This week's roundup features news from OpenJDK JEPs targeted for JDK 17, GA releases of Jakarta EE 9.1 and Microsoft Build of OpenJDK, milestone and candidate releases for Micronaut and Hibernate Reactive, respectively, Spring releasing a vulnerability report to address a local privilege escalation attack with Spring WebFlux, and birthday celebrations for Hibernate and Java.
OpenJDK and JDK 17
It was another busy week at OpenJDK with updates to some JEPs and the JDK 17 early access builds. Labeled as Build 24, there are numerous changes from Build 23 that include fixes to various issues.
Two JEPs, JEP 403: Strongly Encapsulate JDK Internals and JEP 407: Remove RMI Activation were promoted from Proposed to Target to Targeted or Integrated status yielding this updated list of JEPs targeted for the JDK 17 GA release in September:
- 356: Enhanced Pseudo-Random Number Generators
- 382: New macOS Rendering Pipeline
- 391: macOS/AArch64 Port
- 398: Deprecate the Applet API for Removal
- 403: Strongly Encapsulate JDK Internals
- 407: Remove RMI Activation
- 409: Sealed Classes
- 410: Remove the Experimental AOT and JIT Compiler
- 412: Foreign Function & Memory API (Incubator)
- 414: Vector API (Second Incubator)
Still under review, there are proposed JEPs for JDK 17 that were recently promoted from Candidate to Proposed to Target status:
- 306: Restore Always-Strict Floating-Point Semantics - review ended May 27, 2021
- 406: Pattern Matching for switch (Preview) - review ended May 26, 2021
- 411: Deprecate the Security Manager for Removal - review ended May 27, 2021
More details may be found in the release notes and developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE 9.1 and Compatible Implementations
Five months after the release of Jakarta EE 9, the Jakarta EE Working Group has announced the release of the Platform and Web Profile specifications of Jakarta EE 9.1 and related TCKs. Since its debut in 2018, this is the first incremental release of Jakarta EE featuring multiple updates for the Java community to develop and deploy Jakarta EE 9.1 applications on JDK 11, the current long-term support release of Java SE, as well as JDK 8.
At this time, there are five compatible implementations of Jakarta EE 9.1 including IBM and Tomitribe having announced this past week that Open Liberty and Apache TomEE, respectively, have passed the TCKs.
InfoQ will follow-up with a more detailed news story on the release of Jakarta EE 9.1.
Microsoft Build of OpenJDK
Less than two months after Microsoft introduced the preview release of Microsoft Build of OpenJDK, the GA release was made available to the Java community to include: Docker images and corresponding Dockerfiles; and the latest Minecraft Java Edition snapshot version 21W19A, which has been updated to a JDK 16 runtime based on Microsoft Build of OpenJDK.
The Docker images, designed to be used by any Java application for deployment, may be accessed for a specific tag by invoking the Docker command:
$ docker pull mcr.microsoft.com/openjdk/jdk:<tag>
More details may be found in the container images guide. InfoQ will also follow-up with a more detailed news story.
The Road to Micronaut 3.0
Object Computing, Inc. released Micronaut 3.0.0-M1 containing minor breaking changes. Future milestones releases will include a migration to Jakarta Annotations for dependency injection and a switch from RxJava 2 to Project Reactor.
Hibernate
Hibernate Reactive 1.0.0.CR5 was made available to the Java community featuring bug fixes and dependency upgrades to Hibernate ORM 5.4.32.Final and SmallRye Mutiny 0.17.0. Developers are encouraged to upgrade to Hibernate ORM 5.4.32.Final as recent internal changes will require Hibernate Reactive to use this latest version.
Spring Framework
It was a quiet week over at Spring after a very active previous two weeks. A vulnerability report was released to address CVE-2021-22118: Local Privilege Escalation within Spring Webflux Multipart Request Handling. This fixes an issue with Spring WebFlux applications being vulnerable to a privilege escalation, a network attack used to obtain unauthorized access within the security perimeter of an organization. It was noted that Spring MVC applications and applications that do not handle multipart file requests are not affected by privilege escalation attacks.
On the Lighter Side
This past week marked birthday celebrations for Hibernate and Java.
Vlad Mihalcea, CEO at Hypersistence and former Hibernate developer advocate at Red Hat, announced via Twitter that Hibernate has turned 20 and described his personal journey with Java persistence and Hibernate.
It has already been a year since the 25th birthday celebration of Java as the language has turned 26. The Kansas City Java Users Group celebrated with a 26-hour livestream event hosted by Billy Korando, Nicolai Parlog, Sebastien Blanc and Ted Young. Special guests included: Brian Goetz, Maurizio Cimadamore, Ron Pressler, Pratik Patel, and Josh Long as they discussed all things Java, its past, present, and future.