Java News Roundup: JDK 19 and Jakarta EE 10 Released, String Templates, Payara Platform

MMS Founder
MMS Michael Redlich

Article originally posted on InfoQ. Visit InfoQ

This week’s Java roundup for September 19th, 2022 features news from OpenJDK, JDK 19, JDK 20, Amazon Corretto 19, BellSoft Liberica JDK 19, Jakarta EE 10, multiple Spring Framework updates, Quarkus 2.12.3, Payara Platform updates, Micronaut 3.7.0, GraalVM Native Build Tools 0.9.14, JobRunr 5.2.0, PrimeFaces point releases, Failsafe 3.3.0, Apache Groovy 3.0.13 and Apache Log4j2 2.19.0.

OpenJDK

JEP 430, String Templates (Preview), was promoted from its JEP Draft 8273943 to Candidate status. This preview JEP, under the auspices of Project Amber, proposes to enhance the Java programming language with string templates, string literals containing embedded expressions, that are interpreted at runtime where the embedded expressions are evaluated and verified.

JDK 19

Oracle has released version 19 of the Java programming language and virtual machine this past week, which ships with a final feature set of seven JEPs. More details may be found in this InfoQ news story.

Amazon Corretto

Amazon has released Amazon Corretto 19, their downstream distribution of OpenJDK 19, that is available on Linux, Windows, and macOS. Developers may download this latest version from this site.

Liberica JDK

Similarly, BellSoft has released LibericaJDK 19, their downstream distribution of JDK 19. Developers may download this latest version from this site.

JDK 20

Build 16 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 15 that include fixes to various issues. Further details on this build may be found in the release notes.

For JDK 20, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE

The Jakarta EE Working Group has released Jakarta EE 10, the third major, and fourth overall, release since Oracle donated Java EE 8 to the Eclipse Foundation in 2017. This release provides new functionality in over 20 component specifications through version updates. Also new for Jakarta EE 10 is the Core profile that joins the existing Platform and Web profiles, all of which have compatible implementations. InfoQ will follow up with a more detailed news story.

Spring Framework

It was a very busy week for the Spring teams as they released point and milestone versions for a number of their projects along with publishing a common vulnerability and exposure (CVE).

The Spring Data REST team has published CVE-2022-31679, Potential Unintended Data Exposure for Resource Exposed by Spring Data REST, a vulnerability in which an attacker can craft HTTP requests that expose hidden entity attributes within applications that allow HTTP PATCH access to resources exposed by Spring Data REST.

Versions 2.7.4 and 2.6.12 of Spring Boot were made available to the Java community. Both versions support JDK 19 and feature numerous bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.23, Hibernate 5.6.11.Final, Netty 4.1.82.Final, Rector 2020.0.23, Groovy 3.0.13, Dropwizard Metrics 4.2.12 and Postgresql 42.3.7. More details on each release may be found in the release notes for version 2.7.4 and version 2.6.12.

On the road to Spring Boot 3.0, the fifth milestone release was made available with notable new features such as: improved Ahead-of-Time processing and native image support; improved sanitation of actuator endpoints; and a reinstatement of support for Eclipse Jersey after fixing an issue with the common-core module. Further details on this release may be found in the release notes.

Versions 2022.0.0-M6, 2021.2.3, and 2021.1.7 of Spring Data have been released that ship with bug fixes and dependency upgrades to the corresponding versions of Spring Data sub-projects such as: Spring Data REST, Spring Data JPA, Spring Data MongoDB, Spring Data for Apache Cassandra, Spring Data Neo4j and Spring Data KeyValue. These releases also include the fix to address the aforementioned CVE-2022-31679 vulnerability.

