Java News Roundup: JCP 25th Anniversary, Foreign Function & Memory API, Eclipse Epicyro
MMS • Michael Redlich
This week’s Java roundup for September 11th, 2023 features news from OpenJDK, JCP, JDK 22, JDK 21, Payara Platform, Eclipse Epicyro, Grails Plugin Portal and milestone and point releases for: Spring Framework, Spring Data, Spring Tools, Quarkus, Micronaut, Helidon, MicroProfile Telemetry, Groovy, Camel Quarkus, Micrometer Metrics and Tracing, Piranha, JobRunr, JHipster Lite and Project Reactor.
JEP 454, Foreign Function & Memory API, has been promoted from its JEP Draft 8310626 to Candidate status this past week. This JEP proposes to finalize this feature after two rounds of incubation and three rounds of preview: JEP 412, Foreign Function & Memory API (Incubator), delivered in JDK 17; JEP 419, Foreign Function & Memory API (Second Incubator), delivered in JDK 18; JEP 424, Foreign Function & Memory API (Preview), delivered in JDK 19; JEP 434, Foreign Function & Memory API (Second Preview), delivered in JDK 20; and JEP 442, Foreign Function & Memory API (Third Preview), to be delivered in the upcoming GA release of JDK 21. Improvements since the last release include: a new
Enable-Native-Access manifest attribute that allows code in executable JARs to call restricted methods without the use of the
--enable-native-access flag; allow clients to programmatically build C function descriptors, avoiding platform-specific constants; improved support for variable-length arrays in native memory; and support for multiple charsets in native strings.
Java Community Process
At a special event hosted by the New York Java Special Interest Group and Garden State Java User Group on September 13, 2023 at the Bank of New York Mellon in New York City, industry experts from the Java Community Process (JCP) Executive Committee (EC) participated in a panel discussion to reveal their favorite JCP EC memory and their favorite features from the upcoming GA release of JDK 21. Included in the festivities was a JDK 21 presentation by Dmitry Chuyko, Performance Architect at Bellsoft, and a 25th anniversary celebration of the JCP. More details on this event may be found in this InfoQ news story.
Build 15 of the JDK 22 early-access builds was made available this past week featuring updates from Build 14 that include fixes to various issues. More details on this build may be found in the release notes.
The fifth milestone release of Spring Framework 6.1.0 ships with bug fixes, dependency upgrades and a host of new features such as: instrument the new
RestClient interface for observability; reinstate support for the legacy
@ManagedBean annotation defined in JSR-250, Common Annotations for the Java Platform, and the
@Named annotation defined in JSR 330, Dependency Injection for Java, to complement their Jakarta Annotations versions for improved migration of projects to Spring 6.0 and beyond; and a revision of the method signatures defined in the
JdbcTestUtils class to accept instances of the
JdbcOperations interface instead of the
JdbcTemplate class. Further details on this release may be found in the release notes.
Similarly, versions 6.0.12 and 5.3.30 and of Spring Framework have been released featuring bug fixes, dependency upgrades and new features such as: an optimization of the
getMostSpecificMethod() method defined in the
ClassUtils class; an optimization of whitespace checks in the
StringUtils class; and an elimination of redundant lookups of classes and annotation causing performance bottlenecks while creating instances of scoped beans. More details on these releases may be found in the release notes for version 6.0.12 and version 5.3.30.
The third milestone release of Spring Data 2023.1.0, codenamed Vaughn, delivers notable changes such as: support for JDK 21; use of virtual threads via configuration of the Java
Executor interface; support for Kotlin value classes; and single query loading for Spring Data JDBC. Further details on this release may be found in the release notes.
Similarly, versions 2023.0.4, 2022.0.10 and 2021.2.16, all service releases of Spring Data, feature bug fixes and dependency upgrades to sub-projects such as: Spring Data Commons 3.1.4, 3.0.10 and 2.7.14; Spring Data MongoDB 4.1.4, 4.0.10 and 3.4.16; Spring Data Elasticsearch 5.1.4, 5.0.10 and 4.4.16; and Spring Data Neo4j 7.1.4, 7.0.10 and 6.3.16.
The release of Spring Tools 4.20.0 for Eclipse, Visual Studio Code and Theia ships with: a number of bug fixes; support for Eclipse IDE 2023-09; and improved Java reconciling support to show Spring-specific validations, re-built from the ground up, tuned for high performance to work seamlessly in large code bases. More details on this release may be found in the release notes.
Payara has released their September 2023 edition of the Payara Platform that includes Community Edition 6.2023.9, Enterprise Edition 6.6.0 and Enterprise Edition 5.55.0 featuring security fixes to address: CVE-2017-12617, a vulnerability in various Apache Tomcat versions with HTTP
PUT enabled, where an attacker could upload a specially-crafted requested JSP file to the server such that any code it contained would be executed by the server; and CVE-2023-1370, a vulnerability in Json-smart where parsing too many nested JSON structured arrays and objects, due to no defined limit, could cause a stack overflow and crash the software. Improvements included: a removal of the obsolete methods,
isCallerInRole(Identity) from the Jakarta EJB
EJBContext interface, that were implemented in the Payara
EJBContextImpl class; and improved functionality with the Hazelcast CP Subsystem. Further details on these versions may be found in the release notes for Community Edition 6.2023.9, Enterprise Edition 6.6.0 and Enterprise Edition 5.55.0.
Red Hat has released versions 3.3.3, 3.2.6 and 2.6.11.Final of Quarkus to address CVE-2023-4853, a vulnerability by which an attacker can bypass the HTTP security policies due to those security policies not correctly sanitizing certain character permutations when accepting requests, resulting in an incorrect evaluation of permissions. This could provide unauthorized endpoint access and a possible denial of service. More details on these releases may be found in the changelogs for version 3.3.3, version 3.2.6 and version 2.16.11.
