Author: Michael Redlich

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for June 5th, 2023 features news from OpenJDK, JDK 21 in Rampdown, JDK 22 expert group, Jakarta EE 11 update, Spring Security Kerberos 2.0.0, Quarkus 3.1.1, Micronaut 3.9.3, Eclipse Vert.x 4.4.3, Apache Commons IO 2.13, Apache Tomcat 11.0.0-M7 and 9.0.76, Infinispan 14.0.10 and 13.0.17, JHipster Lite 0.34, OpenXava 7.1.1, Yupiik Fusion 1.0.3, Gradle 8.2-RC2 and JNation.

OpenJDK

JEP 453, Structured Concurrency (Preview), has been promoted from Proposed to Target to Targeted for JDK 21. Formerly a incubating API, this initial preview incorporates enhancements in response to feedback from the previous two rounds of incubation: JEP 428, Structured Concurrency (Incubator), delivered in JDK 19; and JEP 437, Structured Concurrency (Second Incubator), delivered in JDK 20. The only significant change features the fork() method, defined in the StructuredTaskScope class, returns an instance of TaskHandle rather than a Future since the get() method in the TaskHandle interface was restructured to behave the same as the resultNow() method in the Future interface. More details on this JEP may be found in this detailed InfoQ news story.

JEP 446, Scoped Values (Preview), has been promoted from Proposed to Target to Targeted for JDK 21. Formerly known as Extent-Local Variables (Incubator), this JEP is now a preview feature following JEP 429, Scoped Values (Incubator), delivered in JDK 20. This JEP proposes to enable sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads. InfoQ will follow-up with a more detailed news story.

Roman Kennke, principal engineer at AWS and owner of JEP 404, Generational Shenandoah (Experimental), has proposed to drop this JEP from JDK 21 due to the “risks identified during the review process and the lack of time available to perform the thorough review that such a large contribution of code requires.” The Shenandoah team has decided to “deliver the best Generational Shenandoah that they can” and will seek to target JDK 22. The review is expected to conclude on June 14, 2023.

JDK 21

Build 26 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 25 that include fixes to various issues. Further details on this build may be found in the release notes.

As per the JDK 20 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, formally declared that JDK 21 has entered Rampdown Phase One. This means that the main-line source repository has been forked to the JDK stabilization repository and no additional JEPs will be added for JDK 21. Therefore, the final set of 15 features for the GA release in September 2023 will include:

This feature set assumes that the proposal to remove the aforementioned JEP 404, Generational Shenandoah (Experimental), originally targeted for JDK 21, will be approved.

For JDK 21, developers are encouraged to report bugs via the Java Bug Database.

JDK 22

JSR 397, Java SE 22, was submitted this past week to formally announce the six-member expert group for JDK 22, namely Simon Ritter (Azul Systems), Manoj Palat (Eclipse Foundation), Andrew Haley (Red Hat), Christoph Langer (SAP SE), Iris Clark (Oracle) and Brian Goetz (Oracle). Clark and Goetz will serve as the specification leads. Other notable dates at this time include a public review from January 2024 through February 2024 and the GA release in March 2024.

Build 0 and Build 1 of the JDK 22 early-access builds were also made available this past week featuring the initial set of release updates.

Jakarta EE

Ivar Grimstad, Jakarta EE developer advocate at the Eclipse Foundation, announced in his Hashtag Jakarta EE weekly blog that the requests for plan review for Jakarta EE 11 have been submitted ahead of the May 30, 2023 deadline. Developers can expect updates to the Jakarta Authentication 3.1, Jakarta Authorization 3.0, Jakarta Concurrency 3.1, Jakarta Contexts and Dependency Injection 4.1, Jakarta Expression Language 6.0, Jakarta Faces 5.0, Jakarta RESTful Web Services 4.0, Jakarta Server Pages 4.0, Jakarta Persistence 3.2, Jakarta Security 4.0, Jakarta Servlet 6.1 and Jakarta WebSocket 2.2 specifications with the release of Jakarta EE 11, scheduled for the first quarter of 2024.

It is also important to note that the Jakarta Data 1.0, Jakarta NoSQL 1.0 and Jakarta MVC 3.0 specifications with approved release plans, are currently considered as standalone, i.e., they haven’t yet been incorporated into the Platform, Web or Core profiles of Jakarta EE.

Spring Framework

The release of Spring Security Kerberos 2.0.0 delivers notable changes such as: backwards compatible support for JDK 8; wrap the execution of the UserDetailsService interface in a PrivilegedAction interface so that it can reuse Kerberos authentication; and a fix for a NotSerializableException with the JaasSubjectHolder class. More details on this release may be found in the list of issues.

Quarkus

Red Hat has released Quarkus 3.1.1.Final featuring dependency upgrades and notable changes such as: properly catch non-unique result exceptions with Security Jakarta Persistence Reactive; prevent a NullPointerException in preparation of Jacoco reports when a workspace module has no sources; a fix for the @NamedNativeQuery annotation not working in Hibernate Reactive when converting to native image; and a fix for Quarkus 3.1 throwing an IllegalStateException exception if the @Produces annotation is not defined on a stream response. Further details on this release may be found in the release notes.

Micronaut

The Micronaut Foundation has released Micronaut Framework 3.9.3 featuring bug fixes and updates to modules: Micronaut Servlet and Micronaut AWS. There was also a dependency upgrade to Netty 4.1.92. More details on this release may be found in the release notes.

The third release candidate of Micronaut 4.0 delivers bug fixes and improvements such as: add a default method to the overloaded set of writeValueAsString() methods in the JsonMapper interface; improved exception handling on scheduled jobs; and a new parameter, missingBeans=EndpointSensitivityHandler.class, for the @Requires annotation on the EndpointsFilter class to convey that endpoint sensitivity is handled externally and the filter will not be loaded. Further details on this release may be found in the release notes.

Eclipse Vert.x

Eclipse Vert.x 4.4.3 has been released with dependency upgrades and notable fixes such as: a broken tracing integration with the JDBC SQL client; an IndexOutOfBoundsException from the serviceName() method in the GrpcMethodCall class; and a NullPointerException from the updateSSLOptions() method in the HttpServer interface due to a null instance of the SSLHelper class. More details on this release may be found in the release notes and deprecations and breaking changes.

Version 4.4.3.1 of the Vert.x JDBC Client has also been released to fix an IP address parsing regression introduced in Vert.x 4.4.3. Developers who use the vertx-jdbc-client module should upgrade to this dependency until an upgrade to the next full stack release is provided.

Apache Software Foundation

The release of Apache Commons IO 2.13.0 delivers notable changes such as: a fix for the FileAlreadyExistsException from the createParentDirectories() method in the PathUtils class; reset the setCharset(null) and setCharsetEncoder(null) methods in the ReaderInputStream.Builder class to return a default object instead of throwing a NullPointerException; and add missing conversions to the subclasses of the AbstractOrigin class. Further details on this release may be found in the release notes.

Versions 11.0.0-M7 and 9.0.76 of Apache Tomcat both ship with: support for JDK 21 and virtual threads; a new RateLimitFilter class to help mitigate Denial of Service and Brute Force attacks by limiting the number of a requests that are allowed from a single IP address within a given time window; and a dependency upgrade to Tomcat Native to 2.0.4 which includes binaries for Windows built with OpenSSL 3.0.9. More details may be found in the changelogs for version 11.0.0-M7 and version 9.0.76.

Infinispan

Infinispan 14.0.10.Final provides notable changes such as: Spring Framework 6.x and Spring Boot 3.x dependency upgrades; a fix to the IPv6 wildcard address when detecting multihoming; and an implementation of the the conditional methods, computeIfAbsent() and computeIfPresent(), in the RemoteCache interface. Further details on this release may be found in the release notes.

Similarly, Infinispan 13.0.17.Final features notable changes such as: eliminate the corruption of binary files by not filtering binary resources; an issue where a JNDI data source is not available when deploying to Tomcat by lazily initiating the data source from the getConnection() method in the ManagedConnectionFactory class; and correct the documented port number in the property file examples in the Spring Boot starter documentation. More details on this release may be found in the release notes.

JHipster

The JHipster team has released version 0.34.0 of JHipster Lite with many dependency upgrades and notable enhancements such as: the removal of unused local variables; the replacement of concatenating strings with text blocks; and improvements in the React application. Further details on this release may be found in the release notes.

OpenXava

Version 7.1.1 of OpenXava has been released featuring dependency upgrades and the ability to visit a website resource that is annotated with @HtmlText. More details on this release may be found in the release notes.

Yupik

Version 1.0.3 of Yupiik Fusion has been released with notable changes such as: support for kubeconfig files in Kubernetes Client libraries; improved reuse of the CliAwaiter class; and expose the prepare() method in the KubenetesClient class by changing the access specifier from private to public. Further details on this release may be found in the release notes.

Gradle

The second release candidate of Gradle 8.2 features improvements such as: continued improvements to the Kotlin DSL reference documentation, clean and actionable error reporting for the console output, and dependency verification that mitigates security risks with compromised dependencies; and the simple property assignment operator (=) operator, introduced in the Kotlin DSL with the last release, is enabled by default. More details on this release may be found in the release notes.

JNation Conference

The JNation conference was held at the Convento São Francisco in Coimbra, Portugal, this past week featuring many speakers from the Java community who presented sessions and workshops on topics such as Project Loom, JavaScript, Java on ARM, WebAssembly, Kubernetes and GraalVM.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for May 29th, 2023 features news from OpenJDK, JDK 21, GlassFish 7.0.5, Payara, Open Liberty 23.0.0.5, IBM Semeru Runtimes, Micronaut 4.0-M6, Quarkus 3.1, Hibernate ORM 6.2.4, Hibernate Reactive 2.0, Hibernate Search 6.2.Beta1, Camel Quarkus 3.0-M2, Camel 3.14.8, Tomcat Native 2.0.4 and 1.2.37, Ktor 2.3.1, Multik 0.2.2, JobRunr 6.2.1, JDKMon 17.0.63 and Gradle 8.2-RC1.

OpenJDK

JEP 452, Key Encapsulation Mechanism API, has been promoted from Proposed to Target to Targeted for JDK 21. This feature JEP type proposes to: satisfy implementations of standard Key Encapsulation Mechanism (KEM) algorithms; satisfy use cases of KEM by higher level security protocols; and allow service providers to plug-in Java or native implementations of KEM algorithms. This JEP was recently updated to include a major change that eliminates the DerivedKeyParameterSpec class in favor of placing fields in the argument list of the encapsulate(int from, int to, String algorithm) method. InfoQ will follow up with a more detailed news story.

JEP 451, Prepare to Disallow the Dynamic Loading of Agents, has been promoted from Proposed to Target to Targeted for JDK 21. Originally known as Disallow the Dynamic Loading of Agents by Default, and following the approach of JEP Draft 8305968, Integrity and Strong Encapsulation, this JEP has evolved from its original intent to disallow the dynamic loading of agents into a running JVM by default to issue warnings when agents are dynamically loaded into a running JVM. Goals of this JEP include: reassess the balance between serviceability and integrity; and ensure that a majority of tools, which do not need to dynamically load agents, are unaffected.

JEP 453, Structured Concurrency (Preview), has been promoted from Candidate to Proposed to Target for JDK 21. Formerly a incubating API, this initial preview incorporates enhancements in response to feedback from the previous two rounds of incubation: JEP 428, Structured Concurrency (Incubator), delivered in JDK 19; and JEP 437, Structured Concurrency (Second Incubator), delivered in JDK 20. The only significant change features the fork() method, defined in the StructuredTaskScope class, returns an instance of TaskHandle rather than a Future since the get() method in the TaskHandle interface was restructured to behave the same as the resultNow() method in the Future interface. The review is expected to conclude on June 6, 2023.

JEP 446, Scoped Values (Preview), has been promoted from Candidate to Proposed to Target for JDK 21. Formerly known as Extent-Local Variables (Incubator), this JEP is now a preview feature following JEP 429, Scoped Values (Incubator), delivered in JDK 20. This JEP proposes to enable sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads. The review is expected to conclude on June 6, 2023.