Versions 6.0.0-M7 and 5.8.0-M3 of Spring Security have been released. New features in version 6.0.0-M7 include: support for native-image in the @PreAuthorize annotation; a performance enhancement in the HttpSessionRequestCache class; and the removal of the FilterSecurityInterceptor class, now deprecated, from the WebSecurity class in favor of the AuthorizationFilter class. New features for version 5.8.0-M3 include: new interfaces for CSRF request processing; AspectJ support to the @EnableMethodSecurity annotation; and support for lazy reading of an implementation of the CsrfToken interface by the LazyCsrfTokenRepository class to complement the existing lazy saving of a token. It is worth noting that there are breaking changes for version 6.0.0-M7. More details on these releases may be found in the release notes for version 6.0.0-M7 and version 5.8.0-M3.

The second milestone release of Spring Cloud Dataflow 2.10.0 has been made available featuring dependency upgrades to Spring Boot 2.7.3, Spring Framework 5.3.22 and Spring Cloud 2021.0.3. Support for MySQL 5.7+, using the MariaDB JDBC driver, has been restored after it was briefly removed in Spring Cloud Dataflow 2.10.0-M1. Further details on this release may be found in the release notes.

Versions 5.0.0-M6 and 4.3.7 of Spring Batch have been released. Version 4.3.7 delivers bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.23; Spring Data 2.5.12; Spring Integration 5.5.15; and Spring Kafka 2.7.14. Version 5.0.0-M6 delivers new features such as: support for native-image in the AbstractJobRepositoryFactoryBean class; support to configure the transaction manager in the SimpleJobOperator and SimpleJobExplorer classes; and revisit the configuration of infrastructure beans with the @EnableBatchProcessing annotation. More details on these releases may be found in the release notes for version 5.0.0-M6 and version 4.3.7.

The second milestone release of Spring Authorization Server 1.0.0 merges enhancements from 0.4.x release train along with dependency upgrades to Spring Framework 6.0.0-M6, Spring Security 6.0.0-M7, mockito-core 4.8.0, jackson-bom 2.13.4 and nimbus-jose-jwt 9.24.4. Further details on this release may be found in the release notes.

The third milestone release of Spring Session 2022.0.0 has been made available that ships with updates to sub-projects: Spring Session Core 3.0.0-M4, Spring Session Data Redis 3.0.0-M4, Spring Session JDBC 3.0.0-M4, and Spring Session Hazelcast 3.0.0-M4.

Similarly, the second milestone release of Spring Authorization Server 0.4.0 ships with new features such as: the ability to add implementations of the AuthenticationProvider and AuthenticationConverter interfaces as an alternative to overriding default ones; and a check to verify that the client secret has not expired in ClientSecretAuthenticationProvider class. More details may be found in the release notes.

Versions 6.0.0-M5 and 5.5.15 of Spring Integration have been made available. Version 5.5.15 features critical bug fixes and resolutions to deprecations of upstream dependencies. Notable changes in version 6.0.0-M5 include: support for Spring AOT, GraphQL and Apache Camel; the removal of the Remote Method Invocation (RMI) module in favor of more secure protocols; a new PostgresSubscribableChannel class to rely on the native PostgreSQL push notifications; and a new ClientManager interface to allow sharing the same MQTT client for different channel adapters. Developers are encouraged to read this migration guide for breaking changes and more details.

Spring for Apache Pulsar 0.1.0-M1, an experimental Spring project, has been released featuring numerous bug fixes and improvements. This version is based on JDK 17, Spring Boot 3.0.0-M5 and Spring Framework 6.0.0-M5. Further details on this release may be found in the release notes.

Spring for GraphQL 1.0.2 has been released that ships with new features such as: support for the @Arguments annotation with Java’s Map interface; support for path variables for redirect to a GraphiQL path; and new introspect controller methods on startup to determine if they need validation. More details on this release may be found in the release notes.

The first milestone release of Spring for GraphQL 1.1 was made available featuring support for JDK 17, Jakarta EE, and a Spring Framework 6.0 baseline. There was also an upgrade to GraphQL Java 19.x, the Java implementation of GraphQL, and new Micrometer Context Propagation library that replaces their internally developed context propagation mechanism.

