This week's Java roundup for September 18th, 2023, features news from OpenJDK, JDK 22, JDK 21, GraalVM, Corretto, Liberica, Epicyro 3.0, Pinot 1.0, and releases for: Spring Boot; Spring Integration; Spring Batch; Spring Cloud Dataflow; Spring Security; Spring GraphQL; Spring Authorization Server; Spring Apache Pulsar; Spring Modulith; Quarkus; Open Liberty; Micronaut; Hibernate; OpenXava; and Gradle.
OpenJDK
Daniel Smith, programming language designer at Oracle, has submitted JEP 8316779, Value Object Storage Enhancements (Preview). Under the auspices of Project Valhalla, this JEP introduces null-restricted storage of value objects in fields and array components. "These variables are initialized to an initial instance of the class and reject attempts to write a null value. They can be optimized with compact, flattened object encodings."
JDK 21
Oracle has released version 21 of the Java programming language and virtual machine, which ships with a final feature set of 15 JEPs. More details may be found in this InfoQ news story.
JDK 22
Build 16 of the JDK 22 early-access builds was made available this past week featuring updates from Build 15 that include fixes to various issues. Further details on this build may be found in the release notes.
With no objections to the proposed JDK 22 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, has declared the following release schedule as final:
- Rampdown Phase One (fork from main line): December 7, 2023
- Rampdown Phase Two: January 18, 2024
- Initial Release Candidate: February 8, 2024
- Final Release Candidate: February 22, 2024
- General Availability: March 19, 2024
For JDK 22, developers are encouraged to report bugs via the Java Bug Database.
GraalVM
In conjunction with the release of JDK 21, GraalVM for JDK 21 has also been released by Oracle Labs. new features include: full support for JDK 21; performance enhancements with Profile-Guided Optimizations; a new application levels policy for faster compilation time; and improved developer experience with a new CLI options, --parallelism and --color, for specifying the number of threads and output color during builds, respectively. More details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.
On the road to version 1.0, Oracle Labs has released version 0.9.27 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides bug fixes and improvements for GraalVM for JDK 21. Further details on this release may be found in the changelog.
Amazon Corretto
Amazon has released Amazon Corretto 21, their downstream distribution of OpenJDK 21, which is available on Linux, Windows, and macOS. Developers may download this latest version from this site.
BellSoft Liberica JDK
Similarly, BellSoft has released Liberica JDK 21, their downstream distribution of OpenJDK 21. Developers may download this latest version from this site.
Spring Framework
The third milestone release of Spring Boot 3.2.0 delivers bug fixes, dependency upgrades and new feature such as: add the ConnectionDetails interface and @ServiceConnection annotation to the configuration in Spring for Apache Pulsar; provide an instance of the RestClientBuilderConfigurer class to apply Spring Boot defaults to a custom RestClient.Builder interface; and remove the use of the deprecated ServerHttpObservationFilter class for WebFlux instrumentation. More details on this release may be found in the release notes.
Similarly, versions 3.1.4, 3.0.11 and 2.7.16 of Spring Boot provide improvements in documentation, dependency upgrades, a TWENTY_ONE enum constant to the JavaVersion enum class, and notable bug fixes such as: the Saml2RelyingPartyAutoConfiguration class ignores the value set in the sign-request property when using the metadata-url query; a leaking file descriptor and socket within DomainSocket class; and an invalid Accept request HTTP header produces an HTTP 500 Internal Server Error when using the WelcomePageHandlerMapping class. Further details on these releases may be found in the release notes for version 3.1.4, version 3.0.11 and version 2.7.16.
The third milestone release of Spring Integration 6.2.0 ships with dependency upgrades and notable changes such as: a refactor of the KafkaMessageDrivenChannelAdapter class for future maintenance to avoid code duplication; new overloaded executeLocked() methods added to the LockRegistry interface to follow best practice and well-known patterns with the JdbcTemplate, RestTemplate and JmsTemplate classes; and support for custom instances of the DefaultSftpSessionFactory class. More details on this release may be found in the release notes.
The third milestone release of Spring Batch 5.1.0 provides bug fixes, improvements in documentation and new features such as: auto-configure the JobRegistryBeanPostProcessor class with @EnableBatchProcessing annotation and the DefaultBatchConfiguration class for improved job registration with the JobRegistry interface; the ability to specify a database type via a new parameter in the @EnableBatchProcessing annotation; and the ability to provide a custom JobKeyGenerator interface in the JdbcJobInstanceDao class. Further details on this release may be found in the release notes.
The release of Spring Cloud Dataflow 2.11.0 delivers bug fixes, dependency upgrades and support for: Spring Boot 3.x-based stream applications; Spring Cloud Task 3.x-based task applications; and Spring Batch 5.x-based batch applications. There was also an upgrade to the Kubernetes batch/v1 cron job so that developers can now use Kubernetes 1.25.0 and above. More details on this release may be found in the release notes.
