This week's Java roundup for June 17th, 2024, features news highlighting: the Payara Platform release for June 2024; all 16 Jakarta EE 11 specifications having passed their respective reviews; Open Liberty 24.0.0.6; Micronaut 4.5.0; and two Quarkus point releases.
OpenJDK
Christian Stein, principal member of technical staff at Oracle, has announced that version 7.4.0 of the Regression Test Harness for the JDK, jtreg, released in May 2024, is now the default version for the JDK 24 early-access builds.
JDK 23
Build 28 of the JDK 23 early-access builds was made available this past week featuring updates from Build 27 that include fixes for various issues. Further details on this release may be found in the release notes, and details on the new JDK 23 features may be found in this InfoQ news story.
JDK 24
Build 3 of the JDK 24 early-access builds was also made available this past week featuring updates from Build 2 that include fixes for various issues. Release notes are not yet available.
For JDK 23 and JDK 24, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE
The final two specifications targeted for Jakarta EE 11, Jakarta Authentication 3.1 and Jakarta Security 4.0, have passed their respective release reviews this past week. This means that all 16 specifications updated for Jakarta EE 11 are now complete!
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE developer advocate at the Eclipse Foundation, explained that efforts are focused on finalizing the TCK and completing the required changes in the Jakarta EE Platform, Web Profile and Core Profile before the final GA release of Jakarta EE 11.
Spring Framework
It was a busy week over at Spring as the various teams have delivered numerous milestone and point releases on Spring Boot, Spring Framework, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Session, Spring Integration, Spring Modulith, Spring AMQP, Spring for Apache Kafka, Spring for Apache Pulsar and Spring Tools. More details may be found in this InfoQ news story.
Payara
Payara has released their June 2024 edition of the Payara Platform that includes Community Edition 6.2024.6 and Enterprise Edition 6.15.0 and Enterprise Edition 5.64.0. All three editions feature: optimized Multi-Release JAR class loading for faster application startup and operation; and an improved thread expiration validation to resolve an inconsistent session timeout when using Session Replication with the --lite command line option.
There was also an upgrade to Payara Security Connectors 3.1.1 and 2.7.1 for the version 6 release train, Community and Enterprise, and the version 5 release train, respectively.
Further details on these releases may be found in the release notes for Community Edition 6.2024.6 and Enterprise Edition 6.15.0 and Enterprise Edition 5.64.0.
Helidon
Helidon 4.0.10, the tenth maintenance release, provides notable changes such as: a new inner class, MethodStateCache, defined in the MethodInvoker class that implements a new method caching strategy in fault tolerance; a resolution to handle an invalid end-of-line when parsing HTTP headers and add the appropriate tests; and improvements in validating JWT tokens. More details on this release may be found in the changelog.
Quarkus
Quarkus 3.11.2, the second maintenance release, ships with resolutions to notable issues such as: a NullPointerException due to the setListeners() method, defined in the ShutdownRecorder class, not being called in the when QUARKUS_INIT_AND_EXIT is used; a misspelled URL for a JQuery WebJar resource throws an StringIndexOutOfBoundsException instead of redirecting to an HTTP 404 status code; and a failure in using the Gradle quarkusDev parameter when usage analytics are enabled. Further details on this release may be found in the changelog.
Two days after the release of Quarkus 3.11.2, Quarkus 3.11.3, the third maintenance release, provides dependency upgrades and notable changes such as: compatibility with Maven Daemon (mvnd) 1.0; support for the ISO 8601 date/time format in the HTTP access logs; and a resolution to various issues with the lastModified property using the Quarkus REST extension. More details on this release may be found in the changelog.
Open Liberty
IBM has released version 24.0.0.6 of Open Liberty featuring: faster startup of Spring Boot applications using Spring Boot 3.0 InstantOn with CRaC; and InstantOn support for the Jakarta Messaging specification with IBM MQ and JCache Session Persistence feature.
This release also addresses CVE 2024-22354, a vulnerability affecting IBM WebSphere Application Server 8.5 and 9.0, and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5, that are vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, or to conduct a server-side request forgery attack.
Micronaut
The Micronaut Foundation has released version 4.5.0 of the Micronaut Framework featuring Micronaut Core 4.5.3, bug fixes, improvements in documentation and updates to modules: Micronaut Data, Micronaut Servlet and Micronaut Micrometer.
This release also introduces new modules: Micronaut JSON Schema, for generating JSON schema definitions from classes at build time; Micronaut Sourcegen, for writing source generators and generating Builder and Wither classes; and Micronaut Guice, that allows the import of existing Guice modules.
Further details on this release may be found in the release notes.
Apache Software Foundation
The twenty-first milestone release of Apache Tomcat 11.0.0 along with point releases, 10.1.25 and 9.0.90, all feature bug fixes and notable changes such as: ensure that static resources deployed via a JAR file remain accessible when the context is configured to use a bloom filter; the default value of the discardFacades attribute, defined in the Connector class, is now true for improved safety; and an update to Commons Daemon 1.4.0. More details on these releases may be found in the release notes for version 11.0.0-M11, version 10.1.25 and version 9.0.90.
The release of Apache Camel 3.21.5 delivers bug fixes and improvements such as: removal of the now deprecated fireEvent() method from the Jakarta CDI BeanManager interface; and an improved JMSCorrelationID message header, defined in the Jakarta Messaging Message interface, to handle message brokers that have bugs. This is the last planned patch release for Camel 3.21 release train. Further details on this release may be found in the release notes.
The release of Apache Maven 3.9.8 ships with bug fixes, dependency upgrades and improvements such as: display the reason(s) why a model builder discards a model; an improvement to the SimplexTransferListener class to handle absent source/target files; and the list of plugins in the validation report are now sorted in alphabetical order. More details on this release may be found in the release notes.
JobRunr
Version 7.2.1 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released that primarily fixes a ConcurrentModificationException that may be thrown due to concurrent updates to an instance of a Job class. This completes the transition from Kotlin 1.7 to Kotlin 2.0 by correctly naming the necessary artifact. This version also provides an enhancement that validates an implementation of the JobRequest interface when using the JobBuilder or the RecurringJobBuilder classes. Further details on this release may be found in the release notes.
JHipster
The release of JHipster Lite 1.11.0 ships with bug fixes, dependency upgrades and new features/enhancements such as: a new ElementReplacer interface dedicated to insert text at the end of file; and an improved JHipster Lite logging. More details on this release may be found in the release notes.
Infinispan
Infinispan 15.0.5.Final, the fifth maintenance release, delivers notable changes such as: an optimized lookupResource() method, defined in the ResourceManagerImpl class, for improved processing of resources; a file cleanup in the RocksDB cache store before executing tests; and return an HTTP 400 (Bad Request) response code if a user requests initialization of an internal cache.
OpenXava
The release of OpenXava 7.3.3 ships with bug fixes, dependency upgrades and Maven improvements with new archetypes, openxava-project-management-archetype and openxava-crm-archetype, available in both English and Spanish. Further details on this release may be found in the release notes.
Keycloak
Keycloak 25.0.1, the first maintenance release, provides bug fixes and enhancements: use of a proper Apache FreeMarker template for the refurbished Account and Admin Consoles; and enhanced masking in the CLI with values passed using the --config-keystore parameter.
Gradle
The first release candidate of Gradle 8.9 delivers: an improved error and warning reporting for variant issues during dependency resolution; structural details exposed of Java compilation errors for IDE integrators, allowing for easier analysis and resolving issues; and the ability to display more detailed information about JVMs used by Gradle. More details on this release may be found in the release notes.