Author: Michael Redlich

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for August 7th, 2023 features news from JDK 22, JDK 21, GraalVM Native Build Tools 0.9.24, Spring Cloud 2023.0.0-M1, Spring Modulith 1.0-RC1, Payara Cloud, Quarkus 3.2.4, MicroProfile Telemetry 1.1, OpenXava 7.1.4, Foojay.io calendar and JVM Language Summit 2023.

JDK 21

Build 35 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 34 that include fixes to various issues. Further details on this build may be found in the release notes.

JDK 22

Build 10 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 9 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 22 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

GraalVM

On the road to version 1.0, Oracle Labs has released version 0.9.24 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides notable changes such as: support for Profile-Guided Optimization (PGO); migrate away from using ImageClassLoader in favor of ClassLoader for discovery of tests by JUnitPlatformFeature to eliminate the eager class initialization error during native image building time; and improved GraalVM installation instructions. Further details on this release may be found in the changelog.

Spring Framework

The first milestone release of Spring Cloud 2023.0.0-M1, codenamed Leyton, ships with: an implementation of Spring MVC and Jakarta Servlet; support for the Java HttpClient class; and milestone upgrades to sub-projects such as Spring Cloud Commons 4.1.0-M1 and Spring Cloud Task 3.1.0-M1. More details on this release may be found in the release notes.

The first release candidate of Spring Modulith 1.0.0 provides bug fixes, dependency upgrades and new features such as: avoid premature initialization of the SpringModulithRuntimeAutoConfiguration class to avoid a proxy warning; improve database interaction to mark event publications as completed; and allow the ApplicationModulesExporter class to write output to a file. Further details on this release may be found in the release notes. The GA release is scheduled to be announced at SpringOne at VMware Explore conference in late August 2023 and InfoQ will follow up with a more detailed news story.

Payara Cloud

Payara has announced a new 15-day free trial of their Payara Cloud cloud native runtime service for organizations considering their options for these kinds of services. Payara claims that use of Payara Cloud will shorten development cycles, improve operational efficiency and save money training developers in Kubernetes since Payara Cloud handles Kubernetes in the background.

Quarkus

Red Hat has released version 3.2.4.Final of Quarkus with notable changes such as: documentation of Maven configuration options that may be relevant when running tests; a fix for the @RouteFilter annotation that stopped working with WebSocket requests using Quarkus 3.2.0.Final; and a fix for the OpenTelemetry (OTEL) SDK autoconfiguration ignores the OTEL service name in favor of the Quarkus application name. More details on this release may be found in the changelog.

MicroProfile

On the road to MicroProfile 6.1, the MicroProfile Working Group has provided the first release candidate of the MicroProfile Telemetry 1.1 specification featuring notable changes such as: a clarification of which API classes must be available to users; an implementation of tests that is not timestamp dependent; and a clarification of the behavior of the Span and Baggage beans when the current span or baggage changes. Further details on this release may be found in the list of issues.

OpenXava

The release of OpenXava 7.1.4 features dependency upgrades and notable fixes such as: use of the @DisplaySize annotation with a value greater than 50 is ignored when used with @Column(length=255); files lost when uploading several files at same time on creating a new entity; and moving columns to customize a list does not work if the application name contains underscores. More details on this release may be found in the release notes.

Foojay.io

The Foojay.io community calendar now has the ability to automatically import individual Meetup pages maintained by Java Users Groups. This eliminates the need for JUGs to manually enter their Meetup events on the Foojay.io calendar. To get started, JUG leaders would need to register on the Foojay.io Slack channel and specify either daily or weekly basis for automatic updates.

JVM Language Summit

Sharat Chander, senior director, Java and Container Native Product Management and Developer Relations at Oracle, provided InfoQ with a summary of the 2023 JVM Language Summit that featured this agenda and OpenJDK Committers’ Workshop.

Last week represented the 15th edition of the JVM Language Summit. Taking place in Santa Clara, California, this three day summit hosted by Oracle’s Java language and JVM teams offered an open technical collaboration among language designers, compiler writers, tool builders, runtime engineers, and VM architects.

The summit welcomed the creators of both the JVM and programming languages for the JVM to share their experiences. It also included non-JVM developers of similar technologies to attend or speak on their runtime, VM, or language of choice. The attendee mix comprised participants from 15 companies, 30 countries, as well as 11 members of the Java Champions luminary program and 16 Java User Group leaders and organizers.

From sessions exploring dimensions from Project Leyden, Loom, Panama and Valhalla, the summit also offered insight into areas such as Generational ZGC, the Class-File API preview feature, and more.

Chander stated that “session recordings will be made available soon so keep an eye out for an update!”

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for July 31st, 2023 features news from OpenJDK, JDK 22, JDK 21, GlassFish 7.0.7, GraalVM JDK 21 Developer Builds, Liberica JDK Performance Edition, JNoSQL 1.0.1, Spring Tools 4.19.1, Open Liberty 23.0.0.8-beta and 23.0.0.7, Micronaut 4.0.3, Quarkus 3.2.3 and 2.16.9, Apache Camel 4.0.0-RC2, JHipster Lite 0.40, Ktor 2.3.3, Maven 3.9.4 and Gradle 8.3-RC3.

OpenJDK

David Delabassee, director of Java developer relations at Oracle, has announced a change in annotation processing. The OpenJDK team is considering disabling default implicit annotation processing in a future release of OpenJDK. This is due to implicit annotation proceeding when there are no annotation processing configuration options. As of JDK 21 Build 29 and JDK 22 Build 4, the javac utility will print a note (as shown below) if implicit annotation processing is being used.

    Annotation processing is enabled because one or more processors were
    found on the class path. A future release of javac may disable
    annotation processing unless at least one processor is specified by
    name (-processor), or a search path is specified (--processor-path,
    --processor-module-path), or annotation processing is enabled
    explicitly (-proc:only, -proc:full).

    Use -Xlint:-options to suppress this message.
    Use -proc:none to disable annotation processing.

JDK 21

Build 34 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 33 that include fixes to various issues. Further details on this build may be found in the release notes.

JDK 22

Build 9 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 8 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 22 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

GlassFish

GlassFish 7.0.7, the seventh maintenance release, delivers refactoring and maintenance, component upgrades and notable bug fixes such as: creation of a new Admin Object Resource in the Admin Console; generation of Web Services Description Language (WSDL) for use with JDK 21; and a remote EJB access issue in the glassfish-naming package by updating the osgi.bundle files. More details on this release may be found in the release notes.

GraalVM

The GraalVM JDK 21 Developer Builds for GraalVM 23.1.0 Community Edition have been made available to the Java community. These builds include the JVM and developer tools for generating native images from Java applications. More details on this release may be found in the release notes.

BellSoft

BellSoft has introduced the Liberica JDK Performance Edition that delivers the performance of JDK 17 to enterprise workloads running on JDK 11 without the need to worry about migration to newer versions of the JDK. BellSoft claims that companies will “notice the instant performance boost up to 10–15% with little to no code adjustments.” Enhancements include: improved garbage collection using Shenandoah, ZGC and G1GC; and several runtime improvements. More details on the Liberica JDK Performance Edition may be found in the user’s guide.

JNoSQL

The release of JNoSQL 1.0.1 delivers notable fixes such as: logic in the getConstructors() method defined in the Reflections class to detect constructors with parameters annotated with @Id or @Column; lazy loading metadata in the EntityMetadata interface; and a redesign of the ParameterMedataData interface to not throw a NullPointException when it’s implementation with a JDK Parameter class that does not use the of the @Id or @Column annotations. More details on this release may be found in the release notes.

Spring Framework

Spring Tools 4.19.1 has been released featuring early-access builds for Eclipse 2023-09 IDE milestones and notable bug fixes such as: experimental validation support for Spring Modulith; Spring Boot language server interfering with the automatic project synchronization of Eclipse Gradle Buildship; and no classpath update after source code has been saved. More details on this release may be found in the release notes.

Open Liberty

IBM has released version 23.0.0.8-beta of Open Liberty that ships with: support for running a Spring Boot 3.0 application on Open Liberty; and a continued early preview support of Jakarta Data, a new specification that will officially be included in the upcoming release of Jakarta EE 11.

Similarly, Open Liberty 23.0.0.7 has been released featuring API and SPI Javadocs now available in the reference section of the Open Liberty documentation and notable changes such as: add missing public methods in the GlobalOpenTelemetry class; fix concurrency errors when using same JWT access token for inbound propagation; and a dependency upgrades to Apache MyFaces 4.0.1.

Micronaut

Micronaut 4.0.3, the third maintenance release, delivers a patch update to the Micronaut Core project and updates to modules: Micronaut Maven Plugin, Micronaut Data, Micronaut Multitenancy, Micronaut GCP, Micronaut RabbitMQ, and Micronaut Security.

The release of Micronaut Core 4.1.0 provides new features and improvements such as: support for Kotlin default parameters; replacement of the HttpStreamsHandler and HandlerPublisher for the client in favor of directly handling the incoming instances of the HttpRequest and HttpContent interfaces and transformed to the required types; a new builder() method in the BeanIntrospector interface to deal with all the different cases of instantiation.

Quarkus

Red Hat has released version 3.2.3.Final of Quarkus featuring notable changes such as: support for user methods with the @Transactional annotation in REST Data with the Panache ORM; the addition of a clear error message when Reactive REST Client used outside of Quarkus; and properly resolve use of the @TestProfile annotation with nested tests in base classes. More details on this release may be found in the changelog.

Similarly, Quarkus 2.16.9.Final has also been released providing notable changes such as: prevention of a ContextNotActiveException with an invalid configuration validation if the RESTEasy Reactive module is present; a fix for addressing CVE-2023-1428 and CVE-2023-32731, two gRPC Protocol Buffers-related CVEs; and a dependency upgrade to gRPC 1.53.0. More details on this release may be found in the changelog.

Apache Software Foundation

The second release candidate of Apache Camel 4.0.0 delivers bug fixes, dependency upgrades and new features such as: support for Kubernetes in Camel JBang; a new standalone Web Console available for all Camel applications; and limit the auto-conversion of all body types when stream caching is enabled due to issues when the body type is not a stream. More details on this release may be found in the release notes.

JHipster

Version 0.40.0 of JHipster Lite has been released featuring bug fixes, dependency upgrades and new features such as: add the AddDirectJavaDependency record for use in the Gradle dependency; change the logger in the CorsFilterConfiguration class to static; and an implementation of keyboard navigation for the Landscape screen. More details on this release may be found in the release notes.

JetBrains

JetBrains has released Ktor 2.3.3 that ships with notable changes such as: support for YAML configuration; a fix for Kotlin’s IllegalArgumentException upon using the UTF-8 charset after migrating from Xcode 14 to XCode 15; and a fix for a DataFormatException when WebSocket compression is enabled by default. More details on this release may be found in the what’s new page.

Maven

The release of Maven 3.9.4 features dependency upgrades and a fix for an endless loop in the getMessage() method defined in the DefaultExceptionHandler class.

