MMS • Michael Redlich
Article originally posted on InfoQ. Visit InfoQ
This week’s Java roundup for October 17th, 2022 features news from OpenJDK, JDK 19, JDK 20, JavaFX 20, Generational ZGC Build 20, Oracle Labs, Liberica JDK and Native Image Kit, Spring milestone, point and release candidates, EclipseLink 4.0, Quarkus 2.13.3, Micronaut 3.7.2, Hibernate Reactive 1.1.9, JHipster Lite 0.20, Apache Commons CVE, Groovy 4.0.6 and 2.5.29 and the return of JavaOne.
OpenJDK
JEP 432, Record Patterns (Second Preview), was promoted from its Draft 8294078 to Candidate status this past week. This JEP updates since JEP 405, Record Patterns (Preview), to include: added support for inference of type arguments of generic record patterns; added support for record patterns to appear in the header of an enhanced for statement; and remove support for named record patterns.
Similarly, JEP 433, Pattern Matching for switch (Fourth Preview), was promoted from its Draft 8294285 to Candidate status. This JEP updates since JEP 427, Pattern Matching for switch (Third Preview), to include: a simplified grammar for switch
labels; and inference of type arguments for generic type patterns and record patterns is now supported in switch
expressions and statements along with the other constructs that support patterns.
JDK 19
JDK 19.0.1, the first maintenance release of JDK 19, along with security updates for JDK 17.0.5, JDK 11.0.17 and JDK 8u351 were made available as part of Oracle’s Releases Critical Patch Update for October 2022.
JDK 20
Build 20 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 19 that include fixes to various issues. Further details on this build may be found in the release notes.
For JDK 20, developers are encouraged to report bugs via the Java Bug Database.
JavaFX 20
Build 4 of the JavaFX 20 early-access builds was made available to the Java community and was designed to work with the JDK 20 early-access builds. JavaFX application developers may build and test their applications with JavaFX 20 on JDK 20.
Generational ZGC
Build 20-genzgc+1-14 of the Generational ZGC early-access builds was also made available to the Java community and is based on an incomplete version of JDK 20.
Oracle Labs
Oracle Labs has announced that they will be contributing GraalVM Community Edition source code to OpenJDK. This means: ongoing GraalVM design and development will move to the OpenJDK community; moving forward, GraalVM will use the same development methodology and processes as used for Java; and GraalVM will align with the Oracle Java release and licensing models. InfoQ will follow up with a more detailed news story.
On the road to version 1.0, Oracle Labs has released versions 0.9.15 and 0.9.16 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides improvements such as: modify tests to verify that the --exclude-config
command-line argument behaves as intended; fix functional tests for MacOS users; and improve the toolchain selection diagnostics. Further details on this release may be found in the changelog.
Oracle Labs has also provided a community roadmap for features in upcoming GraalVM releases planned for October 2022 and January 2023 along with features planned beyond that timeframe.
BellSoft
Also concurrent with Oracle’s Critical Patch Update (CPU) for October 2022, BellSoft has released CPU patches for versions 17.0.4.1, 11.0.16.1.1 and 8u351 of Liberica JDK, their downstream distribution of OpenJDK. In addition, Patch Set Update (PSU) versions 19.0.1, 17.0.5, 11.0.17 and 8u352, containing CPU and non-critical fixes, have also been released.
Spring Framework
On the road to Spring Framework 6.0.0, the second release candidate was made available that delivers 28 bug fixes, improvements in documentations and dependency upgrades that include: Apache Derby 10.16, GraalVM 22.3.0 and Jackson 2.14.0-RC2. More details on this release may be found in the release notes.
On the road to Spring Boot 3.0.0, the first release candidate was made available that delivers 135 bug fixes, improvements in documentations and dependency upgrades such as: Spring Framework 6.0.0-RC2, Spring GraphQL 1.0.0-RC1, Spring Security 6.0.0-RC1, Spring Web Services 4.0.0-RC1, Netty 4.1.84.Final, Micrometer 1.10.0-RC1 and Log4j2 2.19.0. Further details on this release may be found in the release notes.