JDK 21

Build 25 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 24 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Eclipse GlassFish

GlassFish 7.0.5, the fifth maintenance release, delivers a new feature that asynchronously updates the instance status in the Admin Console. Notable bug fixes include: deployment-time recursive bytecode preprocessing in the WebappClassLoader class; the JMX server accepting an arbitrary object as credentials; and a validation error upon deploying an application to a cluster. More details on this release may be found in the release notes.

Payara Platform

Payara has been authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA). Payara is now allowed to publish authoritative cybersecurity vulnerability information about its products via the CVE Program.

Discussing how Payara can better support their customers, Fabio Turizo, service manager and senior engineer at Payara, stated:

Becoming a CVE Numbering Authority creates an extra level of dependability for those using our products and continues our commitment in adhering to and maintaining the best possible security standards. A key benefit is peace of mind when developing your mission critical Jakarta EE applications. As a CVE Numbering Authority, we ensure that when problems do occur, they can be quickly identified and a solution found, with ease of communication and total transparency.

The CVE Program is sponsored by the Cybersecurity and Infrastructure Security Agency of the U.S. Department of Homeland Security. Payara joins organizations such as The Apache Software Foundation, VMware, Oracle and IBM as defined in the CNA list of partners.

Open Liberty

IBM has released Open Liberty 23.0.0.5 featuring updates to 44 of the Open Liberty Guides that now support MicroProfile 6 and Jakarta EE 10. These include: Consuming a RESTful Web Service; Accessing and Persisting Data in Microservices using Java Persistence API (JPA); and Deploying a Microservice to Kubernetes using Open Liberty Operator. There were also notable bug fixes such as: a memory Leak found in the SchemaRegistry class within the MicroProfile Open API specification; and an EntryNotFoundException when defining a non-identifier type property for the input/output mapping of federated registries.

IBM has also released versions 19.0.2, 17.0.7, 11.0.19 and 8.0.372 of their Semeru Runtime, Open Edition, as part of their quarterly update. Further details on this release may be found in the release notes.

Micronaut

On the road to version 4.0, the Micronaut Foundation has provided the sixth milestone release of Micronaut 4.0.0 that delivers bug fixes, dependencies upgrades and new features and improvements such as: new interfaces, PropagatedContext and MutablePropagationContext, for HTTP filters; improved selection in the MessageBodyHandler interface; and the ability to make the NettyClientSslBuilder class pluggable. More details on this release may be found in the release notes.

Quarkus

The release of Quarkus 3.1.0.Final provides changes: a new API to programmatically create Reactive REST Clients as an alternative to using a properties file; the ability to customize RESTEasy Reactive response headers and status code for more flexibility in streaming responses; a reactive variant of the Security Jakarta Persistence extension, quarkus-security-jpa-reactive, based on Hibernate Reactive; and the OIDC ID token audience is now verified by default. There were also dependency upgrades to Kotlin 1.8.21 and Oracle JDBC driver 23.2.0.0. Further details on this release may be found in the release notes.

Hibernate

The Hibernate team has provided GA, point and beta releases of Hibernate Reactive, Hibernate ORM and Hibernate Search, respectively.

The release of Hibernate Reactive 2.0.0.Final delivers dependency upgrades and bug fixes such as: the ClassCastException when more than one field is lazy and bytecode enhancement is enabled; pagination not working for some queries with Microsoft SQL Server; and lambda expressions causing a NoSuchMethodError exception on application startup. This new version is compatible with Hibernate ORM 6.2.4.Final and Vert.x SQL client 4.4. More details on this release may be found in the list of issues.

The release of Hibernate ORM 6.2.4.Final ships with bug fixes and notable changes: resolutions to the JDK type pollution issue (JDK-8180450); and remove support for JPA static metamodel generation in the Hibernate Gradle plugin.

The first beta release of Hibernate Search 6.2.0 includes: many bug fixes and improvements; dependency upgrades; compatibility with Elasticsearch 8.8 and OpenSearch 2.7; an upgrade of the -orm6 artifacts to Hibernate ORM 6.2.4.Final; and a new feature, Highlighting in the Search API, a projection that returns fragments from full-text fields of matched documents that caused a query match. The specific terms that caused the match are highlighted with a pair of opening and closing tags such that developers can quickly identify search information on a results page.

Apache Software Foundation

The Apache Software Foundation has provided point and milestone releases of Apache Camel, Apache Camel Quarkus and Apache Tomcat Native Library, an optional component for use with Apache Tomcat that allows Tomcat to use OpenSSL as a replacement for Java Secure Socket Extension (JSSE) to support TLS connections.

The release of Apache Camel 3.14.8 features dependency upgrades and notable bug fixes such as: suppressed exceptions in the RedeliveryErrorHandler class cause a memory leak and logging issue; an application does not recover due to waiting threads when the thread pool from the NettyProducer class is exhausted; and the onFailure() callback method defined in the OnCompletionProcessor class is executed more than once. Further details on this release may be found in the release notes.

Apache Tomcat Native 2.0.4 has been released with dependency upgrades to Apache Portable Runtime (APR) 1.7.4 and OpenSSL 3.0.9. More details on this release may be found in the changelog.

Similarly, Apache Tomcat Native 1.2.37 has also been released with dependency upgrades to APR 1.7.4 and OpenSSL 1.1.1u. Further details on this release may be found in the changelog.

The second milestone release of Camel Quarkus 3.0.0 features numerous resolved issues such as: intermittent failures in JDBC native tests and the MyBatisConsumerTest class; a JDBC resource leak from the CamelJdbcTest class; and support for Groovy causes a failure with continuous integration. This version aligns with Quarkus 3.1.0.Final and Camel 4.0.0-M3. More details on this release may be found in the release notes.

JetBrains

JetBrains has provided point releases for Ktor, an asynchronous framework for creating microservices and web applications, and Multik, a multidimensional array library for Kotlin.

The release of Ktor 2.3.1 delivers notable bug fixes such as: Ktor Client under Javascript unable to stream responses from a server; requests to a non-existing route causing the server to lock up after responding with HTTP 404 (a potential DoS); and YAML configuration unable to read variables from itself. Further details on this release may be found in the release notes.

The release of Multik 0.2.2 provides new features that include: extended support for all JVM platforms in the multik-default module; functionality to create an array from lists of different sizes; a stub for singular value decomposition; and support for the npy and npz formats for JVM in the multik-core module. There were also dependency upgrades to Kotlin 1.8.21 and OpenBLAS 0.3.23.

JobRunr

JobRunr 6.2.1 has been released with bug fixes to resolve compatibility issues with: Quarkus 3.0 when using JSONB; and Java Records not working with the JacksonJsonMapper class.

JDKMon

Version 17.0.63 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version provides an enhancement related to loading common vulnerabilities and exposures.

Gradle

The first release candidate of Gradle 8.2 features improvements such as: new reference documentation for the Kotlin DSL; clean and actionable error reporting for the console output; and dependency verification that mitigates security risks with compromised dependencies. More details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for May 22nd, 2023 features news from OpenJDK, JDK 21, Spring Cloud 2022.0.3, Spring Shell 3.1.0, 3.0.4 and 2.1.10, Spring Security Kerberos 2.0-RC2, Payara Platform, Quarkus 3.0.4 and 2.13.8, WildFly 28.0.1, Micronaut 4.0-M5, Helidon 2.6.1, MicroStream 8.1.0, Apache Camel 3.20.5, JDKMon 17.0.61, JHipster Lite 0.33.0, Java’s 28th Birthday and Azul State of Java survey.

OpenJDK

JEP 451, Prepare to Disallow the Dynamic Loading of Agents, has been promoted from Candidate to Proposed to Target for JDK 21. Originally known as Disallow the Dynamic Loading of Agents by Default, and following the approach of JEP Draft 8305968, Integrity and Strong Encapsulation, this JEP has evolved from its original intent to disallow the dynamic loading of agents into a running JVM by default to issue warnings when agents are dynamically loaded into a running JVM. Goals of this JEP include: reassess the balance between serviceability and integrity; and ensure that a majority of tools, which do not need to dynamically load agents, are unaffected. The review is expected to conclude on May 31, 2023. InfoQ will follow up with a more detailed news story.

In response to numerous questions about the design philosophy of the exhaustiveness checking in pattern switch, Brian Goetz, Java language architect at Oracle, and Gavin Bierman, consulting member of technical staff at Oracle, have published a document detailing the connection between the properties of unconditionality, exhaustiveness and remainder.

JDK 21

Build 24 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 23 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

The release of Spring Cloud 2022.0.3, codenamed Kilburn, delivers compatibility with Spring Boot 3.1 and updates to Spring Cloud sub-projects such as: Spring Cloud OpenFeign 4.0.3, Spring Cloud Commons 4.0.3, Spring Cloud Kubernetes 3.0.3 and Spring Cloud Starter Build 2022.0.3. There are, however, breaking changes with the removal of sub-projects: Spring Cloud CLI, Spring Cloud for Cloud Foundry and Spring Cloud Sleuth. More details on this release may be found in the release notes.

Versions 3.1.0, 3.0.4 and 2.1.10 of Spring Shell have been released featuring notable fixes such as: an instance of the ConfirmationInput class does not show the option selected when typing; and having target method argument as a boolean argument fails if the @Option or @ShellOption annotations are not used. These versions build upon Spring Boot versions 3.1.0, 3.0.7 and 2.7.12, respectively. Further details on these releases may be found in the release notes for version 3.1.0, version 3.0.4 and version 2.1.10.

The second release candidate of Spring Security Kerberos 2.0.0 features a dependency upgrade to Spring Security 6.1.0. More details on this release may be found in the release notes.

Payara

Payara has released their May 2023 edition of the Payara Platform that includes Community Edition 6.2023.5, Enterprise Edition 6.2.0 and Enterprise Edition 5.51.0. All three versions feature resolutions to: address CVE-2023-1370, a vulnerability in which the unregulated recursive parsing of JSON nested arrays and objects in Json-smart, a JSON processor library, may lead to a stack overflow and crash the software; and the exception “JVM option${ } already exists in the configuration” upon creating JVM option using Web UI. There were also dependency upgrades to: Jackson 2.15.0, SnakeYAML 2.0, JSON Smart 2.4.10 and Docker Image for JDKs 8u372, 11.0.19, and 17.0.7. Further details on these versions may be found in the release notes for Community Edition 6.2023.5, Enterprise Edition 6.2.0 and Enterprise Edition 5.51.0.

Quarkus

Quarkus 3.0.4.Final, the third maintenance release (version 3.0.1 was the initial release), provides improvements in documentation and notable bug fixes such as: failed native image builds when the quarkus.package.output-directory property is set; a “No current injection point found” error when using a @ConfigMapping in conjunction with an onStartup() method; and fix location and content location headers in RestEasy Reactive. More details on this release may be found in the changelog.

Similarly, Quarkus 2.13.8 was also released with notable bug fixes, many of them backports, such as: a fix for the warning message quarkus.oidc.application-type=service; encrypt the OIDC session cookie value by default; filter out RESTEasy-related warning related to an Apache HTTP Client not being closed in the ProviderConfigInjectionWarningsTest class; and a recent Netty version update that introduced warnings while building a native image of MongoDB Client. Further details on this release may be found in the release notes.

WildFly

WildFly 28.0.1 has been released featuring dependency upgrades and notable bug fixes such as: the testContextPropagation() test defined in the ContextPropagationTestCase class will occasionally fail when using Long Running Actions; a deployable, yet non-functional QS app on OpenShift resulting from an update to Helm Charts in todo-backend, a quickstart for backend deployment on OpenShift; and the isExpired() method defined in the ExpirationMetaData interface does not conform to the logic in the LocalScheduler class.

