This week's Java roundup for March 18th, 2024, features news highlighting: the GA release of JDK 22, GraalVM for JDK 22, the proposed release schedule for JDK 23, JDK Mission Control 9.0, BellSoft Liberica JDK and Azul Zulu for JDK 22.
OpenJDK
JEP 466, Class-File API (Second Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes a second round of preview to obtain feedback from the previous round of preview: JEP 457, Class-File API (Preview), delivered in JDK 22. This feature provides an API for parsing, generating, and transforming Java class files. This will initially serve as an internal replacement for ASM, the Java bytecode manipulation and analysis framework, in the JDK with plans to have it opened as a public API. Goetz has characterized ASM as "an old codebase with plenty of legacy baggage" and provided background information on how this draft will evolve and ultimately replace ASM. The review is expected to conclude on March 27, 2024.
The release of JDK Mission Control 9.0.0 delivers bug fixes and enhancements and new features such as: support for Eclipse 4.30, Linux/AArch64 and dark mode; user configuration for local JVM refresh interval that replaces the default 5000ms interval; and improved JFR parser performance. The Mission Control client is now built to run optimally on Eclipse 2023-12 and later. InfoQ will follow up with a more detailed news story.
JDK 22
Oracle has released version 22 of the Java programming language and virtual machine, which ships with a final feature set of 12 JEPs. More details may be found in this InfoQ news story.
JDK 23
Build 15 of the JDK 23 early-access builds was made available this past week featuring updates from Build 14 that include fixes for various issues. Further details on this release may be found in the release notes.
Mark Reinhold, chief architect, Java Platform Group at Oracle, formally proposed the release schedule for JDK 23 as follows:
- Rampdown Phase One (fork from main line): June 6, 2024
- Rampdown Phase Two: July 18, 2024
- Initial Release Candidate: August 8, 2024
- Final Release Candidate: August 22, 2024
- General Availability: September 17, 2024
The review period for this proposed schedule is expected to conclude on March 27, 2024.
GraalVM
In conjunction with the release of JDK 22, GraalVM for JDK 22 has also been released by Oracle Labs. New features include: experimental support for the Foreign Function & Memory API; support for the NATIVE_IMAGE_OPTIONS
environment variable that allows users and tools to pass additional arguments via the environment; and improved the Native Image agent tracking calls mechanism. More details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.
Amazon Corretto
Amazon has released Amazon Corretto 22, their downstream distribution of OpenJDK 22, which is available on Linux, Windows, and macOS. Developers may download this latest version from this site.
BellSoft Liberica JDK
Similarly, BellSoft has released Liberica JDK 22, their downstream distribution of OpenJDK 22. Developers may download this latest version from this site.
In conjunction with the release of JDK 22 and GraalVM for JDK 22, BellSoft has also released Liberica Native Image Kit 24.0.0. Changes include: the elimination of the Core Package in favor of using the Standard Package; the Standard Package and Full Package are used for Java applications only (with or without JavaFX); and improved SubstrateVM monitor enter/exit routines for accelerated startup of native images.
GlassFish
The third release candidate of GlassFish 8.0.0 delivers bug fixes and notable changes such as: improvements in the loading options of the Admin Console; a rewrite of the GlassFishORBHelper
class to a singleton class; and a refactor of the GlassFish events and dispatching processing. Further details on this release may be found in the release notes.
Spring Framework
The third milestone release of Spring Boot 3.3.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: a new actuator endpoint, /actuator/sbom
, to expose a list of all available SBOMs; support for loading of base 64 encoded values from the environment; and a new getUndertow()
method added to the UndertowWebServer
class to align with the existing getTomcat()
method defined in the TomcatWebServer
class. More details on this release may be found in the release notes.
Similarly, versions 3.2.4 and 3.1.0 of Spring Boot 3.2.4 have been released featuring dependency upgrades and notable bug fixes such as: a failure on WindowsOS when resolving an instance of the BuildpackReference
class created from a URL-like String; missing thread name prefixes when using virtual threads; and a report of a successful Tomcat shutdown when it has been aborted. Further details on these releases may be found in the release notes for version 3.2.4 and version 3.1.10.
Versions 6.3.0-M3, 6.2.3, 6.1.8, 6.0.10, 5.8.11 and 5.7.12 of Spring Security have been released featuring bug fixes and dependency upgrades for all five versions. New features in the milestone release include: a new method, setContinueOnError()
, and corresponding field, continueOnError
, added to the DelegatingReactiveAuthenticationManager
class to support improved handling of a failed authorizations; and new classes, DelegatingAuthenticationConverter
and DelegatingServerAuthenticationConverter
, to [a] iterate over multiple implementations of the AuthenticationConverter
interface to find the first non-null implementation of the Authentication
interface, and [b] delegate to other implementations of the ServerAuthenticationConverter
interface, respectively. More details on these releases may be found in the release notes for version 6.3.0-M3, version 6.2.3, version 6.1.8, version 5.8.11 and version 5.7.2.
