This week's Java roundup for September 11th, 2023, features news from OpenJDK, JCP, JDK 22, JDK 21, Payara Platform, Eclipse Epicyro, Grails Plugin Portal and milestone and point releases for: Spring Framework, Spring Data, Spring Tools, Quarkus, Micronaut, Helidon, MicroProfile Telemetry, Groovy, Camel Quarkus, Micrometer Metrics and Tracing, Piranha, JobRunr, JHipster Lite and Project Reactor.
OpenJDK
JEP 454, Foreign Function & Memory API, has been promoted from its JEP Draft 8310626 to Candidate status this past week. This JEP proposes to finalize this feature after two rounds of incubation and three rounds of preview: JEP 412, Foreign Function & Memory API (Incubator), delivered in JDK 17; JEP 419, Foreign Function & Memory API (Second Incubator), delivered in JDK 18; JEP 424, Foreign Function & Memory API (Preview), delivered in JDK 19; JEP 434, Foreign Function & Memory API (Second Preview), delivered in JDK 20; and JEP 442, Foreign Function & Memory API (Third Preview), to be delivered in the upcoming GA release of JDK 21. Improvements since the last release include: a new Enable-Native-Access manifest attribute that allows code in executable JARs to call restricted methods without the use of the --enable-native-access flag; allow clients to programmatically build C function descriptors, avoiding platform-specific constants; improved support for variable-length arrays in native memory; and support for multiple charsets in native strings.
Java Community Process
At a special event hosted by the New York Java Special Interest Group and Garden State Java User Group on September 13, 2023, at the Bank of New York Mellon in New York City, industry experts from the Java Community Process (JCP) Executive Committee (EC) participated in a panel discussion to reveal their favorite JCP EC memory and their favorite features from the upcoming GA release of JDK 21. Included in the festivities was a JDK 21 presentation by Dmitry Chuyko, performance architect at Bellsoft, and a 25th anniversary celebration of the JCP. More details on this event may be found in this InfoQ news story.
JDK 21
Build 35 remains the current build in the JDK 21 early-access builds. Further details on this build may be found in the release notes.
JDK 22
Build 15 of the JDK 22 early-access builds was made available this past week featuring updates from Build 14 that include fixes to various issues. More details on this build may be found in the release notes.
For JDK 22 and JDK 21, developers are encouraged to report bugs via the Java Bug Database.
Spring Framework
After two quiet previous weeks over at Spring, the team has provided point and milestone releases for Spring Framework, Spring Data and Spring Tools.
The fifth milestone release of Spring Framework 6.1.0 ships with bug fixes, dependency upgrades and a host of new features such as: instrument the new RestClient interface for observability; reinstate support for the legacy @ManagedBean annotation defined in JSR-250, Common Annotations for the Java Platform, and the @Named annotation defined in JSR 330, Dependency Injection for Java, to complement their Jakarta Annotations versions for improved migration of projects to Spring 6.0 and beyond; and a revision of the method signatures defined in the JdbcTestUtils class to accept instances of the JdbcOperations interface instead of the JdbcTemplate class. Further details on this release may be found in the release notes.
Similarly, versions 6.0.12 and 5.3.30 and of Spring Framework have been released featuring bug fixes, dependency upgrades and new features such as: an optimization of the getMostSpecificMethod() method defined in the ClassUtils class; an optimization of whitespace checks in the StringUtils class; and an elimination of redundant lookups of classes and annotation causing performance bottlenecks while creating instances of scoped beans. More details on these releases may be found in the release notes for version 6.0.12 and version 5.3.30.
The third milestone release of Spring Data 2023.1.0, codenamed Vaughn, delivers notable changes such as: support for JDK 21; use of virtual threads via configuration of the Java Executor interface; support for Kotlin value classes; and single query loading for Spring Data JDBC. Further details on this release may be found in the release notes.