Micronaut

On the road to version 4.0, the Micronaut Foundation has released Micronaut 4.0.0-M5 featuring numerous dependency upgrades and improvements such as: add @BootstrapContextCompatible, an annotation indicating that a bean can be loaded into the Bootstrap Context, to JSON message readers; the ability to disable SLF4J initialization when Micronaut environments are used in Micronaut OpenAPI; and use the bean definition type for unexpected duplicate beans in custom singleton-like scope based on the AbstractConcurrentCustomScope class. More details on this release may be found in the release notes.

Helidon

Oracle has released Helidon 2.6.1 with dependency upgrades and notable changes such as: update the isReleased() method defined in the ByteBufDataChunk class to use an instance of the AtomicBoolean class to prevent race conditions that may call the release callback more than once; add the @Target(ElementType.METHOD) annotation for the @MPTest annotation to specify a specific target; and fixes for the overloaded create() methods defined in the WritableMultiPart class. Further details on this release may be found in the release notes.

MicroStream

The release of MicroStream 8.1.0 delivers integration with Quarkus 3 and a fix for which the Stream API doesn’t unload as expected when using the Lazy Collections API.

The Micronaut team has also introduced the Quarkus Extension for MicroStream that allows accessing the functionality of MicroStream in Quarkus applications through the use of annotations.

Apache Camel

Apache Camel 3.20.5 has been released featuring bug fixes, dependency upgrades and improvements, primarily in the camel-jbang module, such as the ability to: load YAML files that only define Java beans; use a filename to generate the ID of a route when creating a Camel file in the XML DSL with camel-jbang; and run camel-jbang from an empty folder and then reload when new files are added. More details on this release may be found in the release notes.

JDKMon

Version 17.0.61 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version: adds a property to the jdkmon.properties file to disable notifications; and provides fixes to issues related to detected CPU architectures and multiple builds of the same JDK version.

JHipster

The JHipster team has released version 0.33.0 of JHipster Lite with many dependency upgrades and notable changes such as: sharing module properties between landscape and patch screens; a fix on native hints for the integration of JGit; and the addition of the DestroyRef provider. Further details on this release may be found in the release notes.

Happy 28th Birthday, Java!

Java turned 28 years old this past week as the language was introduced at the SunWorld 1995 conference on May 23, 1995. The Java developer relations team at Oracle celebrated with a 28 Hours of Java event hosted by Ana Maria Mihalceanu, Nicolai Parlog and Sharat Chander. Topics included: live coding and exploration, presentations, conversations with Java luminaries, and fun games. This was the agenda:

• An exploration on JUnit Pioneer with Nicolai.
• Data-Oriented Programming in Java (21) presented by Nicolai.
• A conversation with Gavin Bierman on pattern matching facilitated by Nicolai.
• Exploring JEP 451, Prepare to Disallow the Dynamic Loading of Agents, and JEP Draft 8305968, Integrity and Strong Encapsulation, with Nicolai.
• A conversation with Ron Pressler discussing platform integrity (JEP Draft 8305968), JEP 445, Unnamed Classes and Instance Main Methods (Preview), and JEP 453, Structured Concurrency (Preview), facilitated by Nicolai.
• Growing Up with Java presented by Ana.
• Playing Byte Legend with Ana.
• Java State of the Union and Why Community Matters presented by Sharat.
• A roundtable discussion with Pratik Patel, Mohammed Aboullaite, Venkat Subramaniam, Andres Almiray, Ixchel Ruiz and Vincent Mayers facilitated by Sharat.
• A conversation with Brian Goetz, facilitated by Nicolai, discussing Project Valhalla with a focus on how to surface value and primitive types and nullability in the language.
• A conversation with Gunnar Morling facilitated by Nicolai.
• Java Next presented by Nicolai.
• Playing Slay the Spire (written in Java) and exploring modding with Nicolai.
• Project Amber: The SolutionFactory To Java’s Problems presented by Nicolai.
• From Idea to IDE presented by Nicolai.
• Ask Me Anything session with Nicolai.
• Closing remarks by Nicolai.

This special event was live-streamed on the Java YouTube channel.

Developer Surveys

Azul has launched their State of Java survey in which the areas of study include: OpenJDK distributions and Java versions developers are using; Java-based infrastructures and languages; and Java applications running in public clouds. The survey closes on June 15, 2023.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for May 15th, 2023 features news from OpenJDK, JDK 21, Azul Zulu, point releases of Spring Boot, Spring Security, Spring Security Kerberos, Spring Integration, Spring Batch, Spring for GraphQL, Spring Authorization Server, Spring LDAP, Micronaut, Open Liberty, TornadoVM, Hibernate ORM, Apache TomEE, Apache Tika, OpenXava, JBang, JDKMon and Spring I/O conference.

OpenJDK

JEP 449, Deprecate the Windows 32-bit x86 Port for Removal, has been promoted from Proposed to Target to Targeted for JDK 21. This feature JEP, introduced by George Adams, senior program manager at Microsoft, proposes to deprecate the Windows x86-32 port with the intent to remove it in a future release. With no intent to implement JEP 436, Virtual Threads (Second Preview), in 32-bit platforms, removing support for this port will enable OpenJDK developers to accelerate development of new features.

JEP 445, Unnamed Classes and Instance Main Methods (Preview), has been promoted from Proposed to Target to Targeted for JDK 21. This feature JEP, formerly known as Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java language architect at Oracle. Gavin Bierman, consulting member of technical staff at Oracle, has published the first draft of the specification document for review by the Java community. InfoQ will follow up with a more detailed news story.

JEP 443, Unnamed Patterns and Variables (Preview), has been promoted from Proposed to Target to Targeted for JDK 21. This preview JEP proposes to “enhance the language with unnamed patterns, which match a record component without stating the component’s name or type, and unnamed variables, which can be initialized but not used.” Both of these are denoted by the underscore character as in r instanceof _(int x, int y) and r instanceof _.

JEP 404, Generational Shenandoah (Experimental), has been promoted from Proposed to Target to Targeted for JDK 21. This JEP proposes to “enhance the Shenandoah garbage collector with generational collection capabilities to improve sustainable throughput, load-spike resilience, and memory utilization.” Compared to other garbage collectors, such as G1, CMS and Parallel, Shenandoah currently requires additional heap headroom and has a more difficult time recovering space occupied by unreachable objects. InfoQ will follow up with a more detailed news story.

JEP 452, Key Encapsulation Mechanism API, has been promoted from Candidate to Proposed to Target for JDK 21. This feature JEP type proposes to: satisfy implementations of standard Key Encapsulation Mechanism (KEM) algorithms; satisfy use cases of KEM by higher level security protocols; and allow service providers to plug-in Java or native implementations of KEM algorithms. This draft was recently updated to include a major change that eliminates the DerivedKeyParameterSpec class in favor of placing fields in the argument list of the encapsulate(int from, int to, String algorithm) method. The review is expected to conclude on May 26, 2023. InfoQ will follow up with a more detailed news story.

Ron Pressler, architect and technical lead for Project Loom at Oracle, has announced several changes to JEP 453, Structured Concurrency (Preview). Still in Candidate status, changes in this feature include: the TaskHandle interface has been renamed to Subtask; a fix to correct the generic signature of the handleComplete() method; a change to the states and behavior of subtasks on cancellation; and a new currentThreadEnclosingScopes() method defined in the Threads class that returns a string with the description of the current structured context.

JDK 21

Build 23 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 22 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Azul

Azul has announced that Zulu, their downstream distribution of OpenJDK, now supports Coordinated Restore at Checkpoint (CRaC) to reduce Java application startup and warm up times. InfoQ will follow up with a more detailed news story.

Spring Framework

The release of Spring Boot 3.1.0 delivers notable new features such as: support for managing external services at development time using Testcontainers and Docker Compose; simplified configuration of Testcontainers in integration tests; centralized and expanded configuration of SSL trust material for connections; and auto-configuration for Spring Authorization Server. There were also dependency upgrades to Spring Data 2023.0, Spring GraphQL 1.2, Spring Integration 6.1, Spring Security 6.1 and Spring Session 3.1. More details on this release may be found in the release notes.

Versions 3.0.7, 2.7.12, 2.6.15 and 2.5.15 of Spring Boot have been released featuring bug fixes, improvements in documentation and dependency upgrades and resolutions to mitigate: CVE-2023-20883, Spring Boot Welcome Page DoS Vulnerability, a vulnerability in which there is potential for a denial-of-service (DoS) attack if Spring MVC is used together with a reverse proxy cache; and CVE-2023-20873, Security Bypass With Wildcard Pattern Matching on Cloud Foundry, a vulnerability in which an application deployed to Cloud Foundry could be susceptible to a security bypass with requests that match the /cloudfoundryapplication/** endpoint. Further details on these releases may be found in the release notes for version 3.0.7, version 2.7.12, version 2.6.15 and version 2.5.15.

The release of Spring Security 6.1.0 delivers new features: a more comprehensive explanation for deprecating the and() method in favor of lambda DSLs for configuring Spring Security; and improved documentation for Cross-Site Request Forgery (CSRF). More details on this release may be found in the release notes.

The first release candidate of Spring Security Kerberos 2.0.0 features improvements in documentation and a re-implementation/migration of the utilities in spring-security-kerberos-test as the Apache directory server libraries have undergone many refactorings. Further details on this release may be found in the release notes.

The release of Spring Integration 6.1 delivers notable changes such as: additional diagnostics for testing the SftpRemoteFileTemplateTests class; fix memory leak in the FluxMessageChannel class; improvements and cleanup of the ImapMailReceiverTests class; and a new PartitionedChannel class for partitioned message dispatching. More details on this release may be found in the release notes.

Spring Batch 5.0.2 has been released featuring bug fixes, improvements in documentation and new features such as: allow the StaxEventItemReader class to auto-detect the input file encoding; a change in which the JobParameters class now uses an instance of LinkedHashMap instead of HashMap in the constructor and the getParameters() method to guarantee input order; and a reduction in the use of deprecated APIs. Further details on this release may be found in the release notes.

Spring for GraphQL 1.2.0 has been released with new features such as support for: the @GraphQlExceptionHandler annotation methods in the AOT processor; nested paths in GraphQlTester interface; schema mapping inspection for the @BatchMapping annotation methods. More details on this release may be found in the release notes.

Similarly, Spring for GraphQL 1.1.4 has also been released to provide bug fixes, dependency upgrades, improvements in documentation and a new feature in which the ClientGraphQlRequest interface passes attributes to a request from the WebClient interface. Further details on this release may be found in the release notes.

The release of Spring Authorization Server 1.1.0 ships with dependency upgrades and new features such as: a simplified federated login and updated UI design in the demo sample; the addition of a logout success page to default client sample; and a revocation of tokens if authorization code is used more than once. More details on this release may be found in the release notes.

Versions 3.1.0 and 3.0.3 of Spring LDAP 3.1.0 have been released featuring: dependency upgrades such as Spring Security 5.8.3 and 5.7.8 and Jackson 2.15.0 and 2.14.3, respectively; and a new feature in version 3.0.3 in which there was calcification on the use of attribute mapping with the @DnAttribute annotation. Further details on these releases may be found in the release notes for version 3.1.0 and version 3.0.3.

Micronaut

The Micronaut Foundation has released Micronaut Framework 3.9.2 featuring bug fixes and updates to modules: Micronaut Azure, Micronaut AWS, Micronaut GCP, Micronaut OpenAPI, Micronaut SQL and Micronaut Kubernetes. More details on this release may be found in the release notes.

Open Liberty

IBM has released Open Liberty 23.0.0.5-beta featuring: continued enhancements to InstantOn, their new feature that provides faster startup times for MicroProfile and Jakarta EE applications; and the latest updates to the preview for the Jakarta Data specification.

TornadoVM

TornadoVM, an open-source software technology company, has released TornadoVM version 0.15.1 that ships with delivers bug fixes and notable improvements such as: improved compatibility with Apple M1/M2 through the OpenCL Backend; introduction of a device selection heuristic based on the computing capabilities of devices; integration and compatibility with the Graal 22.3.2 JIT compiler; optimisation of removing redundant data copies for read-only and write-only buffers from between the host (CPU) and the device (GPU) based on the Tornado Data Flow Graph; improved integration of GraalVM/Truffle programs; and the option to dump the TornadoVM bytecodes for unit tests. Further details on this release may be found in the release notes.

