This week's Java roundup for February 20th, 2023, features news from OpenJDK, JDK 20, JDK 21, GraalVM, GlassFish 7.0.2, point and milestone releases of numerous Spring projects, Helidon 4.0.0-ALPHA5, NetBeans 17, Apache Tomcat 11.0.0-M3, 10.1.6, 9.0.72 and 8.5.86, Apache Log4j 2.20.0, JHipster Lite 0.28.0, JobRunr 6.1.0, JBang 0.104.0, and Gradle 7.6.1 and 6.9.4.
OpenJDK
JEP Draft 8303167, Deprecate the Windows x86-32 Port, has been introduced by George Adams, senior program manager at Microsoft, this past week. This feature JEP proposes to deprecate the Windows x86-32 port with the intent to remove it in a future release. With no intent to implement JEP 436, Virtual Threads (Second Preview), in 32-bit platforms, removing support for this port will enable OpenJDK developers to accelerate development of new features.
JDK 20
JDK 20 remains in its release candidate phase with the anticipated GA release on March 21, 2023. Build 36 remains the current build in the JDK 20 early-access builds. More details on this build may be found in the release notes.
JDK 21
Build 11 of the JDK 21 early-access builds was also made available this past week featuring updates from Build 10 that include fixes to various issues. Further details on this build may be found in the release notes.
For JDK 20 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.
GraalVM
The first GraalVM developer builds for JDK 20 are now available to the Java community. More details may be found in the release notes and developers are encouraged to visit the Getting Started guide.
Oracle Labs has also announced that the upcoming release of GraalVM 23.0 will include support for ZGC on HotSpot with the goal to add the required Z Garbage Collector (ZGC) barriers on the HotSpot virtual machine along with performance optimizations.
Eclipse GlassFish
The release of GlassFish 7.0.2 features integrations of Eclipse projects: Jersey 3.1.1, Mojarra 4.0.1, Eclipselink 4.0.1-RC2, WaSP 3.2.0, Tyrus 2.1.3 and Angus 2.0.1. Other enhancements include: stabilizing the GlassFishLogManagerLifeCycleTest class, a fix for a failure when application code requests a directory from the ClassLoader; explicit removal of temporary directories upon exit; and a TCK runner for the glassfish-external-tck-pages-tags artifact.
Spring Framework
It was a very busy week over at Spring as there were numerous point and milestone releases on a number of their projects.
The release of Spring Boot 3.0.3 delivers bug fixes improvements in documentation and dependency upgrades such as: Spring Data 2022.0.2, Spring Security 6.0.2, Spring Batch 5.0.1, Micrometer 1.10.4, Netty 4.1.89.Final, Hibernate 6.1.7.Final and Glassfish JAXB 4.0.2. Further details on this release may be found in the release notes.
Similarly, the release of Spring Boot 2.7.9 ships with bug fixes improvements in documentation and dependency upgrades such as: Spring Data 2021.2.8, Spring Security 5.7.7, Spring Batch 4.3.8, Micrometer 1.9.8, Netty 4.1.89.Final, Hibernate 5.6.15.Final and Glassfish JAXB 2.3.8. More details on this release may be found in the release notes.
Looking ahead to version 3.1.0, the first milestone release of Spring Boot 3.1.0 was made available. This version provides bug fixes, improvements in documentation, dependency upgrades and new features such as: remove the dependency management for Apache HttpClient 4 due to a migration to HttpClient 5; add the maximum HTTP response header size configuration for Apache Tomcat and Jetty; support for the Spring for Apache Kafka ContainerCustomizer interface; and autoconfigure the BatchInterceptor interface on the default ConcurrentKafkaListenerContainerFactory class. Further details on this release may be found in the release notes.
Versions 5.0.1 and 4.3.8 of Spring Batch were released featuring bug fixes, dependency upgrades, improvements in documentation and respective dependency upgrades such as: Spring Framework 6.0.5 and 5.3.25; Spring Retry 2.0.0 and 1.3.4; Spring AMQP 3.0.2 and 2.3.16; Spring Data 3.0.2 and 2.7.8; Spring Integration 6.0.3 and 5.5.16; and Micrometer 1.10.4 and 1.9.8. More details may be found in the release notes for version 5.0.1 and version 4.3.8.