The Micronaut Foundation has released version 4.1.1 of the Micronaut featuring Micronaut Core 4.1.5 and updates to modules: Micronaut Oracle Cloud, Micronaut AOT, Micronaut Data, Micronaut Kafka, Micronaut Kotlin Integrations, Micronaut Test, Micronaut Validation and Micronaut Multitenancy. Further details on this release may be found in the release notes.
Helidon 2.6.3, a bug fix release, provides notable changes such as: replace the use of the deprecated
socket() method with the
namedSocket() method defined in the
ServerConfiguration interface; update the
requestedUri() method defined in the
ServerRequest interface to correctly handle the IPv6 address format; and change the access specifier from
public in the
beforeEach() method defined in the
OciMetricsDataTest class due to the documentation in the JUnit
@BeforeEach annotation explicitly stating the methods must not be private or static. More details on this release may be found in the release notes.
On the road to MicroProfile 6.1, version 1.1-RC3 of the MicroProfile Telemetry specification ships with a fix for a deployment issue in the
JaxRsServerAsyncTestEndpoint TCK test class. Further details on this release may be found in the release notes.
OmniFishEE has introduced a new Eclipse EE4J project, Epicyro, that will serve as a compatible implementation of the Jakarta Authentication specification. This new project will define a general low-level SPI for authentication mechanisms, controllers that interact with a caller and a container’s environment to obtain the caller’s credentials. These will be validated and pass an authenticated identity (such as name and groups) to a container. Currently a milestone release, Epicyro will start with version 3.0.0 to align with Jakarta Authentication 3.0.0.
Apache Software Foundation
The second alpha release of Apache Groovy 5.0.0 delivers bug fixes, dependency upgrades and improvement such as: remove the use of the
MagicAccessorImpl class that was once defined in the
sun.reflect package; the
JsonOutput class should handle Java records like Plain Old Groovy Objects (POGOs); and mark the main/run methods in Groovy scripts as generated by the compiler with the
@Generated annotation. More details on this release may be found in the release notes.
Similarly, Apache Groovy 4.0.15 has been released with bug fixes, dependency upgrades and an improvement with the
JsonOutput class that should handle Java records like POGOs. Further details on this release may be found in the release notes.
To maintain alignment with Quarkus, Camel Quarkus 3.2.0 has been released with notable resolutions to issues such as: a failed compilation for gRPC applications in
dev mode; an expansion of tests covering Splunk, Saxonica and the gRPC extension; and an
InvocationTargetException upon executing sanity checks with the LDAP Realm extension. More details on this release may be found in the release notes.
The Grails Foundation has introduced a redesigned Grails Plugin Portal featuring: improved search functionality; a paginated list of all plugins; a list of top-rated plugins; and the latest plugin releases. The previous version of the portal was plagued by frequent downtime, high resource utilization and slow performance.
Versions 1.12.0-M3, 1.11.4, 1.10.11 and 1.9.15 of Micrometer Metrics all deliver dependency upgrades and a bug fix to ensure the
FunctionTimer interfaces produce consistent data. Version 1.12.0-M3 provides new features such as: a variant of the
hasAnObservationWithAKeyValue() method for use in testing with the
KeyValue interface; provide a way to make decisions on use of the
/actuator endpoint in Spring Security based on the parent in the
ObservationPredicate interface, namely the Java
BiPredicate interface; and add a timestamp to the nested
Event interface defined in the
Observation interface. Further details on these releases may be found in the release notes for version 1.12.0-M3, version 1.11.4, version 1.10.11 and version 1.9.15.
Similarly, versions 1.2.0-M3, 1.1.5 and 1.0.10 of Micrometer Tracing all deliver dependency upgrades and bug fixes such as: the
ObservationAwareSpanThreadLocalAccessor class does not release an instance of the nested
SpanAction class when the thread has completed its task; and add the
ThreadLocalAccessor interface to propagate an instance of the
Baggage interface with Reactor. A new feature in version 1.2.0-M3 is to allow setting of a timestamp of an event on a span. More details on these releases may be found in the release notes for version 1.2.0-M3, version 1.1.5 and version 1.0.10.
The release of Piranha 23.9.0 delivers notable changes such as: a new
PidFeature class for improved handling of process IDs; fix a testing issue with SonarCloud; and a new
IsolatedWebAppFeature class for improved handling of web applications. Further details on this release may be found in their documentation and issue tracker.
Version 6.3.1 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released featuring notable changes: a
NullPointerException in a Quarkus extension if the
quarkus.jobrunr.job-scheduler.enabled property is set to
false; and add missing Spring AOT hints that caused exceptions for applications using JobRunr 6.3.0 and Spring Boot 3.1.3; and the
@Job annotation is not registering instances of a
JobFilter interface after upgrading to Spring Boot 3.1.2 and JobRunr 6.3.0. More details on this release may be found in the release notes.
Version 0.42.0 of JHipster Lite has been released featuring bug fixes, dependency upgrades and new features/enhancements such as: a new
StatisticsCriteria class to add criteria to the
/stats endpoint; the removal of an unnecessary TestNG dependency; and a new checkstyle module to check for unused imports during build. Further details on this release may be found in the release notes.
The third milestone release of Project Reactor 2023.0.0 provides dependency upgrades to
reactor-netty 1.1.11 and
reactor-kafka 1.3.21. There was also a realignment to version 2023.0.0-M3 with the
reactor-addons 3.5.1 and
reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.
Similarly, Project Reactor 2022.0.11, the eleventh maintenance release, provides dependency upgrades to
reactor-kafka 1.3.21 and
reactor-pool 1.0.2. There was also a realignment to version 2022.0.11 with the
reactor-addons 3.5.1 and
reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.