Juan Fumero, research associate, Advanced Processor Technologies Research Group at The University of Manchester, introduced TornadoVM at QCon London in March 2020 and has since contributed this more recent InfoQ technical article.

Hibernate

Hibernate ORM 6.2.3.Final has been released featuring bug fixes, performance improvements and HQL support for the native PostGIS distance operators. More details on this release may be found in the list of changes.

Apache Software Foundation

The release of Apache TomEE 8.0.15 features bug fixes, dependency upgrades and resolutions to mitigate: CVE-2022-1471, a vulnerability in which the deserialization of types using the SnakeYAML Constructor() class will allow an attacker to initiate a malicious remote code execution; CVE-2023-28708, a vulnerability in which using the RemoteIpFilter class, with requests received from a reverse proxy via HTTP that include the X-Forwarded-Proto header set to HTTPS, session cookies created by Tomcat did not include the secure attribute. This vulnerability could result in an attacker transmitting a session cookie over an insecure channel; and CVE-2023-24998, a vulnerability in Apache Commons FileUpload such that an attacker can trigger a denial-of-service with malicious uploads due to the number of processed request parts is not limited. Further details on this release may be found in the release notes.

Apache Tika 2.8.0 has been released delivering new features such as: enable counting and/or parsing of incremental updates in PDFs; enable optional extraction of file system metadata in the FileSystemFetcher class; allow pretty printing from the FileSystemEmitter class; and improve embedded file extraction from PDFs. More details on this release may be found in the release notes.

OpenXava

OpenXava 7.1 has been released that ships with bug fixes, dependency upgrades and new features such as: the calendar in list mode; enhancements to web security that include mitigating CVEs; the ability to annotate properties to indicate a data input mask with the new @Mask annotation; and a rich new text editor. Further details on this release may be found in the release notes.

JBang

The release of JBang 0.107.0 provides support for JDK 21 with a new --enable-preview flag and notable fixes such as: export will now create the missing output folders; PicoCLI no longer throws exceptions for certain configuration values; and a resolution to unnecessary lookups in the JBang alias list.

JDKMon

Version 17.0.59 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version provides changes such as: improved support on Linux; and fixes related to CVE detection.

Spring I/O Conference

The 10th annual Spring I/O conference was held at the Fira de Barcelona at Montjuïc in Barcelona, Spain this past week. Celebrating their 10th anniversary, speakers from the Java community presented sessions and workshops on Spring projects, GraalVM, native Java, enterprise security, domain-driven design and cloud computing.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for May 8th, 2023 features news from OpenJDK, JDK 21, GraalVM Native Build Tools 0.9.22, Spring Framework, Spring Data and Spring Shell releases, Micronaut 4.0-M3, Quarkus 3.0.3, Eclipse Vert.x releases, Micrometer Metrics and Tracing releases, Groovy 4.0.12, Tomcat releases, Maven 3.9.2, Piranha 23.5.0, Reactor 2022.0.7, JobRunr 6.2, JDKMon releases and Devoxx UK.

OpenJDK

JEP 448, Vector API (Sixth Incubator), has been promoted from Proposed to Target to Targeted for JDK 21. This JEP, under the auspices of Project Panama, incorporates enhancements in response to feedback from the previous five rounds of incubation: JEP 438, Vector API (Fifth Incubator), delivered in JDK 20; JEP 426, Vector API (Fourth Incubator), delivered in JDK 19; JEP 417, Vector API (Third Incubator), delivered in JDK 18; JEP 414, Vector API (Second Incubator), delivered in JDK 17; and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. This feature proposes to enhance the Vector API to load and store vectors to and from a MemorySegment as defined by JEP 424, Foreign Function & Memory API (Preview).

JEP 441, Pattern Matching for switch, has been promoted from Proposed to Target to Targeted for JDK 21. This JEP finalizes this feature and incorporates enhancements in response to feedback from the previous four rounds of preview: JEP 433, Pattern Matching for switch (Fourth Preview), delivered in JDK 20; JEP 427, Pattern Matching for switch (Third Preview), delivered in JDK 19; JEP 420, Pattern Matching for switch (Second Preview), delivered in JDK 18; and JEP 406, Pattern Matching for switch (Preview), delivered in JDK 17. This feature enhances the language with pattern matching for switch expressions and statements. InfoQ will follow up with a more detailed news story.

JEP 440, Record Patterns, has been promoted from Proposed to Target to Targeted for JDK 21. This JEP also finalizes this feature and incorporates enhancements in response to feedback from the previous two rounds of preview: JEP 432, Record Patterns (Second Preview), delivered in JDK 20; and JEP 405, Record Patterns (Preview), delivered in JDK 19. This feature enhances the language with record patterns to deconstruct record values. Record patterns may be used in conjunction with type patterns to “enable a powerful, declarative, and composable form of data navigation and processing.” Type patterns were recently extended for use in switch case labels via: JEP 420, Pattern Matching for switch (Second Preview), delivered in JDK 18, and JEP 406, Pattern Matching for switch (Preview), delivered in JDK 17. The most significant change from JEP 432 removed support for record patterns appearing in the header of an enhanced for statement. InfoQ will follow up with a more detailed news story.

JEP 439, Generational ZGC, has been promoted from Proposed to Target to Targeted for JDK 21. This JEP proposes to “improve application performance by extending the Z Garbage Collector (ZGC) to maintain separate generations for young and old objects. This will allow ZGC to collect young objects, which tend to die young, more frequently.” InfoQ will follow up with a more detailed news story.

JEP 449, Deprecate the Windows 32-bit x86 Port for Removal, has been promoted from Candidate to Proposed to Target for JDK 21. This feature JEP, introduced by George Adams, senior program manager at Microsoft, proposes to deprecate the Windows x86-32 port with the intent to remove it in a future release. With no intent to implement JEP 436, Virtual Threads (Second Preview), in 32-bit platforms, removing support for this port will enable OpenJDK developers to accelerate development of new features. The review is expected to conclude on May 18, 2023.

JEP 443, Unnamed Patterns and Variables (Preview), has been promoted from Candidate to Proposed to Target for JDK 21. This preview JEP proposes to “enhance the language with unnamed patterns, which match a record component without stating the component’s name or type, and unnamed variables, which can be initialized but not used.” Both of these are denoted by the underscore character as in r instanceof _(int x, int y) and r instanceof _. The review is expected to conclude on May 15, 2023.

JEP 453, Structured Concurrency (Preview), has been promoted from its JEP Draft 8306641 to Candidate status. Formerly a incubating API, this initial preview incorporates enhancements in response to feedback from the previous two rounds of incubation: JEP 428, Structured Concurrency (Incubator), delivered in JDK 19; and JEP 437, Structured Concurrency (Second Incubator), delivered in JDK 20. The only significant change features the fork() method defined in the StructuredTaskScope class returns an instance of TaskHandle rather than a Future since the get() method in the TaskHandle interface was restructured to behave the same as the resultNow() method in the Future interface.

JEP 452, Key Encapsulation Mechanism API, has been promoted from its JEP Draft 8301034 to Candidate status. This feature JEP type proposes to: satisfy implementations of standard Key Encapsulation Mechanism (KEM) algorithms; satisfy use cases of KEM by higher level security protocols; and allow service providers to plug-in Java or native implementations of KEM algorithms. This draft was recently updated to include a major change that eliminates the DerivedKeyParameterSpec class in favor of placing fields in the argument list of the encapsulate(int from, int to, String algorithm) method.

JEP 451, Prepare to Disallow the Dynamic Loading of Agents, has been promoted from its JEP Draft 8306275 to Candidate status. Originally known as Disallow the Dynamic Loading of Agents by Default, and following the approach of JEP Draft 8305968, Integrity and Strong Encapsulation, this JEP has evolved from its original intent to disallow the dynamic loading of agents into a running JVM by default to issue warnings when agents are dynamically loaded into a running JVM. Goals of this JEP include: reassess the balance between serviceability and integrity; and ensure that a majority of tools, which do not need to dynamically load agents, are unaffected.

The joint draft specification for JEP 440, Record Patterns, and JEP 441, Pattern matching for switch, has been updated by Gavin Bierman, consulting member of technical staff at Oracle, for review by the Java community. Significant changes include: an update of the specification of type inference for record patterns; and removal of the non-denotable “any”‘ patterns and the process of resolving patterns in favor of a compile-time notion of a type pattern being “null-matching” or not.

John Rose, JVM architect at Oracle, has published a whitepaper that outlines his concerns on how Project Lilliput, with a goal to reduce the object header to 64 bits, could affect development in Project Valhalla.

JDK 21

Build 22 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 21 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 21, developers are encouraged to report bugs via the Java Bug Database.

GraalVM Native Build Tools

On the road to version 1.0, Oracle Labs has released version 0.9.22 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides notable changes such as: a fix for the URL lookup of the GraalVM Reachability Metadata Repository; add support for the default-for attribute; and a dependency upgrade to Metadata 0.3.0. More details on this release may be found in the changelog.

Fabio Niephaus, principal researcher on the GraalVM team at Oracle Labs, has announced improvements to GraalVM memory usage in native image builds. In particular: it only uses available memory, uses less overall memory, and faster builds of large applications after raising the memory limit to 32GB.

Spring Framework

The release of Spring Framework 6.0.9 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: consistent support for the MultiValueMap interface and common Map implementations in the CollectionFactory class; introduce internal constants for implicit bounds in the TypeUtils class; and a new matchesProfiles() method in the Environment interface for profile expressions. More details on this release may be found in the release notes.

Spring Data 2023.0.0, codenamed Ullman, has been released featuring: new keyset-based scrolling for Spring Data MongoDB, Spring Data Neo4j and Spring Data JPA; improved support for AOT processing with Querydsl and Kotlin; and upgrades to the Spring Data sub-projects. More details on this release may be found in the release notes.

Versions 2022.0.6 and 2021.2.12, both service releases of Spring Data, ship with bug fixes and dependency upgrades to sub-projects such as: Spring Data Commons 3.0.6 and 2.7.12; Spring Data MongoDB 4.0.6 and 3.4.12; Spring Data Elasticsearch 5.0.6 and 4.4.12; and Spring Data Neo4j 7.0.6 and 6.3.12.

Versions 3.1.0-RC1, 3.0.3 and 2.1.9 of Spring Shell have been released featuring: a migration of documentation to Asciidoctor Spring Backends; a dependency upgrade to JLine 3.23.0; and a backport of bug fixes. These versions build upon Spring Boot versions 3.1.0-RC2, 3.0.6 and 2.7.11, respectively. More details on these releases may be found in the release notes for version 3.1.0-RC1, version 3.0.3 and version 2.1.9.

Micronaut

The Micronaut Foundation has provided the second and third milestone releases of Micronaut Framework 4.0.0 featuring bug fixes, improvements and new features such as: new interfaces, MessageBodyWriter and MessageBodyReader, that can be used on both the client and the server as a single place to add custom writing and reading responses; support for annotation-based CORS configuration; additional configuration to endpoints for the service-http-client.enabled property with a default set to false; and support for compilation-time checked expressions in Micronaut annotations. More details on these releases may be found in the release notes for version 4.0.0-M2 and version 4.0.0-M3.

Quarkus

Quarkus 3.0.3.Final, the third maintenance release, delivers notable changes such as: a fix for an exception thrown due to null parameter in the SimpleResourceInfo interface in a response filter; improved container runtime detection; a workaround for unnecessary information logs in Hibernate ORM; and a resolution for unexpected behavior in reactive native mode with Quarkus 3.0.1. More details on this release may be found in the changelog.

WildFly

The WildFly team has published the 2023-2024 release plan that includes beta and final releases of WildFly 29 through WildFly 34. Releases were temporarily moved to a feature-boxed approach during the transition to Jakarta EE 10. This new release schedule is a return to the previously-used time-boxed approach.