Spring Framework 6.0 and Spring Boot 3.0 are scheduled for GA releases in November 2022. Developers can learn more about what to expect in this InfoQ news story.
Spring Boot 2.7.5 has been released featuring bug fixes and dependency upgrades such as: Spring Data 2021.2.5, Spring Security 5.7.4, Spring Data 2021.2.5, Hibernate 5.6.12.Final and Reactor 2020.0.24. More details on this release may be found in the release notes.
Spring Boot 2.6.13 has been released that ships with 27 bug fixes, improvements in documentation and dependency upgrades such as: Spring Data 2021.1.9, Spring Security 5.6.8, Tomcat 9.0.68, Reactor 2020.0.24 and Jetty Reactive HTTPClient 1.1.13. Further details on this release may be found in the release notes.
Versions 2022.0.0-RC1, 2021.2.5, and 2021.1.8 of Spring Data were released this past week featuring many corresponding dependency upgrades for all three versions. The release candidate delivers a revised module structure that includes eliminating Spring Data for Apache Geode and the point releases may be consumed with Spring Boot 2.7.5 and 2.6.13, respectively.
The Reactor Netty team has published CVE-2022-31684, Reactor Netty HTTP Server May Log Request Headers, a vulnerability in which logged headers may reveal valid access tokens to those with access to server logs. This may affect only invalid HTTP requests where the WARN
level is enabled. Reactor Netty 1.0.24 provided the fix for this CVE.
One week after the eighth milestone release of Spring Batch 5.0, the first release candidate has been made available featuring: improvement in the execution context meta-data to add the version of Spring Batch; and the removal of GemFire support. More details on this release may be found in the release notes.
On the road to Spring Web Services 4.0.0, the first release candidate has been made available that ships with dependency upgrades that include: Spring Framework 6.0.0-RC1, Spring Security 6.0.0-RC1, log4j2 2.19.0, slf4j 2.0.3 and Ehcache 2.10.9.2. This is the last planned release candidate that supports Spring Boot 3.0.
Versions 6.0.0-RC1 and 5.8.0-RC1 of Spring Security have been released that delivers: smarter access to the HttpSession interface; simplify configuration for the RequestMatcher
interface; and XML support for the shouldFilterAllDispatcherTypes
property. These release candidates also bring breaking changes. Further details on this release may be found in the release notes for version 6.0.0-RC1 and version 5.8.0.
Similarly, versions 5.7.4 and 5.6.8 of Spring Security have been released featuring bug fixes and dependency upgrades such as: Spring Framework 5.3.23, Reactor Netty 1.0.24, Jackson Databind 2.13.4.1 and Eclipse Jetty 9.4.49. Further details on this release may be found in the release notes for version 5.7.4 and version 5.6.8.
The first release candidate of Spring for GraphQL 1.1.0 has been made available featuring observability support based on metrics and distributed tracing with Micrometer. There will be no new features after this release candidate as the team will focus on bug fixes and improvements in documentation until the anticipated GA release in November 2022. Spring GraphQL 1.1.0-RC1 will also be included in Spring Boot 3.0.0-RC1. More details on this release may be found in the release notes.
As monolith- and modular-based applications development has regained popularity, Spring has introduced a new experimental project, Spring Modulith, that supports developers in “expressing these logical application modules in code and in building well-structured, domain-aligned Spring Boot applications.” InfoQ will follow up with a more detailed news story.
Andy Wilkinson, staff engineer at VMware, has announced that the Spring Initializr team will be changing their default build tool from Maven to Gradle. Wilkinson, on behalf of the team, is of the opinion that Gradle is a better build system, writing:
This is particularly true for Spring Boot 3.0-based applications where the developer experience with AOT processing is quite a bit better with Gradle. We’d like to nudge the community towards using Gradle while ensuring that Maven’s only a click away for those that prefer it.
Developers who still prefer to use Maven can easily do so via https://start.spring.io/#!type=maven-project
. InfoQ will follow up with a more detailed news story.