Gradle

The third release candidate of Gradle 8.3 delivers continued improvements such as: support for JDK 20; faster Java compilation using worker processes to run the Java compiler as a compiler daemon; the ability to experiment with the Kotlin K2 compiler; and improved output from the CodeNarc plugin. Further details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for July 24th, 2023 features news from OpenJDK, JDK 22, JDK 21, GraalVM Community Components 23.0.1, Spring Cloud 2022.0.4, Spring Security and Spring Shell point releases, Grails 6.0, TornadoVM 0.15.2, Liberica NIK 23.0.1, PrimeFaces 13.0, Quarkus 3.2.2, Hibernate Reactive 2.0.4, Micronaut 4.0.2, JBang 0.110, JHipster Lite 0.39, JUnit 5.10 and Gradle 8.3-RC2.

OpenJDK

Maurizio Cimadamore, software architect at Oracle, has submitted JEP Draft 8310626, Foreign Function & Memory API. This JEP proposes to finalize this feature after two rounds of incubation and three rounds of preview: JEP 412, Foreign Function & Memory API (Incubator), delivered in JDK 17; JEP 419, Foreign Function & Memory API (Second Incubator), delivered in JDK 18; JEP 424, Foreign Function & Memory API (Preview), delivered in JDK 19; JEP 434, Foreign Function & Memory API (Second Preview), delivered in JDK 20; and JEP 442, Foreign Function & Memory API (Third Preview), to be delivered in the upcoming release of JDK 21. Improvements since the last release include: a new Enable-Native-Access manifest attribute that allows code in executable JARs to call restricted methods without the use of the --enable-native-access flag; allow clients to programmatically build C function descriptors, avoiding platform-specific constants; improved support for variable-length arrays in native memory; and support for multiple charsets in native strings.

Cimadamore and Per-Åke Minborg, consulting member of technical staff at Oracle, have submitted JEP Draft 8312611, Computed Constants. This JEP introduces the concept of computed constants, defined as immutable value holders that are initialized at most once. This offers the performance and safety benefits of final fields, while offering greater flexibility as to the timing of initialization. This feature will debut as a preview API.

Julian Waters, OpenJDK development team at Oracle, has submitted JEP Draft 8313278, Ahead of Time Compilation for the Java Virtual Machine. This JEP proposes to “enhance the Java Virtual Machine with the ability to load Java applications and libraries compiled to native code for faster startup and baseline execution.”

Version 7.3 of the Regression Test Harness for the JDK, jtreg, has been released and ready for integration in the JDK. Notable changes include: an updated set of default environment variables (DBUS_SESSION_BUS_ADDRESS, WAYLAND_DISPLAY, and XDG-*) set for tests on Unix-like platforms; a fix for a race-condition when running tests with a multi-module setup; and a fix in the log() method defined in the AgentServer class that did not flush the output. More details on this release may be found in the release notes.

JDK 21

Build 33 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 32 that include fixes to various issues. Further details on this build may be found in the release notes.

JDK 22

Build 8 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 7 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 22 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

GraalVM

The release of GraalVM Community Components 23.0.1, comprised of GraalVM for JDK 20 Community 20.0.2 and GraalVM for JDK 17 Community 17.0.8, provides these Native Image fixes: jvmstat performance data initialization; JDK Flight Recorder (JFR) events constant pool IDs; user experience issues; and analysis results in build reports. There was also an update to the strip mining optimization for counted loops feature in which mine overflow loops are defined as “do not strip” in the Graal compiler. These new versions are built upon JDK versions 20.0.2+9 and 17.0.8+7, respectively. Further details on these releases may be found in the release notes for version 20.0.2 and version 17.0.8.

Similarly, GraalVM Community Edition 22.3.3 was also released to align with the April 2023 Critical Patch Update (CPU) for GraalVM Community Edition. This version is built upon JDK versions 17.0.7 and 11.0.19. More details on this release may be found in the release notes.

Further details on the latest release of GraalVM may be found in this detailed news story featuring Q&A with Alina Yurenko, developer advocate for GraalVM at Oracle Labs.

Spring Framework

The release of Spring Cloud 2022.0.4, codenamed Kilburn, delivers notable changes such as: support for retry-aware load-balancing for delegates of the ServiceInstanceListSupplier interface in Spring Cloud Commons; improved exception handling for loading shared beans in Spring Cloud Stream; and dependency upgrades to Feign 12.4 and Eureka 2.0.1 for Spring Cloud OpenFeign and Spring Cloud Netflix, respectively. This latest version builds upon Spring Boot 3.0.9. It is important to note that subprojects: Spring Cloud CLI, Spring Cloud for Cloud Foundry and Spring Cloud Sleuth, have been removed from the release train. More details on this release may be found in the release notes.

Versions 6.1.2, 6.0.5, 5.8.5, 5.7.10 and 5.6.12 of Spring Security have been released to address two Common Vulnerabilities and Exposures: CVE-2023-34034, WebFlux Security Bypass With Un-Prefixed Double Wildcard Pattern, is a vulnerability in which using the double wildcard (**) as a pattern in Spring Security configuration for Spring WebFlux creates a mismatch in pattern matching that may result in a security bypass; and CVE-2023-34035, Authorization Rules Can Be Misconfigured When Using Multiple Servlets, a vulnerability in which using the requestMatchers(String) method and multiple servlets, one of them being the Spring MVC DispatcherServlet class, may lead to an authorization rule misconfiguration. Further details on these releases may be found in the release notes for version 6.1.2, version 6.0.5, version 5.8.5, version 5.7.10, and version 5.6.12.

Versions 3.1.3, 3.0.7 and 2.1.12 of Spring Shell have been released featuring the addition of a complete() method in the CompletionProposal class to allow for completing a single argument with multiple tab clicks, such as file paths. These versions build upon Spring Boot versions 3.1.2, 3.0.9 and 2.7.14, respectively. More details on these releases may be found in the release notes for version 3.1.3, version 3.0.7 and version 2.1.12.

Grails

The Grails Foundation has released version 6.0 of Grails delivering: a minimal JDK 11 version; support for Spring Framework 5.3.28, Spring Boot 2.7.12 and Gradle 7.6.1; the debut of Grails Forge UI, a starter project similar to Spring Initializr and others; and enhanced integration of the Micronaut Framework. Further details on this release may be found in the release notes and InfoQ will follow up with a more detailed news story.

TornadoVM

TornadoVM, an open-source software technology company, has released version 0.15.2 of their virtual machine that ships with bug fixes and notable improvement such as: initial support for Multi-Tasks on Multiple Devices that enables the execution of multiple independent tasks on more than one hardware accelerator; support for trigonometric radian, cospi and sinpi functions for the OpenCL/PTX and SPIR-V backends; and initial integration with ComputeAorta (part of the Codeplay’s oneAPI construction kit for RISC-V) to run on RISC-V with vector instructions in emulation mode. More details on this release may be found in the release notes.

Juan Fumero, research associate, Advanced Processor Technologies Research Group at The University of Manchester, introduced TornadoVM at QCon London in March 2020 and has since contributed this more recent InfoQ technical article.

LibericaJDK

BellSoft has released version 23.0.1 of their Liberica Native Image Kit (NIK) for JDK 17.0.8 and 20.0.2 as part of Critical Patch Update (CPU) release cycle featuring: experimental support for ParallelGC on the Windows OS; a fix for the compilation of JavaFX FXML applications; and fixes for the following Common Vulnerabilities and Exposures: CVE-2023-22043; CVE-2023-22041; CVE-2023-25193; CVE-2023-22044; CVE-2023-22045; CVE-2023-22049; CVE-2023-22036; and CVE-2023-22006.

PrimeFaces

Version 13.0.0 of PrimeFaces has been released with bugs fixes, dependency upgrades and new features such as: support for columns and footer facet in the SelectCheckboxMenu class; the addition of selectOnFocus() and caretPositionOnFocus() methods in the InputNumber class; and the addition of a cache attribute in the OverlayPanel class. It is important to note that there are breaking changes. Further details on this release may be found in the release notes.

Quarkus

Red Hat has released version 3.2.2.Final of Quarkus to address two regressions from version 3.2.1 and improvements in documentation. Notable changes include: revert back to the openjdk-17-runtime:1.16 images due to the development branch having the version number bumped to 1.17 in anticipation of the next release scheduled for release in August 2023; remove the false positive warning about the quarkus.launch.rebuild property; and allow reauthentication if the OIDC state cookie is not matched. More details on this release may be found in the changelog.

Hibernate

The release of Hibernate Reactive 2.0.4.Final features: a dependency upgrade to Hibernate ORM 6.2.7.Final; start the Docker container only as requested to confirm that a remote database already started before executing the full build; and a fix for which the @SQLSelect annotation did not work on a primary entity. Further details on this release may be found in the release notes.

Micronaut

Micronaut Framework 4.0.2, the second maintenance release, provides bug fixes, improvements in documentation, dependency upgrades and improvements such as: add version number check to the BuildTestVerifier interface; and move Async validation to a processor module due to the AsyncTypeElementVisitor class defined as a compileOnly dependency. More details on this release may be found in the release notes.

The Micronaut Foundation has moved their chat community from Gitter to Discord effective immediately. The foundation states that Discord provides an improved desktop application experience, better-structured conversations and enhanced notifications. Developers on Gitter are encouraged to move to Discord, however the foundation will continue to monitor conversations on Gitter and provide links to Discord.

JBang

The release of JBang 0.110.0 ships with a change in its Maven Central ID from mavencentral to central for fetching dependencies to allow for better sharing of downloads between Maven- and JBang-based builds. There was also a fix for a regression in which Maven artifacts containing capital letters failed to download.

JHipster

Version 0.39.0 of JHipster Lite has been released featuring bug fixes, dependency upgrades and improvements such as: enhancements to the Logback dependency with improved configuration and the elimination of having to explicitly define the shutdown hook; add a getInstantOrDefault() method to the JHipsterModuleProperties class; and a switch to a non-parallel stream in REST pagination mapping to ensure sequential processing of the stream. Further details on this release may be found in the release notes.

JUnit

JUnit 5.10.0 has been released with new features such as: experimental APIs, such as ModuleSelector, EngineDiscoveryListener, EngineDiscoveryRequestResolver, LauncherSession and @Suite, have been promoted to stable; new selectors in the @SelectMethod annotation; and a new LauncherInterceptor interface for intercepting the creation of instances of the Launcher and LauncherSessionListener interfaces. More details on this release may be found in the release notes.

Gradle

The second release candidate of Gradle 8.3 delivers continued improvements such as: support for JDK 20; faster Java compilation using worker processes to run the Java compiler as a compiler daemon; the ability to experiment with the Kotlin K2 compiler; and improved output from the CodeNarc plugin. Further details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for July 17th, 2023 features news from JDK 22, JDK 21, JDK 20, BellSoft, releases of: Spring Boot; Spring Framework; Spring for GraphQL; Spring Session; Spring Integration and Spring HATEOAS; WildFly 29, Quarkus 3.2.1, Helidon 4.0-M1, Micronaut 4.0.1, Hibernate 6.3-CR1, MicroProfile Config 3.1, Infinispan 14.0.13, PrimeFaces 12.0.5, OpenXava 7.1.3 and Gradle 8.3-RC1.