Versions 2023.0.0-M2, 2022.0.2, and 2021.2.8 of Spring Data have been released that ship with bug fixes and respective dependency upgrades such as: Spring Data Commons 3.1.0-M2, 3.0.2 and 2.7.8; Spring Data MongoDB 4.1.0-M2, 4.0.2 and 3.4.8; and Spring Data Elasticsearch 5.1.0-M2, 5.0.2 and 4.4.8. Spring Data 2023.0.0-M1 was also made available this past week, but due to a glitch caused by the release tooling, Spring Data 2023.0.0-M2, codenamed Ullman, addressed this issue. Spring Data 2022.0.2 and 2021.2.8 may be consumed by Spring Boot 3.0.3 and 2.7.9, respectively.
Versions 6.0.2, 5.8.2, and 5.7.7 of Spring Security have been released with bug fixes and dependency upgrades. New features in version 6.0.2 include: Reenable tests for the R2dbcReactiveOAuth2AuthorizedClientService class; and documentation for the CsrfTokenRequestAttributeHandler class should reflect that the XorCsrfTokenRequestAttributeHandler subclass is used by default. New features in version 5.8.2 include: a new XorCsrfChannelInterceptor class that validates a CSRF token masked by the XorCsrfTokenRequestAttributeHandler class; and document that the @EnableWebFluxSecurity annotation will require the @Configuration annotation in version 6.0. Further details may be found in the release notes for version 6.0.2, version 5.8.2 and version 5.7.7.
The release of Spring Cloud 2021.0.6 features dependency upgrades to the sub-projects such as: Spring Cloud Config 3.1.5, Spring Cloud Kubernetes 2.1.5, Spring Cloud Build 3.1.5, Spring Cloud OpenFeign 3.1.5 and Spring Cloud Function 3.2.8. More details on this release may be found in the release notes.
The release of Spring for GraphQL 1.1.2 delivers bug fixes, improvements in documentation, dependency upgrades and new features: allow configuring the ExecutionInput class via the ExecutionGraphQlServiceTester interface; ContextDataFetcherDecorator ignores subscriptions when "subscription" type is renamed; and support @Validated on the method parameter. Further details on this release may be found in the release notes.
Versions 1.0.1 and 0.4.1 of Spring Authorization Server have been released with bug fixes and respective dependency upgrades such as: Spring Framework 6.0.5 and 5.3.25; Spring Security 6.0.2 and 5.8.2; JUnit Jupiter 5.9.2; and Jackson 2.14.2. A new feature in version 0.4.1 includes an updated continuous-integration-workflow.yml file to use an environmental file instead of the deprecated set-output command. More details may be found in the release notes for version 1.0.1 and version 0.4.1.
Looking ahead to version 1.1.0, the first milestone release of Spring Authorization Server has also been made available that delivers support for OpenID Connect 1.0 Logout endpoint. Further details on this release may be found in the release notes.
The release of Spring Modulith 0.4.0 provides bug fixes, dependency upgrades and new features such as: support scenarios to integrate test application modules, especially those annotated with @ApplicationEventListener; more detailed logging of incomplete event publication lookup on Modulith startup; and use the system name as the container name in documentation generation. More details on this release may be found in the release notes.
Due to a small glitch in which the spring-modulith-runtime module causes a web application to hang on Modulith shutdown, version 0.4.1 was released to address this issue right away. There was also a dependency upgrade to jMolecules 2022.2.3. Further details on this release may be found in the release notes.
Helidon
The fifth alpha release of Helidon 4.0.0 that deliver changes such as: support for interrupting HTTP/2 connections that result in more efficient server shutdowns; register an instance of the OciMetricsSupport class via a new enabled() method defined in the OciMetricsSupport.Builder class; and update the BodyPart interface to return an instance of Optional instead of a nullable String.
