MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for December 12th, 2022 features news from OpenJDK, JDK 20, JDK 21, GlassFish 7.0, Spring Framework 6.0.3, Spring Cloud Data Flow 2.10 Spring for Apache Pulsar 0.1, Payara Platform, Quarkus 2.15, WildFly 27.0.1, Helidon 2.5.5, Piranha Cloud 22.12, NetBeans 16, Apache Camel, 3.14.7, JobRunr 5.3.2, JDKMon 17.0.43, Reactor 2022.0.1, JHipster Lite 0.24 and Ktor 2023 roadmap.
OpenJDK
Doug Simon, research director at Oracle has proposed the creation of a new project, named Galahan, with a primary goal to contribute Java-related GraalVM technologies to the OpenJDK Community and prepare them for possible incubation in a JDK main-line release. More details may be found in this more detailed InfoQ news story.
JDK 20
Build 28 of the JDK 20 early-access builds was made available this past week, featuring updates from Build 26 that include fixes to various issues. Further details on this build may be found in the release notes.
JDK 21
Build 2 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 1 that include fixes to various issues. More details on this build may be found in the release updates.
For JDK 20 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.
GlassFish
The Eclipse Foundation has released GlassFish 7.0 delivering support for the MicroProfile Config, MicroProfile JWT Propagation and Jakarta MVC 2.0 specifications. Other new features include: implementation of new Jakarta Authentication methods; update the Jakarta Standard Tag Library API and corresponding implementation to version 3.0; an update to the JSON components; and allow for tuning of the interval for monitoring concurrent tasks. GlassFish 7.0 is a compatible implementation of Jakarta EE 10 that requires JDK 11 as a minimal version, but also works on JDK 17.
Spring Framework
Spring Framework 6.0.3 has been released delivering bug fixes, improvements in documentation and new features such as: additional constructors in the MockClientHttpRequest
and MockClientHttpResponse
classes to align the mocks with the test fixtures; improve options to expose formatted errors in the MessageSource
interface for a ProblemDetail
response; and optimize object creation in the handleNoMatch()
method defined in the RequestMappingHandlerMapping
class. Further details on this release may be found in the release notes.
Spring Cloud Data Flow 2.10.0 has been released featuring dependency upgrades to Spring Boot 2.7.6, Spring Framework 5.3.24, Spring Cloud 2021.0.5 and Spring Shell 2.1.4. Also included in this release are scripts for: creating containers when running on an ARM platform; and the ability to launch a local Kuberenetes cluster and install Spring Cloud Data Flow with MariaDB and RabbitMQ or Kafka. More details on this release may be found in the release notes.
The first minor release of Spring for Apache Pulsar 0.1.0 features support for Reactive and GraalVM Native Image. Further details on this release may be found in the release notes.
Payara
Payara has released their December 2022 edition of the Payara Platform that includes Community Edition 6.2022.2, Community Edition 5.2022.5 and Enterprise Edition 5.46.0.
Payara 6 Community Edition provides bug fixes, security fixes, improvements and component upgrades such as: Jackson 2.13.4, Eclipse Payara Transformer 0.2.9, Felix Web Console 4.8.4 and OSGi Util Function 1.2.0. More details on this release may be found in the release notes.
Payara 5 Community Edition, the final release in the Payara 5 release train, provides bug fixes, security fixes, improvements and component upgrades such as: EclipseLink 2.7.11, MicroProfile JWT Propagation 1.2.2, Yasson 1.0.11 and JBoss Logging 3.4.3.Final. Further details on this release may be found in the release notes.
Payara 6 Edition provides bug fixes, security fixes and component upgrades such as: MicroProfile Config 2.0.1, MicroProfile Metrics 3.0.1, Hibernate Validator 6.2.5.Final and Weld 3.1.9.Final. More details on this release may be found in the release notes.
For all three editions, the security fixes are: an upgrade to Apache Commons Byte Code Engineering Library (BCEL) 6.6.1 that addresses CVE-2022-42920, Apache Commons BCEL Vulnerable to Out-of-Bounds Write, a vulnerability in which changing specific class characteristics may provide an attacker more control over the resulting bytecode than otherwise expected; and authorization constraints that were ignored when using a ./
path traversal after the Java Authorization Contract for Containers (JACC) authentication check had already occurred.