Eclipse Vert.x

Eclipse Vert.x 4.4.2 has been released with dependency upgrades and notable changes such as: a new messageHandler() method in the GraphQLWSHandler class to intercept messages; a resolution for erratic behavior using concurrent access in the SchemaRepository interface; and an improved toObservable() method in the SQLRowStream class that eliminates a potential NullPointerException. More details on this release may be found in the release notes and deprecations and breaking changes.

Similarly, Eclipse Vert.x 3.9.16 has been released that delivers notable fixes: metrics blocking the event loop after the update to Vert.x 3.9.14; and STOMP server process client frames that initially would not send a connect frame. The 3.9 release train reached end-of-life in 2022, but service releases will be maintained until the end of 2023. More details on this release may be found in the release notes.

Micrometer

Versions 1.11.0, 1.10.7 and 1.9.11 of Micrometer Metrics have been released with new features such as: a reduction of overall memory allocation while exporting metrics using the DynatraceExporterV2 class; compiler parameter metadata in the CountedAspect class is no longer required; and the addition of metrics for the total number of running application threads in the JVM. More details on these releases may be found in the release notes for version 1.11.0, version 1.10.7 and version 1.9.11.

Similarly, versions 1.1.1, 1.1.0, 1.0.6 and 1.0.5 of Micrometer Tracing have been released that provides notable changes that include: a new constructor in the ObservationAwareSpanThreadLocalAccessor class that accepts an instance of the ObservationRegistry interface; align annotations that match changes in Micrometer Metrics; no-op implementations for the Propagator, Propagator.Getter and Propagator.Setter interfaces; and an improved getBaggage() method in the BaggageManager interface that consistently returns an instance of the Baggage interface if baggage doesn’t exist. More details on these releases may be found in the release notes for version 1.1.1, version 1.1.0, version 1.0.6 and version 1.0.5.

Apache Software Foundation

The release of Apache Groovy 4.0.12 features bug fixes, dependency upgrades and improvements: a more detailed error message when applying an instance of the ClassNode class using generics in Abstract Syntax Tree (AST) Transformations; support for virtual threads in the Groovy-Integrated Query (GINQ); and bytecode optimizations for generated methods using Java records. More details on this release may be found in the release notes.

Versions 11.0.0-M6 and 9.0.75 of Apache Tomcat ship with notable changes such as: improvements to the JsonAccessLogValve class to support more patterns for headers and attributes; improvements to the AccessLogValue class to change output of vertical tab from v to u000b and escape the timestamp output if an instance of the SimpleDateFormat class is used containing verbatim characters. Support for the HTTP connector settings, rejectIllegalHeader and allowHostHeaderMismatch, were deprecated in version 9.0.75 and removed in version 11.0.0-M6 and are now hard-coded to the previous default values. More details on these releases may be found in the release notes for version 11.0.0-M6 and version 9.0.75.

Apache Maven 3.9.2 has been released with improvements such as: issue a warning if a plugin depends on Maven Compat; print suppressed exceptions when a Maven Mojo fails; an improvement and extension of plugin validation; and display additional information when using -Dmaven.repo.local.recordReverseTree=true command line argument. More details on this release may be found in the release notes.

Piranha

The release of Piranha 23.5.0 provides notable changes such as: an update of external components; ensure JDK 18+ modules are released when executing the release with JDK 20; and change --ssl-keystore-file to --https-keystore-file. Also, the MimeTypeManager and LoggingManager interfaces, TEMPDIR extension and Piranha Naming modules were all deprecated. More details on this release may be found in their documentation and issue tracker.

Project Reactor

Project Reactor 2022.0.7, the seventh maintenance release, provides dependency upgrades to reactor-core 3.5.6, reactor-netty 1.1.7 and reactor-kafka 1.3.18. There was also a realignment to version 2022.0.7 with the reactor-pool 1.0.0, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.

JobRunr

The release of JobRunr and JobRunr Pro 6.2.0 delivers: an important bugfix for JobRunr on the Windows platform; improved performance; and dependency upgrades to support Spring Boot 3.0 and Quarkus 3.0. More details on this release may be found in the release notes.

JDKMon

Versions 17.0.57, 17.0.55 and 17.0.53 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, these new versions provide changes such as: CVE detection now supports CVSS 2 and CVSS 3; download dialog for builds of OpenJDK now supports the standard C library (libc) selection, e.g., musl libc; a fix for the Linux script to build the application installer; and the addition of a Linux RPM build for the AArch64 architecture.

Devoxx United Kingdom

Devoxx United Kingdom was held at the Business Design Centre in London, England this past week featuring speakers from the Java community who delivered talks on topics such as: Java, Cloud, Data, AI, Machine Learning, Robotics, Programming Languages, Security, Architecture, Developer Practices and Culture.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for May 1st, 2023 features news from OpenJDK, JDK 21, Spring Boot 3.1.0-RC2, Spring Modulith 0.6, Spring Cloud for Amazon Web Services 3.0.0, Spring Cloud Data Flow 2.10.3, Spring Tools 4.18.2, Infinispan 14.0.9.Final, Open Liberty 23.0.0.4, Quarkus 3.0.2 and 2.16.7, Helidon 3.2.1, Apache Camel 4.0.0-M3, Arquillian 1.7.0 and OptaPlanner transitions to Timefold.

OpenJDK

JEP 448, Vector API (Sixth Incubator), has been promoted from Candidate to Proposed to Target for JDK 21. This JEP, under the auspices of Project Panama, incorporates enhancements in response to feedback from the previous five rounds of incubation: JEP 438, Vector API (Fifth Incubator), delivered in JDK 20; JEP 426, Vector API (Fourth Incubator), delivered in JDK 19; JEP 417, Vector API (Third Incubator), delivered in JDK 18; JEP 414, Vector API (Second Incubator), delivered in JDK 17; and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. This feature proposes to enhance the Vector API to load and store vectors to and from a MemorySegment as defined by JEP 424, Foreign Function & Memory API (Preview). The review is expected to conclude on May 9, 2023.

JEP 445, Unnamed Classes and Instance Main Methods (Preview), has been promoted from Candidate to Proposed to Target status for JDK 21. This feature JEP, formerly known as Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java language architect at Oracle. Gavin Bierman, consulting member of technical staff at Oracle, has published the first draft of the specification document for review by the Java community. The review is expected to conclude on May 12, 2023. InfoQ will follow up with a more detailed news story.

JEP 441, Pattern Matching for switch, has been promoted from Candidate to Proposed to Target for JDK 21. This JEP also finalizes this feature and incorporates enhancements in response to feedback from the previous four rounds of preview: JEP 433, Pattern Matching for switch (Fourth Preview), delivered in JDK 20; JEP 427, Pattern Matching for switch (Third Preview), delivered in JDK 19; JEP 420, Pattern Matching for switch (Second Preview), delivered in JDK 18; and JEP 406, Pattern Matching for switch (Preview), delivered in JDK 17. This feature enhances the language with pattern matching for switch expressions and statements. The review is expected to conclude on May 11, 2023. InfoQ will follow up with a more detailed news story.

JEP 440, Record Patterns, has been promoted from Candidate to Proposed to Target for JDK 21. This JEP finalizes this feature and incorporates enhancements in response to feedback from the previous two rounds of preview: JEP 432, Record Patterns (Second Preview), delivered in JDK 20; and JEP 405, Record Patterns (Preview), delivered in JDK 19. This feature enhances the language with record patterns to deconstruct record values. Record patterns may be used in conjunction with type patterns to “enable a powerful, declarative, and composable form of data navigation and processing.” Type patterns were recently extended for use in switch case labels via: JEP 420, Pattern Matching for switch (Second Preview), delivered in JDK 18, and JEP 406, Pattern Matching for switch (Preview), delivered in JDK 17. The most significant change from JEP 432 removed support for record patterns appearing in the header of an enhanced for statement. The review is expected to conclude on May 11, 2023. InfoQ will follow up with a more detailed news story.

JEP 439, Generational ZGC, has been promoted from Candidate to Proposed to Target for JDK 21. This JEP proposes to “improve application performance by extending the Z Garbage Collector (ZGC) to maintain separate generations for young and old objects. This will allow ZGC to collect young objects, which tend to die young, more frequently.” The review is expected to conclude on May 10, 2023. InfoQ will follow up with a more detailed news story.

JEP 404, Generational Shenandoah (Experimental), has been promoted from Candidate to Proposed to Target status for JDK 21. This JEP proposes to “enhance the Shenandoah garbage collector with generational collection capabilities to improve sustainable throughput, load-spike resilience, and memory utilization.” Compared to other garbage collectors, such as G1, CMS and Parallel, Shenandoah currently requires additional heap headroom and has a more difficult time recovering space occupied by unreachable objects. The review is expected to conclude on May 12, 2023. InfoQ will follow up with a more detailed news story.

JEP 450, Compact Object Headers (Experimental), has been promoted from its JEP Draft 8294992 to Candidate status. Under the auspices of Project Lilliput, the JEP draft proposes to reduce the size of Java object headers from 96 or 128 bits to 64 bits. Project Lilliput, created by Roman Kennke, principal engineer at Amazon Web Services, marked a milestone 1 in May 2022 by achieving 64-bit headers.

Daniel Smith, Programming Language Designer at Oracle, has announced that JEP 401, formerly known as Null-Restricted Value Object Store (Preview) and Primitive Classes (Preview), has been renamed to Flattened Heap Layouts for Value Objects. Smith has provided an updated specification document for review by the Java community.

JDK 21

Build 21 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 20 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

The second release candidate of Spring Boot 3.1.0 ships with new features such as: change the default shutdown in the DockerComposeProperties class to stop; automatically apply the TestcontainersLifecycleApplicationContextInitializer class for context tests; and the addition of Docker Compose service connection support for the SQL Server, Oracle Database, Liquibase, Flyway and Cassandra databases. There was also a deprecation of the Couchbase SSL keystore properties, spring.couchbase.env.ssl.key-store and spring.couchbase.env.ssl.key-store-password, in favor of SSL bundle support in Couchbase. More details on this release may be found in the release notes.

The release of Spring Modulith 0.6 delivers bug fixes, dependency upgrades and notable new features such as: auto-configuration for MongoDB transactions if the event publication registry is used; the event publication registry now enables asynchronous processing and shutdown behavior; the @EnableScenario annotation for using the Scenario Testing API with @SpringBootTest integration tests; and support for jMolecules architecture stereotypes in the Application Module Canvas. The Spring Modulith team has also decided to elevate this project into a top-level, non-experimental Spring project. The plan is to release a 1.0-M1 version after the GA release of Spring Boot 3.1. Further details on this release may be found in the release notes.

Version 3.0.0 of Spring Cloud for Amazon Web Services has been released with new features: compatibility with Spring Boot 3.0; built on the top of AWS SDK V2 for Java; a completely re-written SQS integration module; and a new integration of DynamoDB. More details on this release may be found in the release notes.

The release of Spring Cloud Data Flow 2.10.3 primarily addresses security issues in transitive dependencies such as: spring-security-oauth2-client-5.4.2; spring-expression-5.2.11; spring-webmvc-5.3.25; json-smart-2.3; and jettison-1.51. There were also dependency upgrades to Spring Boot 2.7.11 and Spring Cloud sub-projects. Further details on this release may be found in the release notes.

Spring Tools 4.18.1 has been released featuring enhancements such as: support for navigating to a Spring property file when inspecting on an @Value annotation; support for the @ConditionalOnProperty annotation in property navigation; and early access to Eclipse 2023-06 milestone builds. The Spring Tools team anticipates version 4.19.0 to be released in late June 2023. More details on this release may be found in the release notes.

Infinispan

Infinispan 14.0.9.Final has been released with notable changes such as: fix the failure of Infinispan third party integration tests with JDK17; document how to monitor cross-site replication; remove the dependency Jaeger test containers; and fix the port number in the properties file. Further details on this release may be found in the changelog.