Similarly, versions 2023.0.4, 2022.0.10 and 2021.2.16, all service releases of Spring Data, feature bug fixes and dependency upgrades to sub-projects such as: Spring Data Commons 3.1.4, 3.0.10 and 2.7.14; Spring Data MongoDB 4.1.4, 4.0.10 and 3.4.16; Spring Data Elasticsearch 5.1.4, 5.0.10 and 4.4.16; and Spring Data Neo4j 7.1.4, 7.0.10 and 6.3.16.
The release of Spring Tools 4.20.0 for Eclipse, Visual Studio Code and Theia ship with: a number of bug fixes; support for Eclipse IDE 2023-09; and improved Java reconciling support to show Spring-specific validations, re-built from the ground up, tuned for high performance to work seamlessly in large code bases. More details on this release may be found in the release notes.
Payara
Payara has released their September 2023 edition of the Payara Platform that includes Community Edition 6.2023.9, Enterprise Edition 6.6.0 and Enterprise Edition 5.55.0 featuring security fixes to address: CVE-2017-12617, a vulnerability in various Apache Tomcat versions with HTTP PUT enabled, where an attacker could upload a specially-crafted requested JSP file to the server such that any code it contained would be executed by the server; and CVE-2023-1370, a vulnerability in Json-smart where parsing too many nested JSON structured arrays and objects, due to no defined limit, could cause a stack overflow and crash the software. Improvements included: a removal of the obsolete methods, getEnvironment(), getCallerIdentity() and isCallerInRole(Identity) from the Jakarta EJB EJBContext interface, that were implemented in the Payara EJBContextImpl class; and improved functionality with the Hazelcast CP Subsystem. Further details on these versions may be found in the release notes for Community Edition 6.2023.9, Enterprise Edition 6.6.0 and Enterprise Edition 5.55.0.
Quarkus
Red Hat has released versions 3.3.3, 3.2.6 and 2.6.11.Final of Quarkus to address CVE-2023-4853, a vulnerability by which an attacker can bypass the HTTP security policies due to those security policies not correctly sanitizing certain character permutations when accepting requests, resulting in an incorrect evaluation of permissions. This could provide unauthorized endpoint access and a possible denial of service. More details on these releases may be found in the changelogs for version 3.3.3, version 3.2.6 and version 2.16.11.
Micronaut
The Micronaut Foundation has released version 4.1.1 of the Micronaut featuring Micronaut Core 4.1.5 and updates to modules: Micronaut Oracle Cloud, Micronaut AOT, Micronaut Data, Micronaut Kafka, Micronaut Kotlin Integrations, Micronaut Test, Micronaut Validation and Micronaut Multitenancy. Further details on this release may be found in the release notes.
Helidon
Helidon 2.6.3, a bug fix release, provides notable changes such as: replace the use of the deprecated socket() method with the namedSocket() method defined in the ServerConfiguration interface; update the requestedUri() method defined in the ServerRequest interface to correctly handle the IPv6 address format; and change the access specifier from private to public in the beforeEach() method defined in the OciMetricsDataTest class due to the documentation in the JUnit @BeforeEach annotation explicitly stating the methods must not be private or static. More details on this release may be found in the release notes.
MicroProfile
On the road to MicroProfile 6.1, version 1.1-RC3 of the MicroProfile Telemetry specification ships with a fix for a deployment issue in the JaxRsServerAsyncTestEndpoint TCK test class. Further details on this release may be found in the release notes.
Eclipse Foundation
OmniFishEE has introduced a new Eclipse EE4J project, Epicyro, that will serve as a compatible implementation of the Jakarta Authentication specification. This new project will define a general low-level SPI for authentication mechanisms, controllers that interact with a caller and a container's environment to obtain the caller's credentials. These will be validated and pass an authenticated identity (such as name and groups) to a container. Currently a milestone release, Epicyro will start with version 3.0.0 to align with Jakarta Authentication 3.0.0.
Apache Software Foundation
The second alpha release of Apache Groovy 5.0.0 delivers bug fixes, dependency upgrades and improvement such as: remove the use of the MagicAccessorImpl class that was once defined in the sun.reflect package; the JsonOutput class should handle Java records like Plain Old Groovy Objects (POGOs); and mark the main/run methods in Groovy scripts as generated by the compiler with the @Generated annotation. More details on this release may be found in the release notes.