JDK 20

JDK 20.0.2, the second maintenance release of JDK 20, along with security updates for JDK 17.0.8, JDK 11.0.20 and JDK 8u381, were made available as part of Oracle’s Releases Critical Patch Update for July 2023.

JDK 21

As per the JDK 20 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, formally declared that JDK 21 has entered Rampdown Phase Two to signal continued stabilization for the GA release in September 2023. Critical bugs, such as regressions or serious functionality issues, may be addressed, but must be approved via the Fix-Request process.

The final set of 15 features in JDK 21 will include:

Build 32 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 31 that include fixes to various issues. Further details on this build may be found in the release notes.

JDK 22

Build 7 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 6 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 22 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

BellSoft

Also concurrent with Oracle’s Critical Patch Update (CPU) for July 2023, BellSoft has released CPU patches for versions 17.0.7.0.1, 11.0.19.0.1 and 8u381 of Liberica JDK, their downstream distribution of OpenJDK. In addition, Patch Set Update (PSU) versions 20.0.2, 17.0.8, 11.0.20 and 8u382, containing CPU and non-critical fixes, have also been released.

Spring Framework

The first milestone release of Spring Boot 3.2.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: support for the JDK HttpClient class and Jetty in the ClientHttpRequestFactories class; allow key password to be set for an instance of the PemSslStoreBundle class; and deprecation of the DelegatingApplicationContextInitializer and DelegatingApplicationListener classes in favor of registering each delegate programmatically or in the spring.factories property. Further details on this release may be found in the release notes.

Versions 3.1.2, 3.0.9 and 2.7.14 of Spring Boot have also been released with dependency upgrades, improvements in documentation and notable bug fixes such as: the ImportsContextCustomizer test class does not support the @AliasFor annotation; the equals() method defined in the ConfigurationPropertyName class is not symmetric when the element contains trailing dashes; and an auto-configuration failure with a NoSuchMethodError exception due to the removal of Oracle-related methods from the Flyway FluentConfiguration class. More details on these releases may be found in the release notes for version 3.1.2, version 3.0.9 and version 2.7.14.

The third milestone release of Spring Framework 6.1 delivers new features such as: new configuration options for virtual threads on JDK 21 with a dedicated VirtualThreadTaskExecutor class and a new setVirtualThreads() method added to the SimpleAsyncTaskExecutor class; Spring MVC now throws NoHandlerFoundException or NoResourceFoundException exceptions to allow for consistent handling of HTTP 404 errors that includes the RFC 7807, Problem Details for HTTP APIs, error response; and support for the BeanPropertyRowMapper and DataClassRowMapper classes in the R2DBC project. Further details on this release may be found in the what’s new page.

The release of Spring for GraphQL 1.2.2 released delivers bug fixes, improvements in documentation, dependency upgrades and these new features support for: Kotlin coroutines in the @GraphQlExceptionHandler annotation; and the ValueExtractor interface for the ArgumentValue class for improved bean validation. More details on this release may be found in the release notes.

The first milestone release of Spring Session 3.2.0 provides dependency upgrades and these new features: a new SessionIdGenerationStrategy interface that specifies a strategy for generating session identifiers; and eliminating multiple calls to the commitSession() method in the private SessionRepositoryRequestWrapper class defined in the SessionRepositoryFilter class upon calling the include() method defined in the RequestDispatcher interface. Further details on this release may be found in the release notes.

The first milestone release of Spring Integration 6.2 ships with notable changes such as: removal of the unused JDK ThreadLocal class from the RedisStoreMSource class; an optimization of the maybeIndex() method in the JsonPropertyAccessor class; and the addition of the @LogLevels annotation for the SftpRemoteFileTemplateTests class for tracing diagnostics. More details on this release may be found in the release notes.

Versions 2.2.0-M2, 2.1.2 and 2.0.6 of Spring HATEOAS have been released that feature a fix for a regression in the AOT reflection metadata generation so that applications building native images continue to work on the upcoming releases of Spring Boot. Further details on these releases may be found in the release notes for version 2.2-M2, version 2.1.2 and version 2.0.6.

WildFly

Red Hat has released version 29 of WildFly featuring bug fixes, internal housekeeping from the migration to Jakarta EE 10 and new features such as: the ability to secure the management console with WildFly’s native support for OpenID Connect; a new Keycloak SAML Adapter feature pack that uses Galleon Provisioning to add Keycloak’s SAML adapter to an installation of WildFly; and support for MyFaces 4.0, a compatible implementation of Jakarta Faces specification, using the new WildFly MyFaces 1.0.0.Beta1 feature pack.

Quarkus

Red Hat has also released version 3.2.1.Final of Quarkus featuring the addition of the OpenAPI schema and UI to be published when the management interface is enabled along with the ability to configure using the quarkus.smallrye-openapi.management.enabled property. Other notable changes include: support for serialization of class fields with Jackson in native mode; avoiding a race condition on adding a content-length header if it already exists resulting in the response never being sent; and the removal of a default token customizer from an OIDC Microsoft provider that breaks signature verification. More details on this release may be found in the release notes.

Helidon

The first milestone release of Helidon 4.0.0 delivers notable changes: removal of the Helidon Reactive WebServer and WebClient that were based on Netty as Helidon fully commits to Project Níma with new implementations based on virtual threads that have a blocking style API; conversion of other modules with reactive APIs to blocking style APIs; the introduction of Helidon Injection, a deterministic, source-code-first, compile time injection framework; support for MicroProfile 6 and Jakarta 10 Core Profile running on the Níma WebServer; and initial adoption of Helidon Builders, a builder code generation framework. It is important to note that this is a preview release and the new features are a work-in-progress. Further details on this release may be found in the release notes.

Micronaut

The Micronaut Foundation has provided version 4.0.1 of Micronaut Framework, the first maintenance release since the release of Micronaut 4.0, featuring: dependency upgrades; improvements in documentation; a fix for a constructor copy; and the addition of a propagated context to the reactive controller methods in the ReactorPropagation class. More details on this release may be found in the release notes.

Hibernate

Versions 6.3.0-CR1 and 6.2.7 of Hibernate ORM have been released that ships with: new documentation that adds an introductory Hibernate 6 guide and the Hibernate Query Language syntax and feature guide; the ability to generate DAO-style methods for named queries as part of the JPA static metamodel generator; and a new @Find annotation for which arbitrary methods may now be processed by the generator to create finder methods similar to query methods.

MicroProfile

On the road to MicroProfile 6.1, the MicroProfile Working Group has provided the first release candidate of MicroProfile Config 3.1 featuring notable changes such as: the MissingValueOnObserverMethodInjectionTest class fails due to the ConfigObserver bean, defined as @ApplicationScoped and final, which is beyond the scope of the DeploymentException the test was designed to throw; failing TCK tests due to empty beans being declared as all when they should be declared as annotated; and an upgrade of all tests to be compatible with Jakarta Contexts and Dependency Injection 4.0. Further details on this release may be found in the list of issues.

Infinispan

Versions 14.0.13 and 14.0.12 of Infinispan have been released with notable changes such as: a fix for the SearchException while rebuilding an index; filter out illegal characters found in memory pool names; and a fix for the RemoteStore class leaking Netty event loop client threads. More details on these releases may be found in the release notes for version 14.0.13 and 14.0.12.

PrimeFaces

Versions 12.0.5, 11.0.11, 10.0.18 and 8.0.23 of PrimeFaces have been released with notable fixes such as: the FullAjaxExceptionHandler class does not display an error page when an exception is thrown during an AJAX request; a NullPointerException from the encodeScript() method defined in the InputTextRenderer class due to an empty counter bypassing the conditional that checks for null; and fixes for the user interface. Further details on these releases may be found in the changelogs for version 12.0.5, version 11.0.11, version 10.0.18 and version 8.0.23.

OpenXava

The release of OpenXava 7.1.3 features dependency upgrades and notable fixes such as: one security vulnerability in the dependencies; the project does not start if the workspace is in a path with special characters or accents; and use of the @OnChange annotation on the first property of a collection view in an @OneToMany annotation with no cascade displays an error. More details on this release may be found in the release notes.

Gradle

The first release candidate of Gradle 8.3 delivers improvements such as: support for JDK 20; faster Java compilation using worker processes to run the Java compiler as a compiler daemon; the ability to experiment with the Kotlin K2 compiler; and improved output from the CodeNarc plugin. Further details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for July 10th, 2023 features news from JDK 22, JDK 21, Spring Web Flow 3.0, Micronaut 4.0, Payara Platform, point and milestone releases of: Spring projects, Open Liberty, Helidon, Hibernate Reactive, Tomcat, Micrometer Metrics and Tracing, Piranha, Project Reactor, JHipster, JHipster Lite, Yupiik Fusion, Maven and Gradle; and AI Assistant in JetBrains IDEs.

JDK 21

Build 31 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 30 that include fixes to various issues. Further details on this build may be found in the release notes.

JDK 22

Build 6 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 5 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 22 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

The release of Spring Web Flow 3.0.0 features: compatibility with Spring Framework 6 and Jakarta EE; and the removal of Apache Tiles, a project which has been retired and, therefore, has not migrated to Jakarta EE. The Spring Web Flow Samples have been updated accordingly and the booking-mvc example now uses Thymeleaf Layouts instead of Apache Tiles.

The second milestone release of Spring Framework 6.1 ships with bug fixes, improvements in documentation, dependency upgrades and numerous new features such as: an HTTP interface client infrastructure and adapter for the RestTemplate class; a new RestClient interface; and support for multiple instances of the TaskScheduler interface with the @Scheduled annotation. Further details on this release may be found in the release notes.

Versions 6.0.11, 5.3.29 and 5.2.25.RELEASE of Spring Framework have been released featuring bug fixes, improvements in documentation, dependency upgrades and new features such as: a simplification of the isDepedendent() method defined in the DefaultSingletonBeanRegistry class; add the missing @Nullable annotations in the ContentDisposition.Builder interface; and an extension of supported types in the nullSafeConciseToString() method defined in the ObjectUtils method. Versions 6.0.11 and 5.3.29 will be consumed in the upcoming releases of Spring Boot 3.1.2 and 2.7.14, respectively. Considered an out-of-cycle release, version 5.2.25.RELEASE will not ship with a Spring Boot version as Spring Boot 2.3.x has reached end-of-life. More details on these releases may be found in the release notes for version 6.0.11, version 5.3.29 and version 5.2.25.RELEASE.

The first milestone release of Spring Data 2023.1.0, codenamed Vaughn, delivers: compatibility with JDK 21; support for Kotlin value classes; the use of virtual threads through the Executor interface; and an exploration for optimizations using Coordinated Restore at Checkpoint (CRaC). Further details on this release may be found in the release notes.

Versions 2023.0.2, 2022.0.8, and 2021.2.14, service releases of Spring Data, ship with bug fixes and respective dependency upgrades to sub-projects such as: Spring Data MongoDB 4.1.2, 4.0.8 and 3.4.14; Spring Data Elasticsearch 5.1.2, 5.0.8, and 4.4.14; and Spring Data Neo4j 7.1.2, 7.0.8 and 6.3.14.