Open Liberty

IBM has released Open Liberty 23.0.0.4 featuring: container images for the ARM64 architecture along with the existing AMD64, PPC64LE and S390X architectures; and a resolution for CVE-2023-24998, a vulnerability in Apache Commons FileUpload such that an attacker can trigger a denial-of-service with malicious uploads due to the number of processed request parts is not limited.

Quarkus

Quarkus 3.0.2.Final, the second maintenance release, ships with notable changes such as: rename the server-list file to hosts in the Infinispan Dev Services guide; Dev UI2 displaying the wrong Java version; the k3s flavor name is not properly documented in the Kubernetes Dev Services guide; and RESTEasy Reactive streaming resource methods leads to NoSuchMethodException exception in native mode. More details on this release may be found in the release notes.

Quarkus 2.16.7.Final has also been released featuring: a fix for the algorithm comparison bug in OIDC code loading the token decryption key; a minor update to the OIDC UserInfo class throwing NullPointerException if a string or boolean property with a given name does not exist; Quarkus dev mode not working with a certain type of project directory tree when using the @ApplicationScoped annotation; and throw an exception if the OIDC client fails to acquire a token. Further details on this release may be found in the release notes.

Helidon

Oracle has released Helidon 3.2.1 with new features such as: an enabled flag to the JpaExtension class to permit subsequent refactoring and replacement; integration changes with the MicroProfile Rest Client and Fault Tolerance specifications to handle async calls due to an issue with the default invocation context in the Weld specification; and support for different propagators with integration of Jaeger OpenTelemetry. More details on this release may be found in the release notes.

Apache Software Foundation

The third milestone release of Apache Camel 4.0.0 features bug fixes, dependency upgrades and improvements such as: change the default Micrometer meter names to follow the Micrometer naming conventions; support for Micrometer Observation; directly use the HTTP server in the implementation of Spring Boot; and add a listener for added/removed HTTP endpoints that make it easier for runtimes, such as Spring Boot, to use platform-http with Camel and its own HTTP server. Further details on this release may be found in the release notes.

Arquillian

Arquillian 1.7.0.Final has been released featuring: support for Jakarta Servlet 6.0; support for HTTPS in URLs injected with the @ArquillianResource annotation; and a fix for a NoClassDefFoundError exception from the LoggerFactory class when using TestNG 7.5+. More details on this release may be found in the changelog.

OptaPlanner Transitions to Timefold

OptaPlanner, an open source AI constraint solver for software developers, will transition to Timefold, a new planning optimization company created by Maarten Vandenbroucke, co-founder and CEO, and Geoffrey De Smet, co-founder and CTO. Created by De Smet while working at Red Hat as a senior principal software engineer, OptaPlanner has matured under the auspices of Red Hat by providing their own build of OptaPlanner. InfoQ will follow up with a more detailed news story.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for April 24th, 2023 features news from OpenJDK, JDK 21, GlassFish 7.0.4, GraalVM 22.3.2, Microsoft OpenJDK, Spring releases. Quarkus 3.0.0, MicroStream 8.0.0, Micronaut 3.9.1, Hibernate ORM 6.2.2, Hibernate Reactive 2.0.0.CR1, Infinispan 15.0.0.Dev01, Apache Camel 3.20.4, Camel Quarkus 2.13.3, JUnit 5.9.3, JReleaser 1.6.0, JobRunr 6.1.4, JDKMon 17.0.49 and Foojay.io.

OpenJDK

JEP 442, Foreign Function & Memory API (Third Preview), has been promoted from Proposed to Target to Targeted status for JDK 21. This JEP incorporate refinements based on feedback and to provide a third preview from: JEP 434, Foreign Function & Memory API (Second Preview), delivered in JDK 20; JEP 424, Foreign Function & Memory API (Preview), delivered in JDK 19, and the related incubating JEP 419, Foreign Function & Memory API (Second Incubator), delivered in JDK 18; and JEP 412, Foreign Function & Memory API (Incubator), delivered in JDK 17. This feature provides an API for Java applications to interoperate with code and data outside of the Java runtime by efficiently invoking foreign functions and by safely accessing foreign memory that is not managed by the JVM. Updates from JEP 434 include: centralizing the management of the lifetimes of native segments in the Arena interface; enhanced layout paths with a new element to dereference address layouts; and removal of the VaList class.

JDK 21

Build 20 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 19 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 21, developers are encouraged to report bugs via the Java Bug Database.

GlassFish

The release of GlassFish 7.0.4 ships with dependency upgrades and bug fixes such as: redirections from the Admin Console that result in a blank page upon deployment/undeployment of an application; a potential leak when a resource is loaded from a class within an EAR/JAR file that is invoked from a dynamically loaded class by a custom class loader; and an empty list for configuration templates from the Admin Console upon creating new configuration. The one new feature in this new version is the ability to add methods to build classpath of the ScatteredArchive class from the current classpath. More details on this release may be found in the release notes.

GraalVM

Oracle Labs has released the Community Edition of GraalVM 22.3.2 that aligns with the April 2023 edition of the Oracle Critical Patch Update Advisory. This release includes the updated versions of OpenJDK 17.0.7 and 11.0.19, and Node.js 16.19.1. Further details on this release may be found in the release notes.

Microsoft Build of OpenJDK

Also concurrent with Oracle’s Critical Patch Update for April 2023, Microsoft has released their patch and security update of Microsoft Build of OpenJDK featuring numerous patch releases of their downstream distributions of OpenJDK 17 and OpenJDK 11. This release also included: improvements to their experimental Escape Analysis feature, enabling the Class Data Sharing (CDS) archives in the MIcrosoft Build of OpenJDK 17 binaries; and a non-root user in the container images for developers interested in enhanced security at the container level. More details on this release and the Escape Analysis feature may be found in the release notes and this detailed InfoQ news story.

Spring Framework

Spring Cloud 2021.0.7, codenamed Jubilee, has been released featuring updates to sub-projects such as: Spring Cloud Gateway 3.1.7, Spring Cloud Config 3.1.7, Spring Cloud Kubernetes 2.1.7 and Spring Cloud Sleuth 3.1.8. Further details on this release may be found in the release notes.

The first milestone release of Spring Security Kerberos 2.0.0 was made available this past week featuring support for Spring Boot 3.0 and Spring Security 6.0. This new version also includes: an upgrade to Gradle 8.0, a migration of the documentation to Antora, and a reboot of the project with Spring Boot 3.0. More details on this release may be found in the release notes.

Quarkus

After six alpha releases, one beta release and two release candidates, the much anticipated GA release of Quarkus 3.0 was made available by Red Hat this past week. New features include: support for Jakarta EE 10, MicroProfile 6.0, Hibernate ORM 6.0 and Hibernate Reactive 2.0; a more extensible and easier-to-use Dev UI with a new-and-improved look-and-feel; and an upgrade to SmallRye Mutiny 2.0.0 that uses the Java Flow API instead of Reactive Streams. Further details on this release may be found in the release notes for version 3.0.1 and version 3.0.0. InfoQ will follow up with a more detailed news story.

MicroStream

MicroStream released version 8.0 of their Java-native persistence layer product that delivers: a minimal version of JDK 11; full implementation of their Lazy Collections; improvements in the JDK 17 binary type handler; a more secure SBOM; support for multiple implementations of the StorageManager interface within Spring Boot 2.x; integration with Quarkus; and an updated integration of the Jakarta EE Contexts and Dependency Injection (CDI) specification. More details on this release may be found in the release notes and InfoQ will follow up with a more detailed news story.

Micronaut

The Micronaut Foundation has released Micronaut Framework 3.9.1 featuring bug fixes and updates to modules: Micronaut AWS and Micronaut Kafka. There was also a dependency upgrade to GraalVM 22.3.2. Further details on this release may be found in the release notes.

Hibernate

Hibernate ORM 6.2.2.Final has been released with bug fixes and improvements such as: improved performance of batch fetch loading, via the @BatchSize annotation, for enhanced caching of SQL AST; and the ability to utilize a SQL ARRAY valued parameter to pass all IDs at once when loading entities or collections by multiple keys. This is implemented for all multi-key loads via batch fetching and the byMultipleIds() and byMultipleNaturalId() methods defined in the Session interface.

The first release candidate of Hibernate Reactive 2.0.0 delivers compatibility with Hibernate ORM 6.2 and Vert.x 4.4. Other notable changes include: improved scalability of the BlockingIdentifierGenerator class; allow use of SQL Server Dialect 11+; a resolution for a ClassCastException in Db2; and a fix for saving a one-to-many relationship that was broken in Hibernate Reactive 2.0.0.Beta1. More details on this release may be found in the list of issues.

Infinispan

The first development build of Infinispan 15.0.0 ships with support for: Jakarta EE; a JDK 17 baseline; JDK 21 and virtual threads; Quarkus 3.0; Spring Framework 6.0; and Spring Boot 3.0. Support for JCache will be limited as any components requiring Java EE will be removed.

Apache Software Foundation

The release of Apache Camel 3.20.4 provides bug fixes, dependency upgrades and improvement such as: a default REST DSL type in the camel-jbang generator; add functions to the Simple Expression Language to create an empty Map, List, String or JSON file; and include the jackson-jq module within the camel-jq module that developers may find useful in their JQ expressions. Further details on this release may be found in the release notes.

To maintain alignment with Quarkus 2.13.3, Camel Quarkus 2.13.3 has been released to primarily address bug fixes. More details on this release may be found in the release notes.

JUnit

JUnit 5.9.3 has been released featuring notable bug fixes such as: exceptions thrown for files that cannot be deleted when cleaning up a temporary directory created via the @TempDir annotation now include the root cause; parameter types for local @MethodSource factory method names are now validated; and lifecycle methods are once-again allowed to be declared as private to maintain backwards compatibility for now. However, developers are strongly discouraged from using private visibility for lifecycle methods and doing so will be disallowed in a future release.

JReleaser

Version 1.6.0 of JReleaser, a Java utility that streamlines creating project releases, has been released delivering new features such as support for: OpenCollective as an announcer; CycloneDX as a cataloger; Apache NetBeans modules; enable finer control when evaluating Maven Central rules; Jib as a packager; and additional Disco API package parameters. Further details on this release may be found in the release notes.

JobRunr

JobRunr 6.1.4 has been released providing notable bug fixes: the recurringJobExists() method in the StorageProvider interface returns different results depending on the database; using multiple data sources in Spring Boot not working; and DocumentDB not working due to an incompatible index. There was also improved documentation for the StorageProvider API.

JDKMon

Versions 17.0.49 and 17.0.47 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version fixes an issue related to updating the CVE database, provides dependency upgrades and moves to Gradle 8.0.2 as the build tool.

Foojay.io

Foojay.io, the Friends of OpenJDK resource for Java developers, have provided their Java community calendar for developers to view and add events such as conferences and Java User Group meetups. The calendar is open for adding content without the need for a special account and the content is moderated.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for April 17th, 2023 features news from OpenJDK, JDK 21, JMC 8.3.1, BellSoft, Spring Boot, Spring Security, Spring Session, Spring Authorization Server, Spring Integration, Spring for GraphQL and Spring Shell, WildFly 28, Payara Platform, Open Liberty 23.0.0.4-beta, Micronaut 3.9, Apache Tomcat updates, Ktor 2.3, JHipster Lite 0.32, JBang 0.106.3 and Gradle 8.1.1.

OpenJDK

JEP 446, Scoped Values (Preview), has been promoted from its JEP Draft 8304357 to Candidate status. Formerly known as Extent-Local Variables (Incubator), this JEP is now a preview feature following JEP 429, Scoped Values (Incubator), delivered in JDK 20. This JEP proposes to enable sharing of immutable data within and across threads. This is preferred to thread-local variables, especially when using large numbers of virtual threads.

JEP 447, Statements before super(), has been promoted from its JEP Draft 8300786 to Candidate status. This JEP, under the auspices of Project Amber, proposes to: allow statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors. Gavin Bierman, consulting member of technical staff at Oracle, has provided an initial specification of this JEP for the Java community to review and provide feedback.

