This week's Java roundup for June 26th, 2023, features news from JDK 22, JDK 21, point releases and release candidates for Spring Cloud, Spring Shell, GlassFish, Micronaut, Quarkus, Open Liberty, Hibernate ORM, Hibernate Search, Apache Groovy, Apache Camel, Maven, JHipster Lite, JReleaser, JobRunr, RefactorFirst, OpenXava, Resilience4j, Failsafe, Yupiik Fusion and Gradle.
JDK 21
Build 29 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 28 that include fixes to various issues. Further details on this build may be found in the release notes.
JDK 22
Build 4 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 3 that include fixes to various issues. More details on this build may be found in the release notes.
For JDK 22 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.
Spring Framework
The release of Spring Cloud 2021.0.8, codenamed Jubilee, features a load balancing improvement in Spring Cloud Commons that will allow chain filtering of instances based on requests. There were also updates to sub-projects such as: Spring Cloud Kubernetes 2.1.8, Spring Cloud Commons 3.1.7, Spring Cloud Stream 3.2.9 and Spring Cloud Openfeign 3.1.8. Further details on this release may be found in the release notes.
Versions 3.1.2, 3.0.6 and 2.1.11 of Spring Shell have been released featuring notable bug fixes such as: alias command extraction from the @Command annotation for obtaining defined multiple aliases if more than one is defined; positional arguments in the Parser interface don't override the default value; and messages from the CommandNotFound class should be configurable. These releases are built on top of Spring Boot versions 3.1.1, 3.0.8 and 2.7.13, respectively. More details may be found in the release notes for version 3.1.2, version 3.0.6 and version 2.1.11.
Eclipse GlassFish
GlassFish 7.0.6, the sixth maintenance release, delivers: bug fixes, component upgrades and new features such as: support for MicroProfile Rest Client 3.0; allow using @Inject instead of @Context for simple dependency injection; connection timeouts added to some admin commands and the Admin Console; and a default timeout added to the free port finder in NetUtils. Further details on this release may be found in the release notes.
Micronaut
The Micronaut Foundation has provided the fourth release candidate of Micronaut 4.0.0 featuring bug fixes, improvements in documentation, dependency upgrades and notable changes such as: allow setting of cloud deduction with probes via environmental variables or property files; a fix for which ControllerConstraintHandlerTest and FilterErrorTest classes for the JDK Client TCK; and add a way to extract the value from the JsonNode class and construct it from that value. More details on this release may be found in the release notes.
Quarkus
Red Hat has released version 3.1.3.Final of Quarkus that ships with dependency upgrades and notable bug fixes such as: a NullPointerException when using the Infinispan Counter Manager; an incorrect Hibernate dialect version detected for Microsoft SQLServer; and a NullPointerException when sending mail using the MailTemplate interface. Further details on this release may be found in the changelog.
Open Liberty
IBM has released version 23.0.0.6 of Open Liberty featuring bug fixes and the formal releases of their InstantOn and Liberty Tools utilities. InstantOn uses the Checkpoint/Restore In Userspace (CRIU) feature of the Linux kernel to take a checkpoint of the JVM that may be restored later. Liberty Tools 23.0.6, a set of intuitive developer tools for the Eclipse IDE, Visual Studio Code, and IntelliJ IDEA development environments, enable fast iterative development with Liberty dev mode and Maven or Gradle. This new version also addresses CVE-2023-28867, a vulnerability in which an attacker can send a crafted GraphQL query that causes stack consumption.
Hibernate
The release of Hibernate ORM 6.2.6.Final that provides bug fixes such as: property sorting with derived embeddable keys can lead to incorrect column mappings; reading entities using the @MappedSuperclass annotation does not work with classes in foreign packages; and an Hibernate Query Language query containing a subquery, with an entity path at least two levels deep, produces incorrect SQL.
The first release candidate of Hibernate Search 6.2.0 delivers bug fixes, dependency upgrades and these new features: a new excludePaths filter added to the @IndexedEmbedded annotation to complement the existing includePaths filter; and new includeDepth, includePaths and excludePaths filters added to the @ObjectProjection annotation to allows breaking of cycles of nested object projections.
