This week's Java roundup for July 15th, 2024, features news highlighting: JDK 23 in Rampdown Phase Two: the July 2024 Payara Platform release; Graal Development Kit for Micronaut 4.5.0; GraalVM for JDK 22 Community 22.0.2; JSpecify 1.0.0, MicroProfile 7.0-RC1, Open Liberty 24.0.0.7; and the July 2024 Oracle Critical Patch Update.
OpenJDK
After its review had concluded, JEP 472, Prepare to Restrict the Use of JNI, has been promoted from its Proposed to Target to Targeted for JDK 24. The JEP proposes to restrict the use of the inherently unsafe Java Native Interface (JNI) in conjunction with the use of restricted methods in the Foreign Function & Memory (FFM) API, delivered in JDK 22. The alignment strategy, starting in the upcoming release of JDK 23, will have the Java runtime display warnings about the use of JNI unless an FFM user enables unsafe native access on the command line. It is anticipated that in release after JDK 23, using JNI will throw exceptions instead of warnings. More details may be found in this InfoQ news story.
Oracle has released versions 22.0.2, 21.0.4, 17.0.12, 11.0.24 and 8u421 of the JDK as part of the quarterly Critical Patch Update Advisory for July 2024. More details on this release may be found in the release notes for version 22.0.2, version 21.0.4, version 17.0.12, version 11.0.24 and version 8u421.
JDK 23
Build 33 and Build 32 of the JDK 23 early-access builds were made available this past week featuring updates from Build 31 that include fixes for various issues. Further details on this release may be found in the release notes, and details on the new JDK 23 features may be found in this InfoQ news story.
As per the JDK 23 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, formally declared that JDK 23 has entered Rampdown Phase Two. This means that: no additional JEPs will be added for JDK 23; and there will be a focus on the P1 and P2 bugs which can be fixed via the Fix-Request Process. Late enhancements are still possible, with the Late-Enhancement Request Process, but Reinhold states that "the bar is now extraordinarily high." The final set of 12 features for the GA release in September 2024 will include:
- JEP 455: Primitive Types in Patterns, instanceof, and switch (Preview)
- JEP 466: Class-File API (Second Preview)
- JEP 467: Markdown Documentation Comments
- JEP 469: Vector API (Eighth Incubator)
- JEP 471: Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal
- JEP 473: Stream Gatherers (Second Preview)
- JEP 474: ZGC: Generational Mode by Default
- JEP 476: Module Import Declarations (Preview)
- JEP 477: Implicitly Declared Classes and Instance Main Methods (Third Preview)
- JEP 480: Structured Concurrency (Third Preview)
- JEP 481: Scoped Values (Third Preview)
- JEP 482: Flexible Constructor Bodies (Second Preview)
More details on all of these new features may be found in this InfoQ news story.
JDK 24
Build 7 of the JDK 24 early-access builds was also made available this past week featuring updates from Build 6 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 23 and JDK 24, developers are encouraged to report bugs via the Java Bug Database.
GraalVM
Oracle Labs has released version 4.5.0 of the Graal Development Kit for Micronaut featuring alignment with Micronaut 4.5.0. Formerly known as Graal Cloud Native, the Graal Development Kit for Micronaut provides a curated set of Micronaut framework modules that simplify cloud application development. These are designed to compile ahead-of-time with GraalVM Native Image and fully supported by Oracle. More details on this release may be found in the release notes.
The release of GraalVM for JDK 22 Community 22.0.2, also from Oracle Labs, features fixes based on the Oracle Critical Patch Update for July 2024. These include resolutions to: improved strip mining optimization to not strip mine loops with successors of CaptureStateBegin; inaccurate values reported in the GCHeapSummary JFR event; and a number of OutOfMemoryError-related issues. More details on this release may be found in the release notes.
BellSoft
Concurrent with Oracle's Critical Patch Update (CPU) for July 2024, BellSoft has released CPU patches for versions 21.0.3.0.1, 17.0.11.0.1, 11.0.23.0.1, 8u421 of Liberica JDK, their downstream distribution of OpenJDK, to address this list of CVEs. In addition, Patch Set Update (PSU) versions 22.0.2, 21.0.4, 17.0.12, 11.0.24 and 8u422, containing CPU and non-critical fixes, have also been released.
With an overall total of 1352 fixes and backports, BellSoft states that they have participated in eliminating 32 issues in all releases.
Spring Framework
It was a busy week over at Spring as the various teams have delivered numerous milestone and point releases on Spring Boot, Spring Framework, Spring Security, Spring for GraphQL, Spring Session, Spring Integration, Spring Modulith, Spring AMQP, Spring for Apache Kafka and Spring for Apache Pulsar. More details may be found in this InfoQ news story.
Payara
Payara has released their July 2024 edition of the Payara Platform that includes Community Edition 6.2024.7 and Enterprise Edition 6.16.0 and Enterprise Edition 5.65.0. All three editions feature: a more streamlined Hazelcast configuration by adding support for the YAML format; and a new "Auto Name Deployment Group" feature that simplifies the naming process for deployment groups to reduce manual effort and potential errors.
Enterprise Edition 5.65.0 also features an improved OpenID authentication security with the addition of the extraParametersExpression parameter added to the @OpenIdAuthenticationDefinition annotation for greater flexibility and control over the authentication process.