The third milestone release of Spring Session 3.3.0 provides bug fixes, dependency upgrades and new features such as: allow an implementation of the PlatformTransactionManager
interface to be specified using the @SpringSessionTransactionManager
annotation to prevent an application from not starting when there are multiple implementations of the TransactionManager
interface; and a new SpringSessionBackedReactiveSessionRegistry
class that retrieves session information from Spring Session, rather than maintaining it itself. Further details on this release may be found in the release notes.
Similarly, versions 3.2.2 and 3.1.5 of Spring Session have been released that ship with bug fixes, dependency upgrades and the same new aforementioned feature related to the PlatformTransactionManager
interface. More details on these releases may be found in the release notes for version 3.2.2 and version 3.1.5.
Versions 3.2.3 and 3.1.10 of Spring Shell have been released featuring notable changes such as: a resolution to a failure of a non-interactive test example due to a duplicated help argument; a new class, SpringSigningPlugin
, to enable signing snapshot releases; and an upgrade to Gradle 8.6. These versions build upon Spring Boot 3.2.4 and 3.1.10, respectively. Further details on these releases may be found in the release notes for version 3.2.3 and version 3.1.10.
Version 6.3.0-M2, 6.2.3 and 6.1.7 of Spring Integration have been released featuring bug fixes and dependency upgrades. All three versions share a notable change in which the ObservationPropagationChannelInterceptor
class has been deprecated due to it not properly propagating an observation. Instead, developers are encouraged to enable an observation on a channel and target an implementation of the MessageHandler
interface which is a consumer of the channel. More details on this release may be found in the release notes for version 6.3.0-M2, version 6.2.3 and version 6.1.7.
The third milestone release of Spring Authorization Server 1.3.0 delivers dependency upgrades and new features such as: an implementation of OAuth 2.0 token exchange; and support for the PKI Mutual-TLS client authentication method. Further details on this release may be found in the release notes.
Similarly, versions 1.2.3, 1.1.6 and 1.0.6 of Spring Authorization Server have been released featuring dependency upgrades and a resolution to CVE-2024-22258, PKCE Downgrade in Spring Authorization Server, a vulnerability in which an application is susceptible to a PKCE downgrade attack when a confidential client uses PKCE for the authorization code grant. The application is not susceptible if a public client is used. More details on these releases may be found in the release notes for version 1.2.3 and version 1.1.6.
The third milestone release of Spring Modulith 1.2.0 ships with bug fixes, improvements in documentation, dependency upgrades and new features such as: the addition of a condition
field to the @ApplicationModuleListener
annotation to accommodate scenarios where a listener is meant to handle an event only if the event meets certain criteria; and support for open application modules and package information types. Further details on this release may be found in the release notes.
The release of Spring for Apache Pulsar 1.0.4 features dependency upgrades and a bug fix in which a producer cache becomes ineffective when an implementation of the ProducerBuilderCustomizer
interface is configured. More details on this release may be found in the release notes.
Versions 3.2.0-M2, 3.1.3 and 3.0.15 of Spring for Apache Kafka have been released to provide bug fixes, improvements in documentation, dependency upgrades and notable changes such as: a resolution inconsistency related to the Java ConcurrentModificationException
simultaneously invoking the setStoppedNormally()
and isInExpectedState()
methods defined in the KafkaMessageListenerContainer
and ConcurrentMessageListenerContainer
classes, respectively; the addition of a missing receiveBatch()
method to the ReactiveKafkaConsumerTemplate
class to return an implementation of the Project Reactor KafkaReceiver
interface. Further details on these releases may be found in the release notes for version 3.2.0-M2, version 3.1.3 and version 3.0.15.
Quarkus
Quarkus 3.8.3, second maintenance release (version 3.8.0 was skipped), features notable changes such as: a resolution to a flaky Hibernate schema validation that fails due to missing tables while the tables are actually present; properly support sending an instance of the Java InputStream
in REST Client; and a resolution to an incompatibility between SmallRye Mutiny and the Quarkus OpenTelemetry package. More details on this release may be found in the changelog.
The Quarkus team has announced that they have incorporated a new naming strategy for some of their extensions, especially those that contain the name "reactive" for improved clarity. The team has found that using "reactive" in their extensions has caused confusion and misunderstanding such that developers were led to believe this meant reactive programming. Among the name changes:
- Quarkus RESTEasy Reactive becomes Quarkus REST
- Quarkus SmallRye Reactive Messaging becomes Quarkus Messaging
- Quarkus REST Client Reactive becomes Quarkus REST Client
The Quarkus Hibernate Reactive extension, for example, will retain its "reactive" terminology because it inherently pushes for a reactive programming model.
Micronaut
The Micronaut Foundation has released version 4.3.7 of the Micronaut Framework featuring Micronaut Core 4.3.12, bug fixes, improvements in documentation, and updates to modules: Micronaut Security and Micronaut Maven Plugin. Further details on this release may be found in the release notes.