Apache Software Foundation
The Apache Software Foundation has provided point releases for Apache Groovy, Apache Camel and Apache Maven.
Version 4.0.13 of Groovy provides bug fixes, dependency upgrades and a new feature in which bytecode on generated methods using Java records were optimized. More details on this release may be found in the changelog.
Similarly, version 3.0.18 of Groovy ships with many bug fixes and a new feature in which assignment checks are made on fields declared as final during static compilation. Further details on this release may be found in the changelog.
The release of Camel 3.21.0 delivers numerous bug fixes, dependency upgrades, improvements and new features such as: support for Unix Domain Sockets in the Camel Netty component; the addition of dev console for the BacklogTracer in the Camel Console; and support for Camunda Zeebe, a cloud native workflow and decision engine. More details on this release may be found in the release notes.
Maven 3.9.3 features bug fixes, dependency upgrades and improvements such as: a refactor of internal use of the SessionData interface; the plugin validation report will now be printed before the build summary; and a more consistent parsing of plugin validation level. Further details on this release may be found in the release notes.
JHipster
The JHipster team has released version 0.36.0 of JHipster Lite with bug fixes, numerous dependency upgrades and a new feature to support custom dependency readers for JHipster tests. More details on this release may be found in the release notes.
JReleaser
Version 1.7.0 of JReleaser, a Java utility that streamlines creating project releases, has been released delivering bug fixes, improvements in documentation and new features such as: a new BlueskyAnnouncer interface to complement existing announcers; support for archive types as a source for the jlink assembler; and support for a Supply Chain Levels for Software Artifacts (SLSA) cataloger. Further details on this release may be found in the release notes.
JobRunr
JobRunr 6.2.3 has been released to provide a bug fix in which there is no response from selecting the "Requeue" and "Delete" options from the dashboard. This was due to the corresponding calls to the requeue() and delete() methods referring to prop.match.params.id, not jobId, causing jobId to be assigned the value of undefined.
RefactorFirst
Jim Bethancourt, principal software consultant at Improving, an IT services firm offering training, consulting, recruiting, and project services, has announced the release of RefactorFirst 0.4.0. This release delivers: a new PMD rule, CouplingBetweenObjects, with an additional graph and corresponding generated table; an enhanced UI, and merged-in CSV and JSON reports. More details on this release may be found in the release notes.
OpenXava
The release of OpenXava 7.1.2 features bug fixes, improvements in documentation, dependency upgrades and the addition of a new properties: trustedHostsForImages, trustedHostsForScripts, trustedHostsForStyles and trustedHostsForFrames in the xava.properties file for exceptions in Content Security Policy (CSP) in sources of images, scripts, CSS files and frames/iframes, respectively. Further details on this release may be found in the release notes.
Resilience4j
Versions 2.1.0 of Resilience4j, a fault tolerance library for Java, has been released with these enhancements: support for Spring annotations in the FallbackMethod class; and the ability to configure the RecordResultPredicate class in Spring Boot applications. There was also an API regression fix following the removal of the io.vavr dependencies in version 2.0.0. More details on Resilience4j may be found in this InfoQ news story.
Failsafe
Failsafe, a lightweight, zero-dependency library for handling failures in Java 8+, has released version 3.3.2 featuring a bug fix in which the creation of a Failsafe executor with a Bulkhead policy may drop requests when the maxWaitTime is specified. Further details on this release may be found in the changelog.
Yupiik
Version 1.0.4 of Yupiik Fusion has been released with notable changes such as: a new extension module, JWT Validation, to parse and validate a JSON web token via the JSON module; improvements to the Handlebars module; and a new Body interface in the HTTP Server module to more easily manage request body usage through the Java Flow class. More details on this release may be found in the release notes.
Gradle
The release of Gradle 8.2 addresses two security issues: a dependency cache path traversal vulnerability on the Gradle dependency cache and path traversal vulnerabilities in handling of TAR archives. In both cases, an attacker can "poison" the dependency cache or overwrite important files elsewhere on the filesystem where the Gradle process has write permissions.