Similarly, Apache Groovy 4.0.15 has been released with bug fixes, dependency upgrades and an improvement with the JsonOutput class that should handle Java records like POGOs. Further details on this release may be found in the release notes.
To maintain alignment with Quarkus, Camel Quarkus 3.2.0 has been released with notable resolutions to issues such as: a failed compilation for gRPC applications in dev mode; an expansion of tests covering Splunk, Saxonica and the gRPC extension; and an InvocationTargetException upon executing sanity checks with the LDAP Realm extension. More details on this release may be found in the release notes.
Grails
The Grails Foundation has introduced a redesigned Grails Plugin Portal featuring: improved search functionality; a paginated list of all plugins; a list of top-rated plugins; and the latest plugin releases. The previous version of the portal was plagued by frequent downtime, high resource utilization and slow performance.
Micrometer
Versions 1.12.0-M3, 1.11.4, 1.10.11 and 1.9.15 of Micrometer Metrics all deliver dependency upgrades and a bug fix to ensure the LongTaskTimer and FunctionTimer interfaces produce consistent data. Version 1.12.0-M3 provides new features such as: a variant of the hasAnObservationWithAKeyValue() method for use in testing with the KeyValue interface; provide a way to make decisions on use of the /actuator endpoint in Spring Security based on the parent in the ObservationPredicate interface, namely the Java BiPredicate interface; and add a timestamp to the nested Event interface defined in the Observation interface. Further details on these releases may be found in the release notes for version 1.12.0-M3, version 1.11.4, version 1.10.11 and version 1.9.15.
Similarly, versions 1.2.0-M3, 1.1.5 and 1.0.10 of Micrometer Tracing all deliver dependency upgrades and bug fixes such as: the ObservationAwareSpanThreadLocalAccessor class does not release an instance of the nested SpanAction class when the thread has completed its task; and add the ThreadLocalAccessor interface to propagate an instance of the Baggage interface with Reactor. A new feature in version 1.2.0-M3 is to allow setting of a timestamp of an event on a span. More details on these releases may be found in the release notes for version 1.2.0-M3, version 1.1.5 and version 1.0.10.
Piranha
The release of Piranha 23.9.0 delivers notable changes such as: a new PidFeature class for improved handling of process IDs; fix a testing issue with SonarCloud; and a new IsolatedWebAppFeature class for improved handling of web applications. Further details on this release may be found in their documentation and issue tracker.
JobRunr
Version 6.3.1 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released featuring notable changes: a NullPointerException in a Quarkus extension if the quarkus.jobrunr.job-scheduler.enabled property is set to false; and add missing Spring AOT hints that caused exceptions for applications using JobRunr 6.3.0 and Spring Boot 3.1.3; and the @Job annotation is not registering instances of a JobFilter interface after upgrading to Spring Boot 3.1.2 and JobRunr 6.3.0. More details on this release may be found in the release notes.
JHipster
Version 0.42.0 of JHipster Lite has been released featuring bug fixes, dependency upgrades and new features/enhancements such as: a new StatisticsCriteria class to add criteria to the /stats endpoint; the removal of an unnecessary TestNG dependency; and a new checkstyle module to check for unused imports during build. Further details on this release may be found in the release notes.
Project Reactor
The third milestone release of Project Reactor 2023.0.0 provides dependency upgrades to reactor-core 3.6.0-M3, reactor-pool 1.0.2, reactor-netty 1.1.11 and reactor-kafka 1.3.21. There was also a realignment to version 2023.0.0-M3 with the reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.
Similarly, Project Reactor 2022.0.11, the eleventh maintenance release, provides dependency upgrades to reactor-core 3.5.10, reactor-netty 1.1.11, reactor-kafka 1.3.21 and reactor-pool 1.0.2. There was also a realignment to version 2022.0.11 with the reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.