EclipseLink
Version 4.0.0 of EclipseLink, a compatible implementation of the Jakarta Persistence specification, has been released that delivers many updates such as: *Visitor
classes and interfaces have been added to the EclipseLink-ASM project; clone the appropriate fields from the clone()
method in the OneToManyMapping
class that fixes a ConcurrentModificationException
being thrown in a multithreaded environment; and update Oracle dependencies to version 21c. More details on this release may be found in the release notes.
Quarkus
Red Hat has released Quarkus 2.13.3.Final that addresses CVE-2022-42003, a denial of service vulnerability in Jackson Databind. Developers are encouraged to upgrade to versions 2.14.0-RC1, 2.13.4.1 and 2.12.17.1. There were also dependency upgrades to the SmallRye Reactive Messaging 3.21.0, Kotlin Serialization 1.4.1 and Jackson Databind 2.13.4. Further details on this release may be found in the changelog.
Micronaut
The Micronaut Foundation has released Micronaut Framework 3.7.2 featuring bug fixes and dependency upgrades to Micronaut Data 3.8.1, JUnit 5.9.1, jackson-databind
2.13.4.2, managed-testcontainers
1.17.5, managed-swagger
2.2.3 and micronaut-gradle-plugins
5.3.15. More details on this release may be found in the release notes.
Hibernate
Hibernate Reactive 1.1.9.Final has been released featuring a performance enhancement in which type caches are avoided on checks for the ReactiveConnectionSupplier
interface. Further details on this release may be found in the list of issues.
JHipster
Versions 0.20.0 and 0.19.0 of JHipster Lite were released this past week that ship with: support for Neo4j; a dependency upgrade to Angular 14.2.7; and refactoring that removes deprecations and Mustache, the logic-less template utility.
Apache Software Foundation
The Apache Software Foundation has published CVE-2022-42889, Arbitrary Code Execution in Apache Commons Text, a vulnerability that allows remote code execution when applied to untrusted input due to unsecure interpolation defaults. Developers are encouraged to upgrade to Apache Commons Text 1.10.0.
Apache Groovy 4.0.6 has been released that delivers 14 bug fixes, improvements and dependency upgrades to Jackson Databind 2.13.4, JUnit 5.9.1, ASM 9.4, Spock 2.3, junit-platform
1.9.1 and japicmp
0.4.1 More details on this release may be found in the changelog.
Similarly, Apache Groovy 2.5.19 has been released that delivers 72 bug fixes, improvements and a dependency upgrade to Spock 1.3. Further details on this release may be found in the changelog.
JavaOne
After a five year hiatus, JavaOne returned to Las Vegas, Nevada this past week at the Caesars Forum and Venetian Convention and Expo Center that featured many speakers from the Java community who presented and facilitated many session types such as Birds of a Feather, hands-on labs, lightning talks, tutorials and deep dives.
One of the many highlights was the Inside Java | JavaOne 2022 Technical Keynote. Facilitated by Chad Arimura, vice president, Java developer relations at Oracle, this keynote featured a number of special guests from Microsoft and Oracle.
- Julia Liuson, president of developer division and GitHub at Microsoft, and Mark Heckler, principal Cloud developer advocate at Microsoft, presented ongoing Java development with Microsoft Azure.
- Gavin Bierman, consulting member of technical staff at Oracle, discussed Project Amber and demonstrated how to use Record Patterns and Pattern Matching in switch.
- Mikael Vidstedt, senior director, Java Virtual Machine, at Oracle, discussed ZGC.
- Sean Mullan, consulting member of technical staff at Oracle, discussed Java security technologies.
- Ron Pressler, consulting member of technical staff at Oracle, and Tomas Langer, architect at Oracle, discussed Project Loom and demonstrated how to use virtual threads in both blocking and reactive environments. Langer also introduced Helidon Níma, a new microservices framework based on virtual threads, that offers a low-overhead, highly concurrent server while maintaining a blocking thread model.
- Denys Makogon, Java developer advocate at Oracle, presenting virtually from Ukraine, presented on how Project Loom and ZGC improved the team’s telemetry ingestion engine for the Oracle Red Bull Racing F1 simulator.
The last JavaOne took place in 2017 before it was changed to CodeOne in 2018 and 2019. There were no conferences in 2020 and 2021 due to the pandemic.