Further details on these releases may be found in the release notes for Community Edition 6.2024.7 and Enterprise Edition 6.16.0 and Enterprise Edition 5.65.0.
Quarkus
Quarkus 3.12.3, the third maintenance release in the 3.12 release train, provides notable changes such as: use of the Java SecureDirectoryStream interface to avoid file system problems and to fix other minor issues in the IoUtils class; and improvements in the InputCollectionOutputCollectionLambdaTest class to correct parsing of collections in AmazonLambdaRecorder class. More details on this release may be found in the changelog.
Red Hat has also announced that their next long-term support (LTS) version, scheduled for September 2024, will be Quarkus 3.15, the direct continuation of the version 3.14 branch. Red Hat started LTS releases with Quarkus 3.2 and plans to use the same strategy that they inaugurated for Quarkus 3.8, their second LTS version released in February 2024. That strategy is to ensure that the LTS release is rock solid from the start.
Open Liberty
IBM has released version 24.0.0.7 of Open Liberty that introduces MicroProfile Config properties for MicroProfile 3.0 and 4.0 that are used for configuring statistics that are tracked and displayed by the histogram and timer metrics. These changes, already available in MicroProfile Metrics 5.1, can define a custom set of percentiles as well as a custom set of histogram buckets for the histogram and timer metrics.
This release also introduces a new training course, Essentials for Cloud-Native Java Application Development, that teaches essential skills and technologies to create a basic cloud-native Java application with Open Liberty.
MicroProfile
The first release candidate of MicroProfile 7.0 has been made available to the Java community this past week. Scheduled for a GA release in early August 2024, there are four specifications will provide updates for MicroProfile 7.0, namely: MicroProfile Telemetry 2.0; MicroProfile Fault Tolerance 4.1; MicroProfile Rest Client 4.0; and MicroProfile OpenAPI 4.0. More details on this release may be found in the MicroProfile 7.0-RC1 specification.
Eclipse Foundation
The release of Eclipse Vert.x 4.5.9 features notable changes such as: a deprecation of the overloaded pool(Vertx, JsonObject) and pool(Vertx, DataSource, JsonObject) methods, defined in the JDBCPool interface, in favor of the pool(Vertx, JDBCConnectOptions, PoolOptions) method; and a resolution to the HTTP server incorrectly reporting metrics from non event-loop thread writes. More details on this release may be found in the release notes along with a list of deprecations and breaking changes..
Apache Software Foundation
The release of Apache Tomcat 10.1.26 delivers notable changes such as: move OpenSSL support using JEP 454, Foreign Function & Memory API, to a separate JAR named tomcat-coyote-ffm.jar that advertises Java 22 in its manifest; ensure that the include directives in a tag file, both absolute and relative, are processed correctly when packaging in a JAR file; and expand the implementation of the filter value of the AuthenticatorBase.AllowCorsPreflight inner enum class in conjunction with the allowCorsPreflightBypass() method, defined in the AuthenticatorBase class, so that it applies to all requests that match the configured URL patterns for the CORS filter, rather than only applying if the CORS filter is mapped to /*. More details on this release may be found in the release notes.
JSpecify
Almost two years since being introduced to the Java community, version 1.0.0 of JSpecify, a standard annotations utility for Java static analysis, has been released featuring final versions of these original annotations - @Nullable, @NonNull, @NullMarked and @NullUnmarked - with a promise to never make backwards-incompatible changes to them. Developers can get started by visiting their usage page. InfoQ will follow up with a more detailed news story.
JHipster
Versions 1.13.0 and 1.12.0 of JHipster Lite ships with bug fixes, dependency upgrades and new features/enhancements such as: function and method names should comply with the preferred naming convention; ensure that the logger classes are private static final; and numerous Sonar enhancements to maintain top quality 100% coverage. More details on these releases may be found in the release notes for version 1.13.0 and version 1.12.0.
JetBrains
The second beta release of JetBrains Ktor 3.0.0, the asynchronous framework for creating microservices and web applications, provides bug fixes and improvements such as: support for handling HTTP failures in server-side events; a new Ktor client for Ktor Wasm; and allow setting the Secure flag for cookies on localhost. More details on this release may be found in the release notes.
Infinispan
The second development release of Infinispan 15.1.0 provides resolutions to notable issues such as: a resolution to a MarshallingException when executing a non-indexed delete statement; and a SQLServerException in JDBC Store when the purgeExpired() method, defined in the JdbcStringBasedStore class, is called. More details on this release may be found in the list of issues.
Testcontainers for Java
The release of Testcontainers for Java 1.20.0 delivers bug fixes, improvements in documentation and new features/enhancements such as: support for building arguments in a SQL FROM statement; the ability to load instances of the ImageNameSubstitutor class from the service loaders mechanism; and the ability to copy specific files to a Docker Compose file. More details on this release may be found in the release notes.
JDKMon
Versions 21.0.5 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, this new version features: resolutions to issues with CVE detection and JDKMon updates; dependency upgrades; and a migration to Gradle 8.9. More details on this release may be found in the release notes.
Jox
The release of Jox 0.3.0, a virtual threads library that implements an efficient Channel data structure in Java designed to be used with virtual threads, features a new structured concurrency module to align with JDK 21. More details on this release may be found in the release notes.