This week's Java roundup for October 2nd, 2023, features news from OpenJDK, JDK 22, Azul Code Inventory, Spring Shell 3.1.4, 3.0.8 and 2.1.13, JNoSQL 1.0.2, Quarkus 3.4.2, Micronaut 4.1.3, Hibernate Search 6.2.2, PrimeFaces 12.0.6, 11.0.12, 10.0.19 and 8.0.24, Maven 3.9.5, Camel 3.20.7, Tomcat Native 1.2.39, Testcontainers 1.19.1, JBang 0.111.0, Gradle 8.4, QCon San Francisco and Devoxx Belgium.
Open JDK
JEP 454, Foreign Function & Memory API, has been promoted from Candidate to Proposed to Target for JDK 22. This JEP proposes to finalize this feature after two rounds of incubation and three rounds of preview: JEP 412, Foreign Function & Memory API (Incubator), delivered in JDK 17; JEP 419, Foreign Function & Memory API (Second Incubator), delivered in JDK 18; JEP 424, Foreign Function & Memory API (Preview), delivered in JDK 19; JEP 434, Foreign Function & Memory API (Second Preview), delivered in JDK 20; and JEP 442, Foreign Function & Memory API (Third Preview), to be delivered in the upcoming GA release of JDK 21. Improvements since the last release include: a new Enable-Native-Access manifest attribute that allows code in executable JARs to call restricted methods without the use of the --enable-native-access flag; allow clients to programmatically build C function descriptors, avoiding platform-specific constants; improved support for variable-length arrays in native memory; and support for multiple charsets in native strings. The review is expected to conclude on October 11, 2023.
JEP 459, String Templates (Second Preview), has been promoted from its JEP Draft 8314219 to Candidate status to provide a second preview from the first round of preview: JEP 430, String Templates (Preview). This JEP proposes to enhance the Java programming language with string templates, string literals containing embedded expressions, that are interpreted at runtime where the embedded expressions are evaluated and verified. More details on JEP 430 may be found in this InfoQ news story.
JEP 458, Launch Multi-File Source-Code Programs, was promoted from its JEP Draft 8304400 to Candidate status. This JEP proposes to enhance the Java Launcher to execute an application supplied as one or more files of Java source code. This allows a more gradual transition from small applications to larger ones by postponing a full-blown project setup.
JEP Draft 8316779, Null-Restricted Value Class Types (Preview), was updated to rename this draft from its original Value Object Storage Enhancements (Preview). Under the auspices of Project Valhalla, this JEP introduces null-restricted storage of value objects in fields and array components. "These variables are initialized to an initial instance of the class and reject attempts to write a null value. They can be optimized with compact, flattened object encodings."
JDK 22
Build 18 of the JDK 22 early-access builds was made available this past week featuring updates from Build 17 that include fixes to various issues. Further details on this build may be found in the release notes.
For JDK 22, developers are encouraged to report bugs via the Java Bug Database.
Azul
At Devoxx Belgium this past week, Azul introduced their new product, Code Inventory, a new feature under Azul Vulnerability Detection that provides developers and DevOps teams "a precise catalog of the source code actually used in production by Java applications, making it easy to accurately identify dead and unused code for removal."
Spring Framework
Versions 3.1.4, 3.0.8 and 2.1.13 of Spring Shell have been released featuring a new property, spring.shell.context.close, to close context requests after Shell has completed its execution logic. These releases are built on Spring Boot 3.1.4, 3.0.11 and 2.7.16, respectively. More details on these releases may be found in the release notes for version 3.1.4, version 3.0.8 and version 2.1.13.
Eclipse JNoSQL
The release of Eclipse JNoSQL 1.0.2 delivers bug fixes, improvements in documentation and the addition of JNoSQL Lite, a new option that provides an alternative to the traditional JNoSQL framework. Developers can now avoid reflection and read Java metadata annotations through the Java Annotation processor. Eclipse JNoSQL is the compatible implementation to the Jakarta NoSQL specification. Further details on this release may be found in the release notes and this technical article.
Quarkus
Quarkus 3.4.2, the second maintenance release, delivers improvements in documentation, dependency upgrades and notable bug fixes such as: Quarkus 3.4.1 fails to start in dev mode; a ExceptionInInitializerError due to gRPC interceptors lookup in Micrometer binders; and a ClassCastException with RESTEasy reactive and a Jersey client. More details on this release may be found in the release notes.
