaks when using the calendar list format. Further details on this release may be found in the release notes.
Gradle
The second release candidate of Gradle 8.6 provides continuous improvement in: support for custom encryption keys in the configuration cache via the GRADLE_ENCRYPTION_KEY environment variable; improvements in error and warning reporting; improvements in the Build Init Plugin to support various types of projects; and enhanced build authoring for plugin authors and build engineers to develop custom build logic. More details on this release may be found in the release notes.