Quarkus

Quarkus 2.12.3.Final has been released featuring: a dependency upgrade to Hibernate Search 6.1.7.Final; fixes for the request context leak in the Funqy Knative runtime and the MongoDB driver failing a DNS Lookup; and properly support generic bounds for implementations of the ParamConverterProvider interface. Further details on this release may be found in the release notes.

Payara

Payara has released their September 2022 edition of the Payara Platform. Payara 6 Community Alpha 4 provides preview support for Jakarta EE 10 and includes 15 bug fixes, six component upgrades, three improvements and two security fixes. Payara is targeting a beta release for the Payara 6 Community edition to pass the Jakarta EE TCK. More details on this release may be found in the release notes.

Payara Enterprise 5.43.0 brings four bug fixes, a component upgrade to Eclipse Jersey 2.36, and an improvement to support an OpenID Connect token issuer field in Active Directory Federation Services (ADFS). Further details on this release may be found in the release notes.

Micronaut

The Micronaut Foundation has released Micronaut Framework 3.7.0 featuring improvements to numerous modules such as Micronaut for Spring, Micronaut Gradle Plugin, Micronaut GCP, Micronaut Test and Micronaut Reactor. This version also introduces two new modules, Micronaut CRaC and Micronaut Object Storage, to provide support for the Coordinated Restore at Checkpoint (CRaC) and a uniform API to create, read and delete objects within major cloud providers, respectively. More details on this release may be found in the release notes.

Oracle Labs

On the road to version 1.0, Oracle Labs has released version 0.9.14 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides improvements such as: argument files are now stored in the build directory of the Gradle Plugin and the target directory of the Maven Plugin to address the workaround for an absolute path issue on Windows with older versions of GraalVM; and adding a native:compile forking goal that can be initiated from the command line such as mvn native:compile. Further details on this release may be found in the changelog.

Oracle Labs has also provided a community roadmap for features in upcoming GraalVM releases planned for October 2022 and January 2023 along with features planned beyond that timeframe.

JobRunr

Ronald Dehuysser, founder and primary developer of JobRunr, a utility to perform background processing in Java, has released version 5.2.0 that deliver improvements such as: the recurring jobs dashboard is now paged; and the query that returns counters for the dashboard and metrics uses 2-10 times less CPU cycles. More details on this release may be found In the release notes.

PrimeFaces

PrimeFaces, a provider of open-source UI component libraries, has provided point releases of versions 7.0.29, 8.0.21, 10.0.16 and 11.0.8. New features and enhancements include: a new source attribute to Confirm component; an upgrade to Moment.js 2.29.4 that addresses CVE-2022-31129, a vulnerability in which users who pass user-provided strings without sanity length checks to the moment() constructor being vulnerable to regular expression denial of service (ReDoS) attacks; and adding an autoMonthFormat attribute to the DatePicker component.

Failsafe

Failsafe, a lightweight, zero-dependency library for handling failures in Java 8+, has released version 3.3.0 featuring API changes such as: the getStartTime() method defined in the ExecutionContext interface now returns an instance of type Instant rather than an instance of type Duration; and similarly, the getStartTime() defined in ExecutionEvent class now returns an instance of type Optional rather than an instance of type Duration. Also, the getFailure(), getLastFailure(), recordFailure() and similar methods for recording exceptions, deprecated in a previous version, were removed in this release. Developers should use the getException(), getLastException(), recordException() and similar methods. Further details on this release may be found in the changelog.

Apache Software Foundation

Apache Groovy 3.0.13 has been released featuring 44 bug fixes, improvements and a dependency upgrade to Spock 2.2. More details on this release may be found in the changelog.

Apache Log4j 2.19.0 has been released that ships with new features that add: support for SLF4J2 stack-valued MDC class; and an implementation of the SLF4J2 fluent API.

About the Author

Subscribe for MMS Newsletter

By signing up, you will receive updates about our latest information.

  • This field is for validation purposes and should be left unchanged.