Micronaut
The Micronaut Foundation has released Micronaut Framework 4.1.3 featuring Micronaut Core 4.1.8 and updates to modules: Micronaut Oracle Cloud, Micronaut Serialization, and Micronaut SQL. Further details on this release may be found in the release notes.
Hibernate
The release of Hibernate Search 6.2.2.Final provides: bug fixes; adds compatibility with Elasticsearch 8.10 and OpenSearch 2.10: deprecates the ~ operator in regular expression predicates; and dependency upgrades to Hibernate ORM 6.2.9.Final for the -orm6 artifacts, Elasticsearch client 8.10.2, Jackson 2.15.2 and Avro 1.11.3. More details on this release may be found in the release notes.
PrimeFaces
Versions 12.0.6, 11.0.12, 10.0.19 and 8.0.24 of PrimeFaces have been released that address two security fixes: CVE-2022-45688, a vulnerability in which a denial-of-service attack is possible due to an attacker crafting JSON or XML data that will cause a stack overflow from the toJSONObject() method of the XML class in Hutool 5.8.10; and CVE-2020-7746, a vulnerability in which a prototype pollution is possible due to an attacker taking advantage of the options parameter, not properly sanitized, in Chart.js 2.9.4 when it is processed. New features include: an Ajax request should provide information if response was a redirect to the next dialog box; eliminate hiding the AjaxStatus facet when an Ajax request leads to a redirect; and a dependency upgrade to Chart.js 3.9.1. Further details on these releases may be found in the changelogs for version 12.0.6, version 11.0.12, version 10.0.19 and version 8.0.24.
Apache Software Foundation
The release of Apache Maven 3.9.5 delivers one bug fix, a dependency upgrade to Maven Artifact Resolver 1.9.16, and notable changes such as: an un-deprecation of wrongly deprecated repository metadata; support for ${project.basedir} in file profile activation; and colorization of download transfer messages. More details on this release may be found in the release notes.
Apache Camel 3.20.7 has been released featuring bug fixes, dependency upgrades and improvements such as: environment variables with the name 'secret' are now masked in logs; prevent the usage of proxy protocol in producer endpoint; and improved support for Mappers defined as abstract classes to allow for unwanted instances of the TypeConverters interface to be registered for the equals() and wait() methods. Further details on this release may be found in the release notes.
The release of Apache Tomcat Native 1.2.39 features: disabling the Online Certificate Status Protocol (OCSP) if the insecure optionalNoCA certificate verification option is used; and the binaries for Windows have been built with OpenSSL 3.0.11. More details on this release may be found in the changelog.
Testcontainers for Java
Testcontainers for Java 1.19.1 was released with notable changes such as: the ability to define a custom ImagePullPolicy interface via configuration; override the toString() method of the ImageNameSubstitutor class to return the value set in the getDescription() method; and independently log the image pull and container startup times.
JBang
The release of JBang 0.111.0 provides: support for Groovy 4.0; a display of integration errors when the --verbose command line parameter is used; a check that a manifest exists before an attempt to read from it; and ensure that alias settings are properly applied.
Gradle
Gradle 8.4 has been released featuring two security fixes: a vulnerability in which an incorrect permission assignment for symbolic linked files used in copy or archiving operations can lead to unintended permissions that are world readable and writable; and a vulnerability in which resolving XML external entities that are not disabled while parsing XML files can lead to exfiltration of local text files to a remote server. New features include: initial support for JDK 21 only to compile, test, and run Gradle projects since Kotlin does not yet support JDK 21; improved compilation on Windows OS; a simplified way to create role-focused instances of the Configuration interface using the ConfigurationContainer interface; and improved support for the Kotlin DSL. Further details on this release may be found in the release notes.
QCon San Francisco
The 17th annual QCon San Francisco conference was held at the Hyatt Regency in San Francisco, California. This five-day event is organized by C4Media, a software media company focused on unbiased content and information in the enterprise development community and creators of InfoQ and QCon. The conference consisted of three days of presentations and two days of workshops. Daily recaps of the presentations can be found for Day One, Day Two and Day Three.
Devoxx Belgium
Devoxx Belgium, celebrating its 20th year, was also held at the Kinepolis Antwerp in Antwerp, Belgium, featuring speakers from the Java community presenting in tracks such as: Java, Server-Side Java, Architecture, Development Practices, Data & AI, Security and UI & UX.