Versions 2.2.0-M1, 2.1.1, 2.0.5 and 1.5.5, service releases of Spring HATEOAS deliver bug fixes, dependency upgrades and a fix for CVE-2023-34036, Forwarded Header Exploit with Spring HATEOAS on WebFlux, a vulnerability in which hypermedia-based responses produced by Spring HATEOAS might be exposed to malicious forwarded headers if they are not behind a trusted proxy. More details on these releases may be found in the release notes for version 2.2.0-M1, version 2.1.1, version 2.0.5 and version 1.5.5.

The release of Spring Initializr 0.20.0 with new features and improvements such as: support for Spring Boot 3.x and JDK 17; improved code generation in which method bodies can now define arbitrary statements using the CodeBlock class; nested annotations; support for Gradle 8.x; and improved build and raw text test assertions. Further details on this release may be found in the release notes.

Micronaut

After five milestones and one release candidate, the Micronaut Foundation has released Micronaut Framework 4.0.0 featuring baselines to JDK 17, Groovy 4.0, Kotlin 1.8, Gradle 8.x.

There is also support for GraalVM 23, virtual threads, HTTP/3 and io_uring. This new version also introduces: an expression language that allows developers to place expressions in annotations; and a new Java HTTP Client, a lighter implementation of the Micronaut HTTP Client as an alternative to the existing Netty-based implementation. More details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.

Payara

Payara has released their July 2023 edition of the Payara Platform that includes Community Edition 6.2023.7, Enterprise Edition 6.4.0 and Enterprise Edition 5.53.0 featuring bug fixes and component upgrades that includes Hazelcast 5.3.1 for adding socket options for a per-socket keep-alive configuration. However, this is not yet supported on the Windows OS as acknowledged by Hazelcast. There was also an improvement with the reduction of duplication between the POMs and BOMs such as the removal of: an unused POM file; an outdated temporary Jakarta staging repository; and jdk8 profiles. Further details on these versions may be found in the release notes for Community Edition 6.2023.7, Enterprise Edition 6.4.0 and Enterprise Edition 5.53.0.

Open Liberty

IBM has released version 23.0.0.7-beta of Open Liberty with a test implementation of version 1.0.0-beta2 of the Jakarta Data specification as an experiment with proposed specification features so developers can try out these features and provide feedback to influence the specification as it is being developed. Jakarta Data 1.0.0 has passed its plan review and will most-likely be included in Jakarta EE 11, scheduled for a GA release in the first quarter of 2024.

Helidon

Oracle has provided Helidon 2.6.2, a second point release, featuring dependency upgrades and notable fixes such as: an intermittent failure in the CipherSuiteTest class; avoid reflecting back user data coming from exception messages; and the response from the WebServer component should not be chunked if there is no entity. More details on this release may be found in the release notes.

Hibernate

The release of Hibernate Reactive 2.0.3.Final delivers a new getFactory() method to the Mutiny.Session and Stage.Session interfaces that return instances of the Mutiny.SessionFactory and Stage.SessionFactory interfaces, respectively, that created those sessions. Further details on this release may be found in the release notes.

Apache Software Foundation

The Apache Software Foundation has released versions 11.0.0-M9, 10.1.11, 9.0.78 and 8.5.91 of Apache Tomcat this past week. All four versions provide bug fixes and introduce new classes: ContextNamingInfoListener, a listener which creates context naming information environment entries; and PropertiesRoleMappingListener, a listener which populates the context’s role mapping from a properties file. Version 11.0.0-M9 updates the implementations of the Jakarta Expression Language and Jakarta WebSocket specifications to align with the latest changes planned for Jakarta EE 11. More details on these releases may be found in the release notes for version 11.0.0-M9, version 10.1.11, version 9.0.78 and version 8.5.91.

Micrometer

Versions 1.12.0-M1, 1.11.2, 1.10.9 and 1.9.13 of Micrometer Metrics have been released featuring dependency upgrades and notable bug fixes such as: Micrometer Wavefront integration Proxy validation error with the default uri implementation; the removal of unnecessary ThreadLocal overhead for disabled log levels in the LogbackMetrics class; and a NullPointerException from the setValue() method defined in the ObservationThreadLocalAccessor class when there is no current scope. New features in version 1.12.0-M1 are: a configurable base time unit for registering Micrometer observations via the ObservationThreadLocalAccessor class; and improved instances of the Apache HttpAsyncClient interface instrumented with the MicrometerHttpClientInterceptor class to prevent meter I/O errors. Further details on these releases may be found in the release notes for version 1.12.0-M1, version 1.11.2, version 1.10.9 and version 1.9.13.

Similarly, versions 1.2.0-M1, 1.1.3 and 1.0.8 of Micrometer Tracing have been released featuring bug fixes, dependency upgrades and these new features: the addition of Java Microbenchmark Harness (JMH) benchmarks for basic tracing operations; and a new getDuration() method added to the FinishedSpan interface. More details on these releases may be found in the release notes for version 1.2.0-M1, version 1.1.3 and version 1.0.8.

Piranha

The release of Piranha 23.7.0 delivers notable changes such as: a migration from JBoss Jandex to SmallRye Jandex; a new FeatureManager interface to complement the existing Feature interface; and a new CracFeature class that enables Project CRaC. Further details on this release may be found in their documentation and issue tracker.

Project Reactor

The first milestone release of Project Reactor 2023.0.0 provides a dependency upgrade to reactor-core 3.6.0-M1. There was also a realignment to version 2023.0.0-M1 with the reactor-netty 1.1.9, reactor-kafka 1.3.19, reactor-pool 1.0.1, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.

Similarly, Project Reactor 2022.0.9, the ninth maintenance release provides dependency upgrades to reactor-core 3.5.8, reactor-netty 1.1.9, reactor-kafka 1.3.19 and reactor-pool 1.0.1. There was also a realignment to version 2022.0.9 with the reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.

JHipster

The second beta release of JHipster 8.0.0 delivers bug fixes and notable changes such as: a removal of the unused import of the HttpServletRequest interface; a removal of the parameter with the spring-boot-maven-plugin as it was unknown to the plugin and had issued a warning; and an improvement in the Heroku sub-generator. More details on this release may be found in the release notes.

Versions 0.38.0 and 0.37.0 of JHipster Lite have been released featuring many dependency upgrades and these new features: an upgrade to Prettier for Svelte 3 components; and support for dark mode. Further details on these releases may be found in the release notes for version 0.37.0 and version 0.37.0.

Yupiik

The release of Yupiik Fusion 1.0.5 provides: support for a contextless database; a more precise error message when the JSON module is not seen or ignored; and improvements to the generated resources.json and native-image.properties files to include Fusion JSON metadata. More details on this release may be found in the release notes.

Maven

The seventh alpha release of Maven 4.0.0 ships with notable changes such as: support for JDK 20; a migration of the internal StringUtils class to the StringUtils class offered by Apache Commons Lang; and a migration of the FileUtils class offered by Plexus-Utils to the FileUtils class offered by Apache Commons IO.

Gradle

Gradle 8.2.1, a patch release, delivers fixes on notable Gradle 8.2 issues such as: a StackOverflowError exception in building applications with Gradle 8.2 and Quarkus 2.16.7; a broken Micronaut JacocoReportAggregationPlugin; and an incorrect value of false set to the --no-feature flag when it should be set to true.

JetBrains

JetBrains has introduced a new AI Assistant in all of their IntelliJ-based IDEs. Powered by the JetBrains AI service providers (only OpenAI at this time), the service transparently connects developers to “different large language models (LLMs) and enables specific AI-powered features inside many JetBrains products.” It is important to note that: a .NET Tools version is still under development; free to use during the EAP cycle; licensing and pricing model will come at a later date; and access may currently be limited by a waitlist. Further details on the AI Assistant in the .NET environment may be found in this detailed InfoQ news story.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for June 19th, 2023 features news from JDK 22, JDK 21, updates to: Spring Boot; Spring Security; Spring Vault; Spring for GraphQL; Spring Authorization Server and Spring Modulith; Liberica NIK 23.0, Semeru 20.0.1, Micronaut 4.0-RC2 and 3.9.4, JNoSQL 1.0, Vert.x 4.4.4, updates to: Apache Tomcat, Camel, Log4j and JMeter; JHipster Lite 0.35, KCDC 2023 and JCON Europe 2023.

JDK 21

Build 28 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 27 that include fixes to various issues. Further details on this build may be found in the release notes.

JDK 22

Build 3 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 2 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 22 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

Versions 3.1.1, 3.0.8 and 2.7.13 of Spring Boot 3.1.1 deliver improvements in documentation, dependency upgrades and notable bug fixes such as: difficulty using the from() method defined in the SpringApplication class in Kotlin applications; SSL configuration overwrites other customizations from the WebClient interface; and support for JDK 20, but no defined value for it in the JavaVersion enum. Further details on these versions may be found in the release notes for version 3.1.1, version 3.0.8 and version 2.7.13.

Versions 6.1.1, 6.0.4, 5.8.4, 5.7.9 and 5.6.11 of Spring Security have been released featuring bug fixes, dependency upgrades and new features such as: align the OAuth 2.0 Resource Server documentation with Spring Boot capabilities; a new section in the reference manual to include information related to support and limitations when working with native images; and a migration to Asciidoctor Tabs. More details on these versions may be found in the release notes for version 6.1.1, version 6.0.4, version 5.8.4, version 5.7.9 and version 5.6.11.

The release of Spring Vault 3.0.3 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: a refinement in logging to log the token accessor upon token revocation failure; AWS Identity and Access Management (IAM) authentication added to the EnvironmentVaultConfiguration class; and the inclusion of a key_version attribute to the encrypt() method in the VaultTransitOperations interface. Further details on this release may be found in the release notes.

Versions 1.2.1 and 1.1.5 of Spring for GraphQL have been released featuring bug fixes, dependency upgrades and new features such as: an enhanced GraphQL request body check to prevent a 500 Internal Server Error when a 400 Bad Request is expected; elimination of the IllegalArgumentException due to no defined ConnectionAdapter interface when using existing Java Connection types. More details on these versions may be found in the release notes for version 1.2.1 and version 1.1.5.

Versions 1.1.1, 1.0.3 and 0.4.3 of Spring Authorization Server have been released featuring bug fixes and dependency upgrades. Version 1.1.1 ships with a new feature in which there was a performance enhancement by simply replacing the replaceFirst() method with the substring() method from the String class while using the OAuth2AuthorizationConsent class. Further details on these versions may be found in the release notes for version 1.1.1, version 1.0.3 and version 0.4.3.

The first milestone release of Spring Modulith 1.0.0 ships with bug fixes, dependency upgrades and a new feature that propagates instances of the ExecutorService interface defined in an application into instances of the Scenario class by default. This project has been promoted from its experimental status yielding these breaking changes: a rename of the actuator endpoint from applicationmodules to application-modules; a rename of the group identifier from org.springframework.experimental to org.springframework.modulith; and the removal of the previously deprecated configuration properties, spring.modulith.events.jdbc-*, in the JDBC-based event registry. More details on this release may be found in the release notes.