Apache Software Foundation
The Apache Software Foundation has provided releases for NetBeans, Tomcat and Log4j 2.
The release of Apache NetBeans 17 delivers changes such as: increase the large file warning from 1 MB to 5 MB; an initial implementation of ANTLR4 lexers; a dependency upgrade to ATNLR4 Runtime 4.11.1; and support for Jakarta EE 10. More details on this release may be found in the changelog.
The third milestone (alpha) release of Apache Tomcat 11.0.0 provides notable changes: increase the minimum supported Java version to JDK 17; remove support for starting Tomcat under a security manager; and remove support for JAX-RPC which was removed from the Jakarta EE platform in Jakarta EE 9. It is worth noting that the minimal Java version may be increased to JDK 21 as version 11.0.0 evolves as Jakarta EE 11 evolves. Further details on this release may be found in the changelog.
Apache Tomcat 10.1.6 has been released featuring a switch to using the ServiceLoader mechanism to load the custom URL protocol handlers that Tomcat uses; update the packaged version of the Apache Tomcat Native Library to 2.0.3 to pick up the Windows binaries built with with OpenSSL 3.0.8; add the shared IP address space (100.64.0.0/100.0.0.10) specified by RFC 6598, IANA-Reserved IPv4 Prefix for Shared Address Space, to the list of trusted proxies for the RemoteIpValve and RemoteIpFilter classes; log basic information for each configured TLS certificate on Tomcat startup; and limit access to examples web application to localhost by default. More details on this release may be found in the changelog.
Versions 9.0.72 and 8.5.86 of Apache Tomcat feature notable changes: add an error report valve that allows redirecting to, or proxying from, an external web server; add the shared IP address space (100.64.0.0/100.0.0.10) specified by RFC 6598, IANA-Reserved IPv4 Prefix for Shared Address Space, to the list of trusted proxies for the RemoteIpValve and RemoteIpFilter classes; log basic information for each configured TLS certificate on Tomcat startup; and limit access to examples web application to localhost by default. Further details on these releases may be found in the changelogs for version 9.0.72 and version 8.0.86.
The release of Apache Log4j 2.20.0 now ships with two versions of the SLF4J to Log4j adapters due to a break in compatibility in the SLF4J binding. Other new features include: add support for timezones in RollingFileAppender date pattern; add LogEvent timestamp to ProducerRecord in KafkaAppender; and add a logAndGet() method in the LogBuilder interface to emulate the traceEntry() method in the Logger method.
JHipster
The JHipster team has released JHipster Lite 0.28.0 featuring enhancements such as: support for Cassandra schema migration; a refactor of the CustomClaimConverter class for improved security; and a dependency upgrade to Spring Boot 3.0.3; More details on this release may be found in the release notes.
The team has also announced that Consul will be used as the default service discovery mechanism in the upcoming release of JHipster 8.0. As a result, the JHipster Registry will be deprecated.
JobRunr
JobRunr 6.1.0 has been released featuring improvements such as: easier mocking of the JobContext class; support for AWS DocumentDB via the Quarkus extension and JobRunr; and improved functionality with the JobServerFilter interface. Further details on this release may be found in the release notes.
JBang
The release of JBang 0.104.0 provides: installation of JDK 17 by default, but with continued support for a minimal version of JDK 8; experimental support for Java modules; and the ability to download remote files on the command line and replace them with file references.
Gradle
Gradle 7.6.1, the first patch release fixes issues such as: adding a dependency to a platform is not possible in the new dependency block using the Kotlin DSL; increased memory usage using the -p option; and fully remove references to "safe credentials" in the Gradle documentation to correctly document the risks of having credentials included in configuration cache entries. Further details on this release may be found in the release notes.
Gradle 6.9.4, the fourth patch release, fixes issues such as: equivalent excludes in a dependency graph that may cause unnecessary graph mutations; and trusted Gnu Privacy Guard (GPG) keys should only accept 160-bit fingerprints. More details on this release may be found in the release notes.