Eclipse Foundation
The release of Eclipse Store 1.3.1 ships with bug fixes and new features such as: a new CDI extension; a REST service for Eclipse Store; and improvements to Spring Boot configuration. More details on this release may be found in the release notes.
Version 4.5.6 of Eclipse Vert.x has been released delivering notable changes such as: a refactor of the absoluteURI()
method defined in the HttpUtils
class that checks the format of the request URI instead of using the JDK URI
parser to validate; and a resolution to an IllegalStateException
due to the isValid()
method defined in the Origin
class rejecting the chrome-extension
scheme. Further details on this release may be found in the release notes.
Apache Software Foundation
Versions 11.0.0-M18 and 9.0.87 of Apache Tomcat ship with notable changes such as: ensure that the URI, query string and protocol are not corrupted when restoring a saved POST
request body after a successful FORM
authentication; and align error handling for the Writer
and OutputStream
classes to ensure the use of either class once the response has been recycled triggers a NullPointerException
provided that discardFacades
is configured with the default value of true
. For the milestone release, the team decided to reduce the minimal Java version to JDK 17. More details on these releases may be found in the release notes for version 11.0.0-M18 and version 9.0.87.
The release of Maven 4.0.0-alpha-13 provides bug fixes, dependency upgrades and new features/improvements such as: an update the OperatingSystemProfileActivator
class to allow for the use of wildcards in specifying the operating system version; and an improved Dependency Injection API. Further details on this release may be found in the release notes.
Hibernate
The first release candidate of Hibernate ORM 6.5.0 delivers bug fixes and improvements such as: improved use of Java time objects and timezone offsets that are now directly marshaled through the JDBC driver as defined by JDBC 4.2; a new layout to configure the format in which query results are stored in the query cache; and support for a Java record to be used as a parameter in the Jakarta Persistence @IdClass
annotation. This release also provides a technical preview of the new Jakarta Data specification based on the Hibernate annotation processor.
Infinispan
Red Hat released version 2.4.0 of Infinispan Operator 2.4.0, an in-memory data store, based on the recent release of Infinispan 15.0.0. New features include: the ability to configure Health Check Readiness, Liveness and Startup probe values; a simplification of the JGroups configuration to use a "Kubernetes" stack provided by Infinispan server; and improvements to Cross-Site Replication to use TLSv1.3 and TLS client authentication by default.
Version 14.0.27.Final of Infinispan provides notable changes such as: a dependency upgrade of PostgreSQL driver 42.4.5; avoid stopping the server due to an error with Infinispan Insights; and a proper check for null
on an instance of the InsightsService
class upon stopping the cache manager. More details on this release may be found in the release notes.
JobRunr
The JobRunr team has announced a partnership with MindWave to integrate carbon-aware job scheduling capabilities into the JobRunr platform. Scheduled for a formal release in 3Q2024, this marks a significant step forward in their mission that will "merge cutting-edge technology with environmental stewardship." This feature will be available in both JobRunr and JobRunr Pro products.
JHipster
The release of JHipster 8.2.1 features bug fixes, dependency upgrades and new features such as: an update to the @AuthorizedFeignClient
annotation to use the Spring Cloud OpenFeign dismiss404
instead of deprecated decode404
property; the addition of the Gradle Cucumber convention plugin; and generate the initial files for Gradle convention plugin usage. Further details on this release may be found in the release notes.
Similarly, version 1.6.0 of JHipster Lite has been released to deliver bug fixes, dependency upgrades and new features/enhancements such as: use of the Kafka official Docker image without ZooKeeper; improved handling of dependencies exclusions; and a performance boost by replacing string literals with character literals when using the overloaded indexOf()
and lastIndexOf()
methods defined in the Java String
class. More details on this release may be found in the release notes.
Ktor
The JetBrains team has released the 2024 roadmap for Ktor, the asynchronous framework for creating microservices and web applications, with a goal to maintain the framework as lightweight, flexible and transparent. New features to be released in 2024 include: OpenTelemetry plugins; gRPC-based services; a migration to Kotlinx-io, a multiplatform Kotlin library providing basic I/O primitives, in Ktor 3.0.0; support for managed transactions; and simplified dependency injection.
jFUSE
Cryptomator, creator of a multi-platform transparent client-side encryption of user files in the cloud, has introduced a production-ready version of jFUSE, a utility to develop FUSE filesystems in Java. jFUSE takes advantage of the Foreign Function & Memory API, a finalized feature included in the recent release of JDK 22. FUSE (Filesystem in Userspace) is an interface for userspace programs to export a filesystem to the Linux kernel.
Gradle
Gradle 8.7 has been released featuring: support for Java 22 for compiling, testing, and running JVM-based projects; build cache improvements for Groovy DSL script compilation; and improvements to lazy configuration, error and warning messages, the configuration cache, and the Kotlin DSL. Further details on this release may be found in the release notes.