Versions 6.2.0-M1, 6.1.4, 6.0.7 and 5.8.7 of Spring Security have been released featuring fixes for CVE-2023-34042, Incorrect Permission Assignment for spring-security.xsd, a vulnerability in which the spring-security.xsd file, found inside the spring-security-config JAR archive, is world writable and could result in an exploit. Developers are encouraged to upgrade to these releases. Further details on these releases may be found in the release notes for version 6.2.0-M1, version 6.1.4, version 6.0.7 and version 5.8.7.
Versions 1.2.3, 1.1.6 and 1.0.5 of Spring for GraphQL have been released delivering bug fixes, improvements in documentation, dependency upgrades and new features such as: the ability to access object type extensions (to complement object types) using the ConnectionTypeDefinitionConfigurer class; raise a Spring Security AuthenticationCredentialsNotFoundException to require authentication when an instance of the Java Principal interface is not present and not declared as Optional; and enhancements to the GraphQL request body checks to prevent an HTTP 500 Internal Server Error. These releases may be consumed with Spring Boot versions 3.1.4, 3.0.11 and 2.7.16, respectively. More details on these releases may be found in the release notes for version 1.2.3, version 1.1.6 and version 1.0.5.
The first milestone release of Spring Authorization Server 1.2.0 ships with bug fixes, dependency upgrades and new features such as: the ability to inject custom metadata to improve client registration; new code challenge methods for OIDC provider configuration response; and improvements in logging with the CodeVerifierAuthenticator class. Further details on this release may be found in the release notes.
The second milestone release of Spring for Apache Pulsar 1.0.0 features notable changes such as: the ability to add multiple customizers to the PulsarAdministration, DefaultPulsarConsumerFactory, DefaultPulsarReaderFactory and DefaultReactivePulsarSenderFactory classes; and move the cache provider modules source files from the default spring.pulsar.core package to a package that is specific to the module name to avoid any confusion with the Java module system. More details on this release may be found in the release notes.
Versions 1.1.0-M1 and 1.0.1 of Spring Modulith have been released providing bug fixes, improvements in documentation, dependency upgrades and new features such as: support to externalize domain events into messaging middleware (Kafka, AMQP, JMS, etc.) by registering an @ApplicationEventListener; a new Neo4j event publication repository; and new interfaces - CompletedEventPublications, IncompleteEventPublications and EventPublicationRepository - for improved handling of completed and incomplete event publications. Further details on these releases may be found in the release notes for version 1.1.0-M1 and version 1.0.1.
Quarkus
The release of Quarkus 3.4.1 features support for Redis 7.2 and changes in support for the Flyway extension that include: the ability to disable the automatic setup of the Flyway extension by setting the quarkus.flyway.enabled property to false; and declare a datasource as inactive for a specific datasource and named datasource by setting the quarkus.flyway.active and quarkus.flyway.<datasourceName>.active properties, respectively, to false. More details on this release may be found in the changelog.
Open Liberty
IBM has released version 23.0.0.9 of Open Liberty that provides support for: Spring Boot 3.0 requiring Jakarta EE 10, Spring Security 6.x, and a new server template named springBoot3; support for Private Key JWT authentication with OpenID Connect token endpoints; and the ability to set the LTPA or JWT cookie path to the application context root to allow for different LTPA and JWT tokens for different applications.
Micronaut
The Micronaut Foundation has released version 4.1.2 of the Micronaut featuring Micronaut Core 4.1.6 and updates to the Micronaut Data module. Further details on this release may be found in the release notes.
Hibernate
Versions 6.3.1.Final and 6.2.9.Final of Hibernate ORM have been released that ship with bug fixes and improvements in query methods and finder methods. More details on these releases may be found in the release notes for version 6.3.1.Final and version 6.2.9.Final.
Eclipse Foundation
Shortly after it was introduced by OmniFishEE, Eclipse Epicyro 3.0 has formally been released as a standalone implementation of the Jakarta Authentication 3.0 specification. This new project will define a general low-level SPI for authentication mechanisms, controllers that interact with a caller and a container's environment to obtain the caller's credentials. These will be validated and pass an authenticated identity (such as name and groups) to a container.
Apache Software Foundation
The release of Apache Pinot 1.0.0, a realtime distributed OLAP datastore, delivers bug fixes, enhancements and new features such as: initial support for Query runtime for Window Functions using ORDER BY clause within the OVER() clause; an early termination in the execution of the SortOperator class if the LIMIT clause is used; and support for partition-based leaf stage processing. Further details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.
OpenXava
The release of OpenXava 7.1.6 ships with notable fixes such as: improvements in the interactions between the @ElementCollection and @DescriptionsList annotations; grouping after filtering or sorting a list fails with the @Tab annotation if it contains a baseCondition parameter and an instance of the IFilter interface; and an instance of the IForwardAction interface does not work if the application is behind a proxy. More details on this release may be found in the release notes.
Gradle
The first release candidate of Gradle 8.4 delivers: initial support for JDK 21 only to compile, test, and run Gradle projects since Kotlin does not yet support JDK 21; improved compilation on Windows OS; a simplified way to create role-focused instances of the Configuration interface using the ConfigurationContainer interface; and improved support for the Kotlin DSL. Further details on this release may be found in the release notes.