JEP 448, Vector API (Sixth Incubator), has been promoted from its JEP Draft 8305868 to Candidate status. This JEP, under the auspices of Project Panama, incorporates enhancements in response to feedback from the previous five rounds of incubation: JEP 438, Vector API (Fifth Incubator), delivered in JDK 20; JEP 426, Vector API (Fourth Incubator), delivered in JDK 19; JEP 417, Vector API (Third Incubator), delivered in JDK 18; JEP 414, Vector API (Second Incubator), delivered in JDK 17; and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. This feature proposes to enhance the Vector API to load and store vectors to and from a MemorySegment as defined by JEP 424, Foreign Function & Memory API (Preview).

JEP 449, Deprecate the Windows 32-bit x86 Port for Removal, has been promoted from its JEP Draft 8303167 to Candidate status. This feature JEP, introduced by George Adams, Senior Program Manager at Microsoft, proposes to deprecate the Windows x86-32 port with the intent to remove it in a future release. With no intent to implement JEP 436, Virtual Threads (Second Preview), in 32-bit platforms, removing support for this port will enable OpenJDK developers to accelerate development of new features.

JEP Draft 8305968, Integrity and Strong Encapsulation, and JEP Draft 8306275, Disallow the Dynamic Loading of Agents by Default, have been submitted by Ron Pressler, architect and technical lead for Project Loom at Oracle.

Integrity and Strong Encapsulation proposes to assure the integrity of code and data with a variety of features, such as strong encapsulation, that are enabled by default. Goals of this draft include: allow the Java platform to robustly maintain invariants required for maintainability, security and performance; and differentiate use cases where breaking encapsulation is convenient from use cases where disabling encapsulation is essential.

Disallow the Dynamic Loading of Agents by Default, following the approach of Integrity and Strong Encapsulation, proposes to disallow the dynamic loading of agents into a running JVM by default. Goals of this draft include: reassess the balance between serviceability and integrity; and ensure that a majority of tools, which do not need to dynamically load agents, are unaffected.

JDK Mission Control (JMC) 8.3.1 has been released with notable fixes such as: unable to open JMX Console after installing plugins in macOS and Linux; unable to edit Eclipse project run configurations after installing JMC plugins on Linux; and unable to perform flight recording on jLinked applications; More details on this release may be found in the release notes.

JDK 21

Build 19 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 18 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 21, developers are encouraged to report bugs via the Java Bug Database.

JDK 20

JDK 20.0.1, the first maintenance release of JDK 20, along with security updates for JDK 17.0.7, JDK 11.0.19 and JDK 8u371 were made available as part of Oracle’s Releases Critical Patch Update for April 2023.

BellSoft

Also concurrent with Oracle’s Critical Patch Update (CPU) for April 2023, BellSoft has released CPU patches for versions 17.0.6.0.1, 11.0.18.0.1 and 8u371 of Liberica JDK, their downstream distribution of OpenJDK. In addition, Patch Set Update (PSU) versions 20.0.1, 17.0.7, 11.0.19 and 8u372, containing CPU and non-critical fixes, have also been released.

Spring Framework

The first release candidate of Spring Boot 3.1.0 delivers notable new features: improved Testcontainers support including support at development time; support for Docker Compose; enhancements to SSL configuration; and improvements for building Docker images. More details on this release may be found in the release notes.

The release of Spring Boot 3.0.6 primarily addresses CVE-2023-20873, Security Bypass With Wildcard Pattern Matching on Cloud Foundry, a vulnerability in which an application that is deployed to Spring Cloud for Cloud Foundry could be susceptible to a security bypass. Along with improvements in documentation and dependency upgrades, this release also provides notable bug fixes such as: integration of Spring Cloud for Cloud Foundry does not use endpoint path mappings; the ApplicationAvailability bean is auto-configured even if a custom one already exists; and default configuration substitutions in Apache Cassandra don’t resolve against configuration derived from the spring.data.cassandra properties file. More details on this release may be found in the release notes.

Similarly, the release of Spring Boot 2.7.11 also addresses the aforementioned CVE-2023-20873 and provides improvements in documentation, dependency upgrades and the same bug fixes as Spring Boot 3.0.6. More details on this release may be found in the release notes.

Versions 6.1.0-RC1, 6.0.3, 5.8.3 and 5.7.8 of Spring Security have been released to primarily address CVE-2023-20862, Empty SecurityContext Is Not Properly Saved Upon Logout, a vulnerability in which serialized versions of logout does not: properly clean the security context; and unable to explicitly save an empty security context to the HttpSessionSecurityContextRepository class. This results in users still being authenticated even after logout. More details on these releases may be found in the release notes for version 6.1.0-RC1, version 6.0.3, version 5.8.3 and version 5.7.8.

The first release candidate of Spring Session 3.1.0 delivers dependency upgrades and a new feature in which an instance of the StringRedisSerializer class is reused to eliminate the need to instantiate additional serializer instances. More details on this release may be found in the release notes.

The first release candidate of Spring Authorization Server 1.1.0 provides dependency upgrades and new features such as: support for device code and user code in the JdbcOAuth2AuthorizationService class; improvements in the OAuth 2.0 Device Authorization Grant that include adding tests and reference documentation; and improvements in the OpenID Connect 1.0 logout endpoint. More details on this release may be found in the release notes.

Similarly, versions 1.0.2 and 0.4.2 of Spring Authorization Server have also been released featuring dependency upgrades and notable bug fixes: return of an incorrect INVALID_CLIENT token error code to the correct INVALID_GRANT token error code; a broken support link; the authentication secret should be saved after encoding upon registration of the client; and a consideration that would allow the use of localhost in redirect URIs. More details on these releases may be found in the release notes for version 1.0.2 and version 0.4.2.

Version 6.1.0-RC1 and 6.0.5 of Spring Integration have been released that share notable changes such as: remove a trailing space in the IntegrationWebSocketContainer class; and improvements to the BaseWsInboundGatewaySpec and TailAdapterSpec classes that didn’t override super methods and threw instances of NullPointerException due to target field not populated. More details on these releases may be found in the release notes for version 6.1.0-RC1 and version 6.0.5.

The first release candidate of Spring for GraphQL 1.2.0 delivers new features such as: update the SchemaMappingInspector class to support Connection types; support for pagination with Querydsl and Query By Example; and overall support for pagination and sorting. More details on this release may be found in the release notes.

Versions 3.1.0-M2, 3.0.2 and 2.1.8 of Spring Shell have been released featuring shared notable changes such as: builds upon Spring Boot 3.1.0-M2, 3.0.5 and 2.7.10, respectively; a backport of bug fixes; and a significant fix for custom type handling with positional arguments. More details on these releases may be found in the release notes for version 3.1.0-M2, version 3.0.2 and version 2.1.8.

WildFly

Red Hat has released WildFly 28 that ships with improved support for observability and full support for Jakarta EE 10. WildFly has added support for Micrometer and the MicroProfile Telemetry specification, but has removed support for MicroProfile Metrics. JDK 17 is recommended for production applications, but Red Hat has seen good results on JDK 20. More details on this release may be found in the release notes and InfoQ will follow up with a more detailed news story.

Payara

Payara has released their April 2023 edition of the Payara Platform that includes Community Edition 6.2023.4, Enterprise Edition 6.1.0 and Enterprise Edition 5.50.0.

Community Edition 6.2023.4 delivers:a fix for a Payara 6 deployment error with JDK17 and Records; improvements in the SameSite cookie attributes in the Application Deployment Descriptor and a global HTTP network listener; and dependency upgrades to EclipseLink 4.0.1, EclipseLink ASM 9.4.0, Hazelcast 5.2.2 and ASM 9.4. More details on this release may be found in the release notes.

Similarly, Enterprise Edition 6.1.0 features: a fix for a Payara 6 deployment error with JDK17 and Records; improvements in the SameSite cookie attributes in the Application Deployment Descriptor; and dependency upgrades to EclipseLink 4.0.1, EclipseLink ASM 9.4.0, Hazelcast 5.2.2 and ASM 9.4 More details on this release may be found in the release notes.

Enterprise Edition 5.50.0 ships with: a resolution for CVE-2023-24998, a vulnerability in Apache Commons FileUpload in which an attacker can trigger a denial-of-service with malicious uploads due to the number of processed request parts is not limited; a fix for a Hazelcast NoDataMemberInClusterException; an improvement in the SameSite cookie attribute in the Application Deployment Descriptor; and a dependency upgrade to Hazelcast 5.2.2. More details on this release may be found in the release notes.

Open Liberty

IBM has released Open Liberty 23.0.0.4-beta featuring updated support for the Jakarta Data specification such that developers may now combine multiple ways of specifying ordering and sorting, defining a precedence. Sorting that is defined by the @OrderBy annotation or a query-by-method keyword is applied first, followed by the parameters from the Sort record on the method or the Pageable interface.

Micronaut

The Micronaut Foundation has released Micronaut Framework 3.9.0 that delivers new features such as: the ability to customize a package to write introspection with the targetPackage field of the @Introspected annotation; the ability to enable Cross Origin Resource Sharing (CORS) configuration via the @CrossOrigin annotation; a breaking change in which the configuration property, micronaut.server.cors.*.configurations.allowed-origins, does not support regular expressions to prevent an accidental exposure of a user’s API; and updates to modules such as: Micronaut Kubernetes, Micronaut Security, Micronaut CRaC, Micronaut Maven and Micronaut Launch. More details on this release may be found in the release notes.

Apache Software Foundation

The Apache Tomcat team has provided point releases for versions 11.0.0-M5, 10.1.8, 9.0.74 and 8.5.88. All four versions share notable changes such as: reduce the default value of maxParameterCount from 10000 to 1000; correct a regression in the fix for bug 66442 that meant that streams without a response body did not decrement the active stream count when completing, leading to an ERR_HTTP2_SERVER_REFUSED_STREAM for some connections; implementation of RFC 9239, Updates to ECMAScript Media Types, in which the MIME types for JavaScript has changed to text/javascript. More details on these releases may be found in the release notes for version 11.0.0-M5, version 10.1.8, version 9.0.74 and version 8.5.88.

Ktor

JetBrains has released version 2.3.0 of Ktor, the asynchronous framework for creating microservices and web applications, that include improvements and fixes such as: support for regular expressions when defining routes; drop support for the legacy JS compiler that will be removed in the upcoming release of Kotlin 1.9.0; support for Apache 5 and Jetty 11; and support for Structured Concurrency for Sockets. More details on this release may be found in the release notes.

JHipster

The JHipster team has released version 0.32.0 of JHipster Lite with many dependency upgrades and notable changes such as: support for Hibernate second-level cache by setting the spring.jpa.properties.hibernate.cache.use_second_level_cache property to true; remove an unnecessary warning upon executing the npm run lint command; and remove an unnecessary stack trace upon running the npm t command. More details on this release may be found in the release notes.

JBang

The release of JBang 0.106.3 fixes formatting for an issue where ChatGPT errors on bad keys or usage limits.

Gradle

Gradle 8.1.1 has been released that ships with bug fixes: a MethodTooLargeException when instrumenting a class with significant number of lambdas for the configuration cache; the Kotlin DSL precompiled script plugins built with Gradle 8.1 cannot be used with other versions of Gradle; and Gradle 8.1 configuration of the freeCompilerArgs method for Kotlin in buildSrc breaks a build with errors that are not useful. More details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for April 10th, 2023 features news from OpenJDK, JDK 21, Spring Framework and Spring Data updates, GraalVM Build Tools 0.9.21, MicroStream becomes an Eclipse Project, Micronaut 3.8.9, Helidon 4.0.0.Alpha6, Hibernate ORM 6.2.1, Micrometer Metrics 1.11.0-RC1, 1.10.6 and 1.9.10, Micrometer Tracing 1.1.0-RC1 and 1.0.4, Piranha 23.4.0, Project Reactor 2022.0.6 and Gradle 8.1.