BellSoft

BellSoft has released version 23.0 of their Liberica Native Image Kit (NIK) featuring: the integration of the ParallelGC garbage collector as an experimental feature; implementation of the JFR ThreadCPULoad event; a removal of type checks from JNI-to-Java call stubs that can break compatibility; and implementation of the user CPU time thread with the getThreadCpuTime() method in the LinuxThreadCpuTimeSupport class.

IBM Semeru Open Edition

IBM has released version 20.0.1 their Semeru Runtime, Open Edition 20.0.1 built on OpenJDK 20.0.1 and Eclipse OpenJ9 0.39.0. Further details on this release may be found in the release notes.

Micronaut

The second release candidate of Micronaut 4.0.0 was also released providing bug fixes, dependency upgrades and these improvements: use of unsafe setters for Jackson; a new UnsafeBeanInstantiationIntrospection interface, a variation of the BeanIntrospection interface that includes an instantiateUnsafe() method for allowing to skip instantiation validation; and support for the All-open compiler plugin for the Kotlin Symbol Processing API.

The Micronaut Foundation has released Micronaut Framework 3.9.4 featuring bug fixes and updates to modules: Micronaut Security and Micronaut Servlet. There was also a dependency upgrade to Netty 4.1.94. More details on this release may be found in the release notes.

Eclipse Foundation

More than six years after its inception in March 2017, version 1.0.0 of JNoSQL, the compatible implementation of the Jakarta NoSQL specification, has been released. New features include: a migration to the jakarta.* namespace, support for the Jakarta Data specification; an implementation of new methods that explore fluent-API for the Graph, Document, Key-Value and Document NoSQL database types; and new methods, count() and exists(), as default on the DocumentManager and ColumnManager interfaces. Before it became a compatible implementation in November 2019, JNoSQL was a project for developers to more easily create NoSQL database applications using Java.

Two months after MicroStream had announced that their Java-native persistence layer had become an Eclipse Project, the first release of Eclipse Store, formerly known as MicroStream Persistence, has been made available to the Java community. Current non-Eclipse integrations in the MicroStream code base, such as Spring Boot, Quarkus and Helidon, will remain open source and the code will be hosted in a new MicroStream repository after they have been refactored to make use of the Eclipse Store and Eclipse Serializer projects.

Eclipse Vert.x 4.4.4 has been released featuring an upgrade to Netty 4.1.94.Final to address CVE-2023-34462, a vulnerability in which an attacker can manipulate the SniHandler class, with no configured idle timeout handler, to buffer the maximum 16MB of data per connection that can quickly lead to an OutOfMemoryError error and potential for a distributed denial of service. Further details on this release may be found in the release notes.

Apache Software Foundation

The Apache Tomcat team has disclosed that versions 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88 are affected by CVE-2023-34981, a vulnerability in which a regression in the fix for Bug 66512 could lead to an information leak if a response did not include any HTTP headers, then no Apache JServ Protocol (AJP) SEND_HEADERS message would be sent for the response. This was fixed in Bug 66591 and developers are encouraged to migrate to minimal versions 11.0.0-M6, 10.1.9, 9.0.75 or 8.5.89.

The release of Apache Camel 3.20.6 provides bug fixes and improvements such as: ensure that the REQUEST_CONTEXT and RESPONSE_CONTEXT headers are mapped when populating a Camel CXF message from Camel Message; and enhancements to the Camel JBang module to support OpenAPI. More details on this release may be found in the release notes.

Similarly, the release of Apache Camel 3.14.9 ships with these bug fixes: use the createTempFile() method in the Files class within the FileConverter class instead of directly creating a file; and a potential NullPointerException when using XML Tokenize on an Woodstox XML namespace. Further details on this release may be found in the release notes.

The first alpha release of Apache Log4j 3.0.0 delivers notable changes such as: allow plugins to be created through more flexible dependency injection patterns; split support for Kafka, ZeroMQ, CSV, JMS, JDBC and Jackson to their own modules; and removal of support for the Serializable interface in several classes and interfaces that include Message, Layout, LogEvent, Logger, and ReadOnlyStringMap.

Apache JMeter 5.6.0 has been released featuring bug fixes and new features such as: use Caffeine for caching HTTP headers instead of the Apache Commons Collections LRUMap class; use the Java ServiceLoader class for loading plugins instead of classpath scanning for improved startup; and improved computation when many threads actively produce samplers by using the Java LongAdder and similar concurrency classes to avoid synchronization in the Calculator class. More details on this release may be found in the release notes.

JHipster

The JHipster team has released version 0.35.0 of JHipster Lite with bug fixes, improvements in documentation, dependency upgrades and an improved Sonar analysis that provides more error details and an option to wait. Further details on this release may be found in the release notes.

Kansas City Developer Conference

The 2023 Kansas City Developer Conference (KCDC) was held at the Kansas City Convention Center in Kansas City, Missouri this past week featuring speakers from the Java community who presented workshops and sessions on topics such as: Java, architecture, cloud, data science, JavaScript, project management and security. The conference also featured puppies available for adoption from the Great Plains SPCA.

JCON Europe

Also this past week, JCON Europe 2023 was held at the Cinedom in Kön, Germany featuring speakers from the Java community who presented sessions on topics such as: Java, developer productivity engineering, security, web components, microservices and cloud native.

Article originally posted on InfoQ. Visit InfoQ

Day Three of the 9th annual QCon New York conference was held on June 15th, 2023 at the New York Marriott at the Brooklyn Bridge in Brooklyn, New York. This three-day event is organized by C4Media, a software media company focused on unbiased content and information in the enterprise development community and creators of InfoQ and QCon. It included a keynote address by Suhail Patel and presentations from these four tracks:

Morgan Casey, Program Manager at C4Media, and Danny Latimer, Content Product Manager at C4Media, kicked off the day three activities by welcoming the attendees. They introduced the Program Committee, namely: Aysylu Greenberg, Frank Greco, Sarah Wells, Hien Luu, Michelle Brush, Ian Thomas and Werner Schuster; and acknowledged the QCon New York staff and volunteers. The aforementioned track leads for Day Three introduced themselves and described the presentations in their respective tracks.

Keynote Address: The Joy of Building Large Scale Systems

Suhail Patel, Staff Engineer at Monzo, presented a keynote entitled, The Joy of Building Large Scale Systems. On his opening slide, which Patel stated was also his conclusion, asked why the following is true:

Many of the systems (databases, caches, queues, etc.) that we rely on are grounded on quite poor assumptions for the hardware of today.

He characterized his keynote as a retrospective of where we have been in the industry. As the title suggests, Patel stated that developers have “the joy of building large scale systems, but the pain of operating them.” After showing a behind-the-scenes view of the required microservices for an application in which a Monzo customer uses their debit card, he introduced: binary trees, a tree data structure where each node has at most two children; and a comparison of latency numbers, as assembled by Jonas Bonér, Founder and CTO of Lightbend, that every developer should know. Examples of latency data included: disk seek, main memory reference and L1/L2 cache references. Patel then described how to search a binary tree, insert nodes and rebalance a binary tree as necessary. After a discussion of traditional hard drives, defragmentation and comparisons of random and sequential I/O as outlined in the blog post by Adam Jacobs, Chief Scientist at 1010data, he provided analytical data of how disks, CPUs and networks have been evolving and getting faster. “Faster hardware == more throughput,” Patel maintained. However, despite the advances in CPUs and networks, “The free lunch is over,” he said, referring to a March 2005 technical article by Herb Sutter, Software Architect at Microsoft and Chair of the ISO C++ Standards Committee, that discussed the slowing down of Moore’s Law and how the drastic increases in CPU clock speed were coming to an end. Sutter maintained:

No matter how fast processors get, software consistently finds new ways to eat up the extra speed. Make a CPU ten times as fast, and software will usually find ten times as much to do (or, in some cases, will feel at liberty to do it ten times less efficiently).

Since 2005, there has been a revolution in the era of cloud computing. As Patel explained:

We have become accustomed to the world of really infinite compute and we have taken advantage of it by writing scalable and dist software, but often focused on ever scaling upwards and outwards without a ton of regard for perf per unit of compute that we are utilizing.

Sutter predicted back then that the next frontier would be in software optimization with concurrency. Patel discussed the impact of the thread per core architecture and the synchronization challenge where he compared: the shared everything architecture in which multiple CPU cores access the same data in memory; versus the shared nothing architecture in which the multiple CPU cores access their own dedicated memory space. A 2019 white paper by Pekka Enberg, Founder and CTO at ChiselStrike, Ashwin Rao, Researcher at University of Helsinki, and Sasu Tarkoma, Campus Dean at University of Helsinki found a 71% reduction in application tail latency using the shared nothing architecture.

Patel then introduced solutions to help developers in this area. These include: Seastar, an open-source C++ framework for high-performance server applications on modern hardware; io_uring, an asynchronous interface to the Linux kernel that can potentially benefit networking; and the emergence of programming languages, such as Rust and Zig; a faster CPython with the recent release of version 3.11; and eBPF, a toolkit for creating efficient kernel tracing and manipulation programs.

As an analogy of human and machine coming together, Patel used as an example, Sir Jackie Stewart, who coined the term mechanical sympathy as caring and deeply understanding the machine to extract the best possible performance.

He maintained there has been a cultural shift in writing software to take advantage of the improved hardware. Developers can start with profilers to locate bottlenecks. Patel is particularly fond of Generational ZGC, a Java garbage collector that will be included in the upcoming GA release of JDK 21.

Patel returned to his opening statement and, as an addendum, added:

Software can keep pace, but there’s some work we need do to yield huge results, power new kinds of systems and reduce compute costs

Optimizations are staring at us in the face and Patel “longs for the day that we never have to look at the spinner.”

Highlighted Presentations: Living on the Edge, Developing Above the Cloud, Local-First Technologies

Living on the Edge by Erica Pisani, Sr. Software Engineer at Netlify. Availability zones are defined as one or more data centers located in dedicated geographic regions provided by organizations such as AWS, Google Cloud or Microsoft Azure. Pisani further defined: the edge as data centers that live outside of an availability zone; an edge function as a function that is executed in one of these data centers; and data on the edge as data that is cached/stored/accessed at one of these data centers. This provides improved performance especially if a user is the farthest away from a particular availability zone.

After showing global maps of AWS availability zones and edge locations, she then provided an overview on the communication between a user, edge location and origin server. For example, when a user makes a request via a browser or application, the request first arrives at the nearest edge location. In the best case, the edge location responds to the request. However, if the cache at the edge location is outdated or somehow invalidated, the edge location must communicate with the origin server to obtain the latest cache information before responding to the user. While there is an overhead cost for this scenario, subsequent users will benefit.

Pisani discussed various problems and corresponding solutions for web application functionality on the edge using edge functions. These were related to: high traffic pages that need to serve localized content; user session validation taking too much time in the request; and routing a third-party integration request to the correct region. She provided an extreme example of communication between a far away user relative to two origin servers for authentication. Installing an edge server close to the remote user eliminated the initial latency.

There is an overall assumption that there is reliable Internet access. However, that isn’t always true. Pisani then introduced the AWS Snowball Edge Device, a physical device that provides cloud computing available for places with unreliable and/or non-existent Internet access or as a way of migrating data to the cloud. She wrapped up her presentation by enumerating some of the limitations of edge computing: lower available CPU time; advantages may be lost when network request is made; limited integration with other cloud services; and smaller caches.