Quarkus
Red Hat has released Quarkus 2.15.0.Final that ships new features such as: support for AWS Lambda SnapStart; move gRPC extension to a new Vert.x gRPC implementation; support for Apollo Federation in SmallRye GraphQL; support for continuous testing in the CLI test command; add @ClientQueryParam
annotation to Reactive REST Client; and use of the -XX:ArchiveClassesAtExit
command line argument that simplifies the process of generating the AppCDS creation in JDK 17+. Further details on this release may be found in the changelog.
WildFly
Red Hat has also released Wildfly 27.0.1 featuring bug fixes and component upgrades such as: WildFly Core 19.0.1.Final, Bootable JAR 8.1.0.Final and RESTEasy Spring 3.0.0.Final. There were also upgrades to: Woodstox 6.4.0 that resolves CVE-2022-40152, a vulnerability in which a Denial of Service (DoS) attack is possible from parsing XML data if DTD is enabled; and Apache CXF 3.5.2-jbossorg-4
that resolves CVE-2022-46364, a vulnerability in which a Server-Side Request Forgery (SSRF) attack is possible from parsing the href
attribute of XOP:Include
in Message Transmission Optimization Mechanism (MTOM) requests.
New WildFly Source to Image (S2I) and runtime multi-arch images, designed for linux/arm64
and linux/amd64
, were given a different naming convention that the regular WildFly images for improved handling of multiple versions of the JDK and to better align with tags used in the centos7 Docker images built on Eclipse Temurin. The new image names are:
quay.io/wildfly/wildfly-runtime:
(runtime image)quay.io/wildfly/wildfly-s2i:
(S2I builder image)
It is important to note that the previous WildFly images are now deprecated and will no longer be updated.
Helidon
Oracle has released Helidon 2.5.5 that ships with bug fixes and improvements such as: media support methods with Supplier
variants in the WebServer.Builder
class; additional strategies defined in the @Retry
annotation; use Hamcrest assertions instead of JUnit in the Config component; and provide support for MicroProfile Config in the application.yaml
file.
Piranha
Piranha 22.12.0 has been released. Dubbed the “Welcome Spring Boot” edition for December 2022, this new release includes: add setting of HTTP server implementation, and port
and contextPath
variables for Spring Boot starter; and TCK fixes by upgrading to Jakarta Servlet 6.0.1. More details on this release may be found in their documentation and issue tracker.
Apache Software Foundation
The release of Apache NetBeans 16 delivers many improvements that support Gradle, Maven, Java, Groovy and C++, VS Code Extension and Language Server Protocol. Other new features in the editor and user interface include: fixes for when IllegalArgumentException
and NullPointerException
are thrown; improvements in support for YAML, Docker, TOML and ANTLR; and the ability to load custom FlatLaf properties from user configuration. Further details on this release may be found in the release notes.
Apache Camel 3.14.7 has been released featuring bug fixes and improvements to the camel-hdfs
, camel-report-maven-plugin
, camel-sql
and camel-ldap
modules. More details on this release may be found in the release notes.
The Apache Software Foundation has announced the end of life for Apache Tomcat 8.5.x scheduled for March 31, 2024. This means that after that date: releases from the 8.5 branch are highly unlikely; bugs affecting only the 8.5 branch will not be addressed; and security vulnerability reports will not be checked against the 8.5 branch. Then, after June 30, 2024: the 8.5 download pages will be removed; the latest 8.5 release will be removed from the CDN; the 8.5 branch will be made read-only; links to the 8.5 documentation will be removed from the Apache Tomcat website; and the bugzilla project for 8.5 will be made read-only.
JobRunr
JobRunr 5.3.2 has been released featuring: better handling of deadlocks in MySQL and MariaDB; a bug fix with serialization when using JSONB; and a bug fix when JobRunr is used in a shared cloud environment (e.g., Amazon ECS) and the JVM halts completely due to shifting the CPU to other processes.
JDKMon
Version 17.0.43 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version ships with an updated scanning for vulnerabilities of GraalVM and JavaSE.
Project Reactor
The first maintenance release of Project Reactor 2022.0.1 provides dependency upgrades to reactor-core 3.5.1
, reactor-netty 1.1.1
, reactor-kafka 1.3.15
and reactor-kotlin-extensions 1.2.1
.
JHipster
JHipster Lite 0.24.0 has been released featuring: bean validation error handler in Spring Boot; a Java module to add the Enums
class in applications; and add JHipster Lite error messages.
JetBrains
JetBrains has published a 2023 roadmap for Ktor, the asynchronous framework for creating microservices and web applications. Developers can expect: a version 3.0; a new simplified routing API; a migration to Tomcat 11, Jetty 11 and an upgrade to Apache HttpClient 5; and an extraction of the IO functionality into a separate library.