OpenJDK

After its review had concluded, JEP 444, Virtual Threads, has been promoted from Proposed to Target to Targeted status for JDK 21. This JEP proposes to finalize this feature based on feedback from the previous two rounds of preview: JEP 436, Virtual Threads (Second Preview), delivered in JDK 20; and JEP 425, Virtual Threads (Preview), delivered in JDK 19. This feature provides virtual threads, lightweight threads that dramatically reduce the effort of writing, maintaining, and observing high-throughput concurrent applications, to the Java platform. The most significant change from JEP 436 is that virtual threads now fully support thread-local variables by eliminating the option to opt-out of using these variables. More details on JEP 425 may be found in this InfoQ news story and this JEP Café screen cast by José Paumard, Java developer advocate, Java Platform Group at Oracle.

Similarly, JEP 430, String Templates (Preview), has been promoted from Proposed to Target to Targeted status for JDK 21. This preview JEP, under the auspices of Project Amber, proposes to enhance the Java programming language with string templates, string literals containing embedded expressions, that are interpreted at runtime where the embedded expressions are evaluated and verified.

JEP 442, Foreign Function & Memory API (Third Preview), has been promoted from Candidate to Proposed to Target for JDK 21. This JEP incorporate refinements based on feedback and to provide a third preview from: JEP 434, Foreign Function & Memory API (Second Preview), delivered in JDK 20; JEP 424, Foreign Function & Memory API (Preview), delivered in JDK 19, and the related incubating JEP 419, Foreign Function & Memory API (Second Incubator), delivered in JDK 18; and JEP 412, Foreign Function & Memory API (Incubator), delivered in JDK 17. This feature provides an API for Java applications to interoperate with code and data outside of the Java runtime by efficiently invoking foreign functions and by safely accessing foreign memory that is not managed by the JVM. Updates from JEP 434 include: centralizing the management of the lifetimes of native segments in the Arena interface; enhanced layout paths with a new element to dereference address layouts; and removal of the VaList class. The review is expected to conclude on April 21, 2023.

JEP 445, Flexible Main Methods and Anonymous Main Classes (Preview), has been promoted from its JEP Draft 8302326 to Candidate status. This feature JEP, formerly entitled Implicit Classes and Enhanced Main Methods (Preview), proposes to “evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs.” This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java language architect at Oracle.

Paul Sandoz, Java architect at Oracle has submitted JEP Draft 8305868, Vector API (Sixth Incubator). This JEP, under the auspices of Project Panama, incorporates enhancements in response to feedback from the previous five rounds of incubation: JEP 438, Vector API (Fifth Incubator), delivered in JDK 20; JEP 426, Vector API (Fourth Incubator), delivered in JDK 19; JEP 417, Vector API (Third Incubator), delivered in JDK 18; JEP 414, Vector API (Second Incubator), delivered in JDK 17; and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. This feature proposes to enhance the Vector API to load and store vectors to and from a MemorySegment as defined by JEP 424, Foreign Function & Memory API (Preview).

JDK 21

Build 18 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 17 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Spring Framework

Versions 6.0.8, 5.3.27 and 5.2.24.RELEASE of Spring Framework have been released to primarily address CVE-2023-20863, Spring Expression DoS Vulnerability, a vulnerability in which an attacker to provide a specially crafted Spring Expression Language expression that may cause a denial-of-service (DoS) condition. Other new features include: a new overloaded truncate() method defined in the StringUtils class to serve as centralized, consistent way for truncating strings; a new nullSafeConciseToString() method defined in the ObjectUtils class to generate a more “concise” null-safe toString() representation of various objects that does not include an entire object graph; and replace the use of the unmodifiableList() method defined in the Collections class with the copyOf() method defined in the List interface which results in Spring application code that more readable, prevents unexpected bugs and easier to maintain. More details on these releases may be found in the release notes for version 6.0.8, version 5.3.27 and version 5.2.24.RELEASE.

Spring Data 2023.0-RC1, 2022.0.5 and 2021.2.11 have been released this past week. Version 2023.0-RC1 features: the reinstatement of MariaDB support for Spring Data R2DBC; a new @Hint annotation in Spring Data MongoDB with support for reactive bulk operations; and many enhancements to the Spring Data JPA Hibernate and JPQL parsers to better support aliases and other aspects of query parsing for @Query annotated queries. Versions 2022.0.5 and 2021.2.11 are service releases that ship with improvements and bug fixes for regressions. These versions may be consumed with the upcoming releases of Spring Boot 3.0.6 and 2.7.11, respectively.

GraalVM Native Build Tools

On the road to version 1.0, Oracle Labs has released version 0.9.21 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides notable changes such as: a fix to ensure compatibility with Gradle’s configuration cache; deprecate the requiredVersion property in favor of using a version string; and a new write-args-file Maven goal that writes an arguments file such that other plugins downstream in the life cycle may use it. More details on this release may be found in the changelog.

MicroStream

MicroStream has announced that their Java-native persistence layer will become an Eclipse Project. The MicroStream Serializer product will be renamed to Eclipse Serializer and the MicroStream Persistence product will be renamed to EclipseStore. MicroStream also plans to launch an EclipseStore Working Group as a standard for the Jakarta Persistence specification in which EclipseStore will become a compatible implementation.

Micronaut

The Micronaut Foundation has released Micronaut Framework 3.8.9 featuring bug fixes, support for JDK 20 in annotation processors and updates to modules: Micronaut AWS and Micronaut Kafka. There was also a dependency upgrade to Netty 4.1.91. More details on this release may be found in the release notes.

The fourth milestone release of Micronaut 4.0.0 was also made available this past week featuring support for: annotation-based CORS configuration; compilation time expressions in annotations; the ability to disable streaming HTTP request processing; and conditional routing.

Helidon

The sixth alpha release of Helidon 4.0.0 features notable changes such as: support for JDK 20; completion of the shortcut methods for all HTTP methods in the WebServer and WebClient components; and a rename of the receive() method to onMessage() for consistency with other methods in the WebSocket component. More details on this release may be found in the release notes.

Hibernate

The release of Hibernate ORM 6.2.1.Final ships with notable fixes such as: improved sub-queries using aliases and left joins; generic associations being ignored when dirty checking and bytecode enhancement were enabled; part of a composite @IdClass primary key not being returned when querying; and Internal nullness marking and checking.

Micrometer

Versions 1.11.0-RC1, 1.10.6 and 1.9.10 of Micrometer Metrics have been released. New features in version 1.11.0-RC1 include: a new Supplier variant of the getOrDefault() method defined in the Context inner class of the Observation interface; metrics support for Netty allocators and event executors; and more efficient cumulative count computations in the takeCountSnapshot() method defined in the AbstractTimeWindowHistogram class. Version 1.10.6 and 1.9.10 primarily provide bug fixes and dependency upgrades.

Similarly, versions 1.1.0-RC1 and 1.0.4 of Micrometer Tracing deliver bug fixes, dependency upgrades to Micrometer 1.11.0-RC1 and 1.10.6, respectively, and new features: allow propagation of spans via ThreadLocalAccessor interface; alignment with annotations changes in Micrometer; and support for creating spans with links.

Piranha

Piranha 23.4.0 has been released. Dubbed the “Update Components” edition for April 2023, this new release includes: updates to various compatible implementations of Jakarta EE components to their latest versions; update running automated tests in the release workflow to use JDK 19; and basic code cleanup. More details on this release may be found in their documentation and issue tracker.

Reactor

Project Reactor 2022.0.6, the sixth maintenance release, provides dependency upgrades to reactor-core 3.5.5, reactor-addons 3.5.1, reactor-netty 1.1.6, reactor-kafka 1.3.17 and reactor-kotlin-extensions 1.2.2. More details on this release may be found in the changelog.

Gradle

The release of Gradle 8.1 features: a stable version of the configuration cache; support for dependency verification; improved error reporting for Groovy closures; support for Java lambdas; improved memory management; and support for building projects with JDK 20. More details on this release may be found in the release notes.

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for April 3rd, 2023 features news from OpenJDK, JDK 21, Quarkus 3.0.0.CR2 and 2.16.6.Final, Open Liberty 23.0.0.3, Apache Camel 3.18.6, PrimeFaces 12.0.4, JHipster Lite 0.31.0, JobRunr 6.1.3, Gradle 8.1-RC3 and Devnexus 2023.

OpenJDK

JEP 430, String Templates (Preview), has been promoted from Candidate to Proposed to Target status for JDK 21. This preview JEP, under the auspices of Project Amber, proposes to enhance the Java programming language with string templates, string literals containing embedded expressions, that are interpreted at runtime where the embedded expressions are evaluated and verified. The review is expected to conclude on April 13, 2023.

Gavin Bierman, consulting member of technical staff at Oracle, has published the first draft of the joint specification change document for JEP 440, Record Patterns, and JEP 441, Pattern Matching for switch, for review by the Java community.

JDK 21

Build 17 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 16 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 21, developers are encouraged to report bugs via the Java Bug Database.

Quarkus

The second release candidate of Quarkus 3.0.0 delivers new features: a quarkusUpdate Gradle task for updating Quarkus to a new version; Dev UI 2 is now default via the /q/dev or /q/dev-ui endpoints (Dev UI 1 is accessible via the /q/dev-v1 endpoint); and a new HTTP security policy mapping between roles and permissions. More details on this release may be found in the changelog.

Quarkus 2.16.6.Final, the sixth maintenance release, provides notable changes such as: a removal of the session cookie if ID token verification has failed; allow the use of null in the REST Client request body; support for repeatable @Incoming annotations in reactive messaging; and dependency upgrades to GraphQL Java 19.4, Wildfly Elytron 1.20.3.Final and Keycloak 21.0.1. Further details on this release may be found in the changelog.

Open Liberty

IBM has released Open Liberty 23.0.0.3 featuring bug fixes and support for: JDK 20; the Jakarta EE 10 Platform, Web and Core profiles; and the core MicroProfile 6.0 specifications.

Apache Camel

The release of Apache Camel 3.18.6 delivers big fixes, dependency upgrades and improvements such as: allow HTTP response headers with empty values to be returned to support applications that require this; improved handling of allowing or disallowing an HTTP request body; and a fix for the potential to block the Vert.x event loop if the route processing coming after the vertx-websocket consumer executes blocking operations. More details on this release may be found in the release notes.

PrimeFaces

The release of PrimeFaces 12.0.4 ships with bug fixes and new features: a restoration of the getExcelPattern() and validate() methods defined in the CurrencyValidator class;

Further details on this release may be found in the list of issues.

JHipster

The JHipster team has released version 0.31.0 of JHipster Lite with many dependency upgrades and notable changes such as: a fix for generating the same customConversions beans for use in MongoDB and Redis; a fix for the Apache Kafka producer and consumer; and a removal of the Jest testing framework dependency as it was only used for the optional-typescript module. More details on this release may be found in the release notes.

JobRunr

JobRunr 6.1.3 has been released to deliver a fix for the high number of calls to jobrunr_job_stats view that allows developers to disable Java Management Extensions (JMX) for the JobStats class.

Gradle

The third release candidate of Gradle 8.1 features: continued improvements to the configuration cache; support for dependency verification; improved error reporting for Groovy closures; support for Java lambdas; and support for building projects with JDK 20. Further details on this release may be found in the release notes.

Devnexus

Devnexus 2023 was held at the Georgia World Congress Center in Atlanta, Georgia this past week featuring speakers from the Java community who delivered workshops and talks on topics such as: Jakarta EE, Java Platform, Core Java, Architecture, Cloud Infrastructure and Security.

Devnexus, hosted by the Atlanta Java Users Group (AJUG), has a history that dates back to 2004 when the conference was originally called DevCon. The Devnexus name was introduced in 2010.

Developers can learn more about Devnexus and AJUG from this Foojay.io podcast hosted by Frank Delporte, senior technical writer at Azul, who interviewed Pratik Patel, Vice President of Developer Advocacy at Azul and AJUG president, and Vince Mayers, developer relations at Gradle and AJUG treasurer.