Developing Above the Cloud by Paul Biggar, Founder and CEO at Darklang. Biggar kicked off his presentation with an enumeration of how computing has evolved over the years in which a simple program has become complex when persistence, Internet, reliability, continuous delivery, and scalability are all added to the original simple program. He said that “programming used to be fun.” He then discussed other complexities that are inherent in Docker, front ends and the growing number of specialized engineers.

With regards to complexity, “simple, understandable tools that interact well with our existing tools” are the way developers should build software along with the UNIX philosophy of “do one thing, and do it well.” However, Biggar claims that building simple tools that interact well is just a fallacy and is the problem because doing so leads to the complexity that is in software development today with “one simple, understandable tool at a time.”

He discussed incentives for companies in which engineers don’t want to build new greenfield projects that solve all the complexity. Instead, they are incentivized to add small new things to existing projects that solve problems. Therefore, Biggar maintained that “do one thing, and do it well” is also the problem. This is why the “batteries included” approach, provided by languages such as Python and Rust, deliver all the tools in one package. “We should be building holistic tools,” Biggar said, leading up to the main theme of his presentation on developing above the cloud.

Three types of complexity: infra complexity; deployment complexity; and tooling complexity, should be removed for an improved developer experience. Infra complexity includes the use of tools such as: Kubernetes, ORM, connection pools, health checks, provisioning, cold starts, logging, containers and artifact registries. Biggar characterized deployment complexity with a quote from Jorge Ortiz in which the “speed of developer iteration is the single most important factor in how quickly a technology company can move.” There is no reason that deployment should take a significant amount of time. Tooling complexity was explained by demos of the Darklang IDE in which creating things like REST endpoints or persistence, for example, can be quickly moved to production by simply adding data in a dialog box. There was no need to worry about things such as: server configuration, pushing to production or a CI/CD pipeline. Application creation is reduced down to the abstraction.

At this time, there is no automated testing in this environment and adoption of Darklang is currently in “hundreds of active users.”

Offline and Thriving: Building Resilient Applications With Local-First Techniques by Carl Sverre, Entrepreneur in Residence at Amplify Partners. Sverre kicked off his presentation with a demonstration of the infamous “loading spinner” as a necessary evil to inform the user that something was happening in the background. This kind of latency doesn’t need to exist as he defined offline-first as:

(of an application or system) designed and prioritized to function fully and effectively without an internet connection, with the capability to sync and update data once a connection is established.

Most users don’t realize their phone apps, such as WhatsApp, email apps and calendar apps, are just some examples of offline-apps and how they have improved over the years.

Sverre explained his reasons for developing offline-first (or local-first) applications. Latency can be solved by optimistic mutations and local storage techniques. Because the Internet can be unreliable with issues such as dropped packets, latency spikes and routing errors, Reliability is crucial to applications. Adding features for Collaboration leverage offline-first techniques and data models for this purpose. He said that developers “gain the reliability of offline-first without sacrificing the usability of real time.” Development velocity can be accomplished by removing the complexity of software development.

Case studies included: WhatsApp, the cross-platform, centralized instant messaging and voice-over-IP service, uses techniques such as end-to-end encryption, on-device messages and media, message drafts and background synchronization; Figma, a collaborative interface design tool, uses techniques such as real-time collaborative editing, a Conflict-Free Replicated Data Type (CRDT) based data model, and offline editing; and Linear, an alternative to JIRA, uses techniques such as faster development velocity, offline editing and real-time synchronization.

Sverre then demonstrated the stages for converting a normal application to an offline-first application. However, trade-offs to consider for offline-first application development include conflict resolution, eventual consistency, device storage, access control and application upgrades. He provided solutions to these issues and maintained that, despite these tradeoffs, this is better than an application displaying the “loading spinner.”

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for June 12th, 2023 features news from OpenJDK, JDK 22, JDK 21, GraalVM 23, various releases of: GraalVM Build Tools, Spring Framework, Spring Data, Spring Shell, Payara Platform, Micronaut, Open Liberty, Quarkus, Micrometer, Hibernate ORM and Reactive, Project Reactor, Piranha, Apache TomEE, Apache Tomcat, JDKMon, JBang, JHipster, Yupiik Bundlebee; and QCon New York 2023.

OpenJDK

After its review had concluded, JEP 404, Generational Shenandoah (Experimental), was officially removed from the final feature set in JDK 21. This was due to the “risks identified during the review process and the lack of time available to perform the thorough review that such a large contribution of code requires.” The Shenandoah team has decided to “deliver the best Generational Shenandoah that they can” and will seek to target JDK 22.

Julian Waters, OpenJDK development team at Oracle, has submitted JEP Draft 8310260, Move the JDK to C17 and C++17, to allow the use of the C17 and C++17 programming language features in JDK source code. Due to the required minimal JDK 17 version in Microsoft Visual C/C++ Compiler: Visual Studio 2019, this draft proposes to apply changes to the build system such that the existing C++ flag, -std:c++14, will change to -std:c++17 and the existing C flag, -std:c11, will change to -std:c17.

JDK 21

Build 27 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 26 that include fixes to various issues. Further details on this build may be found in the release notes.

JDK 22

Build 2 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 1 that include fixes to various issues. More details on this build may be found in the release notes.

For JDK 22 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.

GraalVM

Oracle Labs has introduced Oracle GraalVM with a new distribution and license model for both development and production applications. GraalVM Community Components 23.0.0 provides support for JDK 20 and JDK 17 with the GraalVM for JDK 17 Community 17.0.7 and GraalVM for JDK 20 Community 20.0.1 editions of GraalVM. New features in Native Image include: support for G1 GC; ​​compressed object headers and pointers for a lower memory footprint; and machine learning to automatically infer profiling information. InfoQ will follow up with a more detailed news story.

On the road to version 1.0, Oracle Labs has also released version 0.9.23 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides notable changes such as: a fix for the compatibility of the “collect reachability metadata” task with Gradle’s configuration cache; remove the use of the deprecated Gradle GFileUtils class that will ultimately be removed in Gradle 9; and add a display of the GraalVM logo on the generated Native Build Tools documents. Further details on this release may be found in the changelog.

Spring Framework

The first milestone release of Spring Framework 6.1 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: initial support for the new Sequenced Collections interfaces; support for Coordinated Restore at Checkpoint (CRaC); compatibility with virtual threads; and a ClientHttpRequestFactory interface based on the HttpClient class provided by Jetty. More details on this release may be found in the release notes.

Similarly, versions 6.0.10 and 5.3.28 of Spring Framework have also been released featuring bug fixes, improvements in documentation, dependency upgrades and new features such as: a new remoteServer() method added to the MockHttpServletRequestBuilder class to set the remote address of a request; a new matchesProfiles() methods added to the Environment interface to determine whether one of the given profile expressions matches the active profiles; and declare the isPerInstance() method defined in the Advisor interface as default to eliminate the unnecessary implementation requirement of that method. Further details on these releases may be found in the release notes for version 6.0.10 and version 5.3.28.

Versions 2023.0.1, 2022.0.7 and 2021.2.13, service releases of Spring Data, ship with bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.1.1, 3.0.7 and 2.7.13; Spring Data MongoDB 4.1.1, 4.0.7 and 3.4.13; Spring Data Elasticsearch 5.1.1, 5.0.7 and 4.4.13; and Spring Data Neo4j 7.1.1 7.0.7 and 6.3.13.

Versions 3.1.1 and 3.0.5 of Spring Shell 3.0.5 have been released with notable bug fixes such as: a target annotated with @ShellAvailability not registering with Ahead-of-Time processing; native mode broken on Linux; and an unexpected comma inserted at the end of a parsed message. More details on these releases may be found in the release notes for version 3.1.1 and version 3.0.5.

Payara

Payara has released their June 2023 edition of the Payara Platform that includes Community Edition 6.2023.6, Enterprise Edition 6.3.0 and Enterprise Edition 5.52.0. All three versions feature: the removal of the throwable reference of the ASURLClassLoader class to eliminate class loader leaks; and a fix for the configuration of the dependency injection kernel, HK2, for JDK 17 compilation. Further details on these versions may be found in the release notes for Community Edition 6.2023.6, Enterprise Edition 6.3.0 and Enterprise Edition 5.52.0.

Micronaut

The fourth release candidate of Micronaut 4.0 delivers bug fixes and improvements such as: add a default method to the overloaded set of writeValueAsString() methods in the JsonMapper interface; improved exception handling on scheduled jobs; and a new parameter, missingBeans=EndpointSensitivityHandler.class, for the @Requires annotation on the EndpointsFilter class to convey that endpoint sensitivity is handled externally and the filter will not be loaded. More details on this release may be found in the release notes.

Open Liberty

IBM has released Open Liberty 23.0.0.6-beta that provides: continued improvements in their InstantOn functionality; continued support for the Jakarta Data specification; and improvements for OpenID Connect clients with support for Private Key JWT client authentication and RFC 7636, Proof Key for Code Exchange by OAuth Public Clients (PKCE).

Quarkus

Quarkus 3.1.2.Final, the second maintenance release, provide improvements in documentation, dependency upgrades and bug fixes such as: a ClassNotFoundException when using the Qute Templating Engine in dev mode; a NullPointerException in version 3.1.1 when using a Config Interceptor; and startup of the Quarkus server hangs indefinitely when using the OidcRecorder class. Further details on this release may be found in the release notes.

Micrometer

Versions 1.11.1, 1.10.8 and 1.9.12 of Micrometer Metrics have been released with dependency upgrades and bug fixes such as: an improper variable argument check in the KeyValues class that leads to NullPointerException; loss of scope and context propagation between Project Reactor and imperative code blocks; and random GRPC requests return null upon calling the currentSpan() method defined in the Tracer class. More details on these releases may be found in the release notes for version 1.11.1, version 1.10.8 and version 1.9.12.

Similarly, versions 1.1.2 and 1.0.7 of Micrometer Tracing have been released with dependency upgrades, improvements in documentation and bug fixes: abstractions from the Span interface are not equal when when delegating to the same OpenTelemetry object; and a fix for Project Reactor with Micrometer 1.10 by using null scopes instead of clearing thread locals. Further details on these releases may be found in the release notes for version 1.1.2 and version 1.0.7.

Hibernate

The release of Hibernate ORM 6.2.5.Final provides bug fixes such as: caching not working properly for entities with inheritance when the hibernate.cache.use_structured_entries property was set to true; generic collections not mapped correctly using a @MappedSuperclass annotation; and mapping of JSON-B of different types in a class inheritance hierarchy does not work.

The release of Hibernate Reactive 2.0.1.Final ships with compatibility with Hibernate ORM 6.2.5.Final and adds support for the @Lob annotation for MySQL, MariaDB, Oracle, and Microsoft SQLServer.

Project Reactor

Project Reactor 2022.0.8, the eighth maintenance release, provides dependency upgrades to reactor-core 3.5.7, reactor-netty 1.1.8. There was also a realignment to version 2022.0.8 with the reactor-kafka 1.3.18, reactor-pool 1.0.0, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.

Piranha

The release of Piranha 23.6.0 delivers notable changes such as: removal of the deprecated Logging Manager and MimeTypeManager interfaces; deprecation of the --war and --port command line arguments; and add HTTPS support to the Piranha Maven plugin. Further details on this release may be found in their documentation and issue tracker.

Apache Software Foundation

Apache TomEE 9.1.0 has been released featuring bug fixes, improvements in documentation, dependency upgrades and improvements: use of ActiveMQ 5.18.0 Jakarta EE-compatible client in favor of the shade approach with TomEE; and backport the fixes that addressed CVE-2023-24998 and CVE-2023-28708 in Apache Tomcat from version 10.1.x to version 10.0.27. More details on this release may be found in the release notes.

Versions 10.1.10 and 8.5.90 of Apache Tomcat delivers: support for JDK 21 and virtual threads; an update to HTTP/2 to use the RFC-9218, Extensible Prioritization Scheme for HTTP, prioritization scheme; a dependency upgrade to Tomcat Native to 2.0.4 and 1.2.37, respectively which includes binaries for Windows built with OpenSSL 3.0.9 and 1.1.1u, respectively; and a deprecation of the xssProtectionEnabled property from the HttpHeaderSecurityFilter class and set the default value to false. Further details on these versions may be found in the changelogs for version 10.1.10 and version 8.5.90.

JDKMon

Versions 17.0.67 and 17.0.65 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, these new versions provide: support for the new GraalVM Community builds; and a small icon added to the name of a JDK to indicate that it is managed by SDKMan. An experimental new feature in version 17.0.65 includes a new switch-jdk script placed in a user’s home folder that makes it possible to switch to a specific JDK in a shell session.

JBang

The release of JBang 0.108.0 ships with support for JEP 445, Unnamed Classes and Instance Main Methods (Preview). It is important to note that developers will be required to build and install JDK 21 early-access to use JEP 445 due to the Temurin JDK builds only providing JDK 20 as the latest version.

JobRunr

JobRunr 6.2.2 has been released to provide notable changes: improve caching of job analysis when using Java Stream API; and the ElectStateFilter and ApplyStateFilter interfaces are invoked while there is no change of state.

JHipster

The first beta release of JHipster 8.0.0 delivers bug fixes and notable changes such as: the use of Consul by default; a fix for Apache Cassandra tests by dropping CassandraUnit and adding reactive tests; and a move to deny-by-default over allow-by-default by using the authorizeHttpRequests() method defined in Spring Security HttpSecurity class. It is important to note that there is a rename of the AngularX configuration option to Angular for backward compatibility as AngularX will be removed in the GA release of JHipster 8.0. More details on this release may be found in the release notes.

Yupiik

The release of Yupiik Bundlebee 1.0.20, a light Java Kubernetes package manager, provides updates such as: additional placeholders for the default observability stack; support for namespace placeholder keywords to enable the reuse of globally configured namespace in placeholders; and proper usage of DaemonSet usage for Loki. Further details on this release may be found in the release notes.

QCon New York

After a three-year hiatus due to the pandemic, the 9th annual QCon New York conference was held at the New York Marriott at the Brooklyn Bridge in Brooklyn, New York this past week featuring three days of presentations from 12 tracks and keynotes delivered by Radia Perlman, Alicia Dwyer Cianciolo, Suhail Patel and Sarah Bird. More details about this conference may be found in the InfoQ daily recaps from Day One and Day Two. InfoQ will follow-up with Day Three coverage.

Article originally posted on InfoQ. Visit InfoQ

Day Two of the 9th annual QCon New York conference was held on June 14th, 2023 at the New York Marriott at the Brooklyn Bridge in Brooklyn, New York. This three-day event is organized by C4Media, a software media company focused on unbiased content and information in the enterprise development community and creators of InfoQ and QCon. It included a keynote address by Alicia Dwyer Cianciolo and presentations from these four tracks:

• Designing Modern Reliable Architectures
  • Hosted by Silvia Esparrachiari, Software Engineer at Google.
  • Provides a diverse collection of reliability strategies covering finance applications, gaming platforms and other real world segments of the tech industry.
• MLOps – Production & Delivery for ML Platforms
  • Hosted by Bozhao (Bo) Yu, Founder at BentoML.ai.
  • Explores the latest trends, best practices, and case studies in MLOps, and discusses how they can be applied to improve the reliability, scalability, and efficiency of machine learning systems.
• Next Gen Fintech: Performance, Complexity & Privacy
  • Hosted by Neha Sardana, Vice President and Senior Developer at Morgan Stanley.
  • Provides solutions to the challenges of data breaches, privacy, security, and performance, and stays on top of the latest trends and best practices in Fintech.
• Optimizing Teams for Fast Flow – Surviving in the Post-Agile Aftermath
  • Hosted by Katharine Chajka, Senior Product Manager at Planview Flow Methodology.
  • Focuses on understanding how to identify the specific issues slowing down flow and finding changes that resolve those impediments to make the most of the time and money spent on change.

There was also one sponsored solutions track.

Danny Latimer, Content Product Manager at C4Media, kicked off the day two activities by welcoming the attendees and introduced Daniel Bryant, InfoQ News Manager, who discussed InfoQ news activities and the InfoQ core values: information robin hoods; best, not (necessarily) first; facilitators, not leaders; and content that can trusted. Pia von Beren, Project Manager & Diversity Lead at C4Media, discussed the QCon Alumni Program and the benefits of having attended multiple QCon conferences. The aforementioned track leads for Day Two introduced themselves and described the presentations in their respective tracks.

Keynote Address

Alicia Dwyer Cianciolo, senior technical lead for Advanced Entry, Descent and Landing Vehicle Technology Development at the NASA Langley Research Center, presented a keynote entitled, NASA’S Return to the Moon: Managing Complexity in the Artemis Program. Cianciolo started her presentation with the famous quote from John F. Kennedy’s speech at Rice University in 1962: “We choose to go to the moon in this decade and do the other things, not because they are easy, but because they are hard.” With than in mind, she introduced the Artemis program, considered the “sister” to the Apollo program, as a collection of projects, namely:

Artemis = Space Launch System + Orion Spacecraft + Human Landing System (HLS) + Extravehicular Activity and Human Surface Mobility Program (EHP) + Gateway

Cianciolo currently works on the Human Landing System. Artemis and its component projects were designed as a collaboration for space missions. After introducing each of these projects, she provided background and orbit information on previous and upcoming Artemis launches. Artemis I, launched on November 16, 2022 and splashed down on December 11, 2022 featured the Space Launch System and Orion projects. Artemis II, scheduled to launch at the end of 2024, will feature the Space Launch System and Orion projects and include a flight crew: Reid Wiseman (commander), Victor Glover (pilot), Christina Hammock Koch (Mission Specialist) and Jeremy Hansen (Mission Specialist). The plan for Artemis III is to land on the moon and will feature the Space Launch System, Orion, HLS and EHP projects and include another flight crew that is still to be determined. She described the complex of operations related to the HLS that includes mission segments, contracts, landing requirements and gateway orbit. Apollo 11 through Apollo 17 landed on or near the moon’s equator. The landing plan for Artemis III is to land within 6° latitude and less than 10° surface slopes on the moon’s south pole due to the rough terrain. Another challenge is the amount of daylight that often changes. The crew will need a six-day window of daylight and to be in constant communication with Earth. “What could go wrong?” Cianciolo asked. The hardest part of going to the moon is talking to people, Cianciolo said, as she recalled her experience in which it took six months to resolve this seemingly simple issue related to sharing a bathroom space. The plan for Artemis IV is to land on the International Habitation Module and will feature the Space Launch System, Orion, HLS, EHP and Gateway projects and include a flight crew to be determined.

Highlighted Presentations

Maximizing Performance and Efficiency in Financial Trading Systems through Vertical Scalability and Effective Testing by Peter Lawrey, CEO at Chronical Software. Lawrey kicked off his presentation by discussing how allocating objects may have an overhead of 80x than that of collecting them. He maintained that the loss of objects can be allocated, but recommends against this strategy that has been a practice. As the legendary Grace Hopper once said: “The most dangerous phrase in the English language is: “‘We’ve always done it that way.'” He provided various analyses and benchmarks on why allocations don’t scale well. Allocations can spend approximately 0.3% of the time in the garbage collector. The concept of accidental complexity is complexity that is not inherent in a problem, but rather in a solution that can be removed or reduced with a better design or technology choice. Lawrey provided many examples and analyses of accidental complexity that included memory usage analysis from Chronical Queue where most of the allocation activity was from the JDK Flight Recorder. In many applications, especially in the financial industry, selecting a “source of truth” can significantly impact the latency and complexity of the application. The concept of durability guarantees identifies critical paths for performance, but are often considered the largest bottlenecks. Examples include: a database; durable messaging that is guaranteed to be on disk; redundant messaging; and persisted messaging that will eventually be on disk. Lawrey introduced Little’s Law, a founding principle in queueing theory, as L = λ, such that:

• L = average number of items in a system
• λ = average arrival rate = exit rate = throughput
• W = average wait time in a system for an item (duration inside)

Little’s Law is applied in many aspects of system design and performance enhancement. The higher the latency, the higher the inherent parallelism required to achieve a desired throughput. On the opposite end of that spectrum, the lower the latency, the inherent required parallelism is minimized. Traditional object allocation in Java can impede performance, especially in high throughput scenarios, creating a bottleneck that hinders vertical scalability. By minimizing accidental complexity and using an event-driven architecture, vertical scalability can be achieved.

Performance and Scale – Domain-Oriented Objects vs Tabular Data Structures by Donald Raab, Managing Director and Distinguished Engineer at BNY Mellon, and Rustam Mehmandarov, Chief Engineer at Computas AS. Raab and Mehmandarov started their presentation with a retrospective into the problems with in-memory Java architectures using both 32-bit and 64-bit memory circa 2004. In the 32-bit world, it was challenging for developers to place, say, 6GB of data, into 4GB of memory. The solution was to build their own “small size” Java collections. The emergence of 64-bit provided some relief, but total heap size became an issue. Compressed Ordinary Object Pointers (OOPS), available with the release of Java 6 in late 2006, allowed developers to create 32-bit references (4 bytes) in 64-bit heaps. Solutions in this case include; building their own memory-efficient mutable Set, Map and List data structures; and building primitive collections for the List, Set, Stack, Bag and Map data structures. Raab and Mehmandarov then described the challenges developers face today where, for instance, large CSV data needs to be processed in-memory. They asked the questions: “How can that efficiently be accomplished in Java?,” “How can memory efficiency of data structures be measured?,” “What decisions affect memory efficiency?,” and “Which approach is better: row vs. columns?” To measure the cost of memory in Java, Raab and Mehmandarov introduced the Java Object Layout (JOL), a small toolbox to analyze object layout schemes in JVMs, and how to use it within an application. Using a large CSV data set as an example, Raab and Mehmandarov provided a comprehensive look into the various memory considerations: boxed vs. primitive types; mutable vs. immutable data; data pooling; and row-based vs. column-based structures. They also explored three libraries: Java Streams, introduced in Java 8; Eclipse Collections, invented by Raab; and DataFrame-EC, a tabular data structure based on the Eclipse Collections framework. Three Java projects: Amber, Valhalla and Lilliput, are working to improve productivity, value objects and user-defined primitives, and reduce the object header to 64 bits, respectively.

A Bicycle for the (AI) Mind: GPT-4 + Tools by Sherwin Wu, Member of the Technical Staff at OpenAI, and Atty Eleti, Software Engineer at OpenAI. In 1973, efficiencies in cycling started to emerge which were compared to a condor bird. Wu and Eleti coined the phrase “A bicycle for the mind” and used this as a metaphor for Steve Jobs and the creation of Apple. In 2023, the emergence of ChatGPT has evolved the phrase to “A bicycle for the AI mind.” They discussed large language models (LLMs) and their limitations followed by an introduction to new function calling capability that improves their gpt-4 and gpt-3.5-turbo applications. Wu and Eleti provided numerous demos for: converting natural language into queries; calling external APIs and multiple functions; and combining advanced reasoning with daily tasks. They maintained that technology is still in its infancy and they are excited to see how this technology will evolve in the future.

Implementing OSSF Scorecards Across an Organization by Chris Swan, Engineer at atsign.

Swan introduced the Open Source Security Foundation (OSSF or OpenSSF), a “cross-industry organization that brings together the industry’s most important open source security initiatives and the individuals and companies that support them.” The OpenSSF Scorecard project, just one of the projects under OpenSSF, helps open source maintainers improve their security best practices and to help open source consumers judge whether their dependencies are safe. A number of important software security heuristics are measured against an open source software project and assign each heuristic with a score of 0-10. A badge is generated containing the heuristic and score that may be placed on the GitHub repository. This provides a visual representation that the maintainers of the open source repository care about security, and a feeling of safety and security. Swan explored the five holistic security practices: code vulnerabilities, maintenance, continuous testing, source risk assessment and build risk assessment. He encouraged developers who are new to OpenSSF to use Allstar, another OpenSSF project, as a starting point for assessing security for their own open source projects. Swan provided a comprehensive introduction on how to get started by exploring tools such as: GitHub Insights, a tool that can guide developers to create a good quality open source repository; and Terraform, an Infrastructure as a Service (IaaS) resource that provides scripts to improve a GitHub repository. The process also includes a very long questionnaire in which developers should budget at least one hour. The 80:20 rule in OpenSSF states that 20% of effort is required to obtain 80% of the Scorecard score. However, Swan commented that it gets more difficult from there and that it is really hard to achieve high scores.

Summary

In summary, day two featured a total of 27 presentations with topics such as: reliable architectures, machine learning, financial technology (fintech) and optimizing engineering teams.

Article originally posted on InfoQ. Visit InfoQ

Day One of the 9th annual QCon New York conference was held on June 13th, 2023 at the New York Marriott at the Brooklyn Bridge in Brooklyn, New York. This three-day event is organized by C4Media, a software media company focused on unbiased content and information in the enterprise development community and creators of InfoQ and QCon. It included a keynote address by Radia Perlman and presentations from these four tracks:

There was also one sponsored solutions track.

Dio Synodinos, president of C4Media, Pia von Beren, Project Manager & Diversity Lead at C4Media, and Danny Latimer, Content Product Manager at C4Media, kicked off the day one activities by welcoming the attendees and providing detailed conference information. The aforementioned track leads for Day One introduced themselves and described the presentations in their respective tracks.

Keynote Address

Radia Perlman, Pioneer of Network Design, Inventor of the Spanning Tree Protocol and Fellow at Dell Technologies, presented a keynote entitled, The Many Facets of “Identity”. Based on the history of practicing authentication methods, Perlman provided a very insightful look at how the phrase “the identity problem” may not be as well-understood. She maintained that “most people think they know the definition of ‘identity’…kind of.” Perlman went on to describe the many dimensions of “identity” including: human and DNS naming; how to prove ownership of a human or DNS name; and what a browser needs to know to properly authenticate a website. The theory of DNS is “beautiful,” as she described, but in reality, a browser search generally returns an obscure URL string. Because of this, Perlman once fell victim to a scam while trying to return her driver’s license. She then discussed how it is difficult for humans to properly follow password rules, questioned the feasibility of security questions, and recommended that people should use identity providers. Perlman characterized the Public Key Infrastructure (PKI) as “still crazy after all these years” and discussed how a certificate authority, a device that signs a message saying “This name has this public key,” should be associated with the registry from which DNS name is returned. She then described the problem with X.509 certificates such that Internet protocols use DNS names, not X.500 names. “If being able to receive at a specific IP address is secure, we don’t need any of this fancy crypto stuff,” Perlman said. She then compared the top-down and bottom-up models with DNS hierarchical namespaces in which each node in the namespace represents a certificate authority. Perlman recommended the bottom-up model, created by Charlie Kaufman circa 1988, because organizations wouldn’t have to pay for certifications. Also, there is still a monopoly at the root level and root can impersonate everyone in the top-down model. In summary, Perlman said that nothing is quite right today because names are meaningless strings and obtaining a certification certificate is messy and insecure. In conclusion, Perlman suggested to always start with the question, “What problem am I solving?” and to compare various approaches. In a humorous moment early in her presentation, she remarked, “I hate computers” when she had difficulty manipulating her presentation slides. Perlman is the author of the books, Network Security: Private Communication in a Public World and Interconnections: Bridges, Routers, Switches, and Internetworking Protocols.

Highlighted Presentations

Laying the Foundations for a Kappa Architecture – The Yellow Brick Road by Sherin Thomas, Staff Software Engineer at Chime. Thomas introduced the Kappa Architecture as an alternative to the Lambda Architecture, both deployment models for data processing that combine a traditional batch pipeline with a fast real-time stream pipeline for data access. She questioned why the Lambda Architecture is still popular based on the underlying assumption of Lambda: “that stream processors cannot provide consistency is no longer true thanks to modern stream processors like Flink.” The Kappa Architecture has its roots from this 2014 blog post by Kafka Co-Creator Jay Kreps, Co-Founder and CEO at Confluent. Thomas characterized the Kappa Architecture as a streaming first, single path solution that can handle real-time processing as well as reprocessing and backfills. She demonstrated how developers can build a multi-purpose data platform that can support a range of applications on the latency and consistency spectrum using principles from a Kappa architecture. Thomas discussed the Beam Model, how to write to both streams and data lakes and how to convert a data lake to a stream. She concluded by maintaining that the Kappa Architecture is great, but it is not a silver bullet. The same is true for the Lambda Architecture due to the dual code path making it more difficult to manage. A backward compatible, cost effective, versatile and easy to manage data platform could be a combination of the Kappa and Lambda architectures.

Sigstore: Secure and Scalable Infrastructure for Signing and Verifying Software by Billy Lynch, Staff Software Engineer at Chainguard, and Zack Newman, Research Scientist at Chainguard. To address the rise of security attacks across every stage of the development lifecycle, Lynch and Newman introduced Sigstore, an open-source project that aims to provide a transparent and secure way to sign and verify software artifacts. Software signing can minimize the compromise of account credentials and package repositories, and checks that a software package is signed by the “owner.” However, it doesn’t prevent attacks such as normal vulnerabilities and build system compromises. Challenges with traditional software signing include: key management, rotation, compromise detection, revocation and identity. Software signing is currently widely supported in open-source software, but not widely used. By default, tools don’t check signatures due to usability issues and key management. Sigstore frees developers from key management and relies on existing account security practices such as two-factor authentication. With Sigstore, users authenticate via OAuth (OIDC) and an ephemeral X.509 code signing certificate is issued to bind to the identity of the user. Lynch and Newman provided overviews and demonstrations of Sigstore to include sub-projects: Sigstore Cosign, signing for containers; Sigstore Gitsign, Git commit signing; Sigstore Fulcio, users authentication via OAuth; Sigstore Rekor, an append-only transparency log such that the certificate is valid if the signature is valid; Sigstore Policy Controller, a Kubernetes-based admission controller; and Sigstore Public Good Operations, a special interest group comprised of a group of volunteer engineers from various companies collaborating to operate and maintain the Sigstore Public Good instance. Inspired by RFC 9162, Certificate Transparency Version 2.0, the Sigstore team provides a cryptographically tamper-proof public log of everything they do. The Sigstore team concluded by stating: there is no single or one-size fits all solution; software signing is not a silver bullet, but is a useful defense; software signing is critical for any DevSecOps; and developers should start verifying signatures including your own software. When asked by InfoQ about security concerns with X.509, as discussed in Perlman’s keynote address, Newman stated that certificates are very complex and acknowledged that vulnerabilities can still make their way into certificates. However, Sigstore is satisfied with the mature libraries available to process X.509 certifications. Newman also stated that an alternative would be to scrap the current practice and start from scratch. However, that approach could introduce even more vulnerabilities.

Build Features Faster With WebAssembly Components by Bailey Hayes, Director at Cosmonic. Hayes kicked off her presentation by defining WebAssembly (Wasm) Modules as: a compilation target supported by many languages; only one .wasm file required for an entire application; and built from one target language. She then introduced the WebAssembly System Interface (WASI), a modular system interface for WebAssembly, that Hayes claims should really be known as the WebAssembly Standard Interfaces because it’s difficult to deploy modules in POSIX. She then described how Wasm modules interact with the WASI via the WebAssembly Runtime and the many ways that a Wasm module can be executed, namely: plugin tools such as Extism and Atmo, FaaS providers, Docker and Kubernetes. This was followed by a demo of a Wasm application. Hayes then introduced the WebAssembly Component Model, a proposed extension of the WebAssembly specification that supports high-level types within Wasm such as strings, records and variants. After describing the building blocks of Wasm components with the WASI, she described the process of how to build a component followed by a live demo of an application, written in Go and Rust, that was built and converted to a component.

Virtual Threads for Lightweight Concurrency and Other JVM Enhancements by Ron Pressler, Technical Lead OpenJDK’s Project Loom at Oracle. Pressler provided a comprehensive background on the emergence of virtual threads that included many mathematical theories. A comparison of parallelism vs. concurrency defined performance measures in latency (time duration) and throughput (task/time unit), respectively. For any stable system with long-term averages, he introduced Little’s Law as L = λW, such that:

• L = average number of items in a system
• λ = average arrival rate = exit rate = throughput
• W = average wait time in a system for an item (duration inside)

A comparison of threads vs. async/await in terms of scheduling/interleaving points, implementation and recursion/virtual calls defined the languages that support these attributes, namely: JavaScript, Kotlin and C++/Rust, respectively. After introducing asynchronous programming, syntactic coroutines (async/await) and the impact of context switching with servers, Pressler tied everything together by discussing threads and virtual threads in the Java programming language. Virtual threads is a relatively new feature that was initially introduced in JDK 19 as a preview. After a second preview in JDK 20, virtual threads will be a final feature in JDK 21, scheduled to be released in September 2023. He concluded by defining the phrase “misleading familiarity” as “there is so much to learn, but there is so much to unlearn.”

Summary

In summary, day one featured a total of 28 presentations with topics such as: architectures, engineering, language platforms and software supply chains.