This week's Java roundup for November 11th, 2024 features news highlighting: the release of Spring Framework 6.2.0; four JEPs that have been targeted for JDK 24; two JEPs that have been proposed to target for JDK 24; three new JEP candidates; and the release of Micronaut 4.7.0 and Gradle 8.11.0.
OpenJDK
The following JEPs, having successfully completed their respective reviews, are now Targeted for JDK 24.
- JEP 495, Simple Source Files and Instance Main Methods (Fourth Preview)
- JEP 494, Module Import Declarations (Second Preview)
- JEP 492, Flexible Constructor Bodies (Third Preview)
- JEP 483, Ahead-of-Time Class Loading & Linking
- JEP 479, Remove the Windows 32-bit x86 Port
The following JEPs have been elevated to Proposed to Target for JDK 24. Their reviews are expected to conclude on November 21st, 2024.
- JEP 497, Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm
- JEP 496, Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism
Details on all of these JEPs may be found in this InfoQ news story.
JEP 501, Deprecate the 32-bit x86 Port for Removal, has been promoted from its JEP Draft 8338285 to Candidate status. This JEP proposes to deprecate the Linux 32-bit x86 port with a plan to remove it in JDK 25. This JEP is related to JEP 449, Deprecate the Windows 32-bit x86 Port for Removal, delivered in JDK 21. Once this port is removed, Java applications running in 32-bit x86 processors will be run through the Zero port.
JEP 499, Structured Concurrency (Fourth Preview), has been promoted from its JEP Draft 8344096 to Candidate status. This JEP proposes a fourth preview, without change, in order to gain more feedback from the previous three rounds of preview, namely: JEP 480, Structured Concurrency (Third Preview), delivered in JDK 23; JEP 462, Structured Concurrency (Second Preview), delivered in JDK 22; and JEP 453, Structured Concurrency (Preview), delivered in JDK 21. This feature simplifies concurrent programming by introducing structured concurrency to "treat groups of related tasks running in different threads as a single unit of work, thereby streamlining error handling and cancellation, improving reliability, and enhancing observability."
JEP 498, Warn upon Use of Memory-Access Methods in sun.misc.Unsafe, has been promoted from its JEP Draft 8342077 to Candidate status. This JEP, a successor to JEP 471, Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal, delivered in JDK 23, proposes to issue a runtime warning if any of the memory-access methods, defined in the unsupported Unsafe class, are invoked. These methods were deprecated in JDK 23 and have been superseded by APIs, such as: JEP 193, Variable Handles, delivered in JDK 9; and JEP 454, Foreign Function & Memory API, delivered in JDK 22.
JDK 24
Build 24 of the JDK 24 early-access builds was made available this past week featuring updates from Build 23 that include fixes for various issues. Further details on this release may be found in the release notes.
For JDK 24, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, provided an update on Jakarta EE 11, writing:
As I have mentioned a couple of times already, Jakarta EE 11 Core Profile will be the first of the Platform- and Profile-specifications to reach the release review stage. That will most likely happen this week. All artifacts are ready and two compatible implementations have passed the TCK. Check out the compatibility requests and test results for WildFly and Open Liberty.
The road to Jakarta EE 11 included four milestone releases with the potential for release candidates as necessary before the GA release in 4Q2024.
Spring Framework
After seven milestone releases and three release candidates, Spring Framework 6.2.0 is now available to the Java community featuring: improvements in the core container, Spring Expression Language (SpEL); web and messaging applications; and testing. It is important to note that several deprecated classes, constructors and methods, such as: Base64Utils, JCacheOperationSourcePointcut and AbstractClientHttpResponse classes, have been removed in version 6.2.0. More details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story that will include the upcoming release of Spring Boot 3.4.0, scheduled for November 21st, 2024.
The release of Spring Framework 6.1.15 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: use of the UriUtils class to process static resource paths for consistency and to ensure proper handling of raw characters; and improved interaction methods in the MultiValueMap interface that better align with its implementations in native mode. Further details on this release may be found in the release notes.
After one milestone release and one release candidate, Spring Data 2024.1.0 is now available to the Java community featuring: full support for value expressions (via the Spring Expression Language) in repository query methods using the @Query annotation; and refinement of SQL and JPQL query parsers for an enhanced QueryRenderer model. More details on this release may be found in the release notes.
Similarly, the release of Spring Data 2024.0.6 and 2023.1.12 ship with bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.3.6 and 3.2.12; Spring Data MongoDB 4.3.6 and 4.2.12; Spring Data Elasticsearch 5.3.6 and 5.2.12; and Spring Data Neo4j 7.3.6 and 7.2.12. These versions will be included in the upcoming releases of Spring Boot and 3.3.6 and 3.2.12. It is important to note that Spring Data 2023.1.12 will be the final release as an open-source project as it has reached end-of-life.
The Spring Framework team has disclosed CVE-2024-38828, DoS via Spring MVC Controller Method with byte[] Parameter, a vulnerability affecting Spring Framework versions 5.3.0 - 5.3.41 where controller methods from Spring MVC using a @RequestBody byte[] method parameter are vulnerable to a denial-of-service attack. Developers are encouraged to upgrade to version 5.3.42
Micronaut
The Micronaut Foundation has released version 4.7.0 of the Micronaut Framework featuring Micronaut Core 4.7.5 with many improvements such as: a new FilterBodyParser interface, an API to parse a request body within a server filter; improvements to implementations of the HTTPClient interface; and the ability to display circular dependency errors. This release also introduces the experimental Micronaut LangChain4j module and version 1.0.0 of the Micronaut Graal Languages module, a collection of components for integration of Graal-based dynamic languages with Micronaut Framework. Further details on this release may be found in the release notes.
Helidon
The release of Helidon 4.1.4 ships with notable changes such as: replace the use of the replaceAll() method, defined in the Java String class with the replace() method as it was determined that the regular expression parameter in the former wasn’t being used; and updates in URI validation that moves host validation to the URIValidator class. More details on this release may be found in the changelog.
Quarkus
Quarkus 3.16.3, the second maintenance release (3.16.0 was skipped) provide notable changes such as: replace use of the Jakarta JSON Processing Json class due to inefficiency with a custom JsonProviderHolder class with OpenID Connect; and support for the Jakarta RESTful Web Services RuntimeDelegate class in native mode. Further details on this release may be found in the changelog.
Hibernate
The second beta release of Hibernate ORM 7.0.0 features: a migration to the Jakarta Persistence 3.2 specification, the latest version targeted for Jakarta EE 11; a baseline of JDK 17; improved domain model validations; and a migration from Hibernate Commons Annotations (HCANN) to the new Hibernate Models project for low-level processing of an application domain model. More details on migrating to version 7.0 may be found in the migration guide.
Micrometer
Micrometer Metrics 1.14.0 provides improvements in documentation, dependency upgrades and new features such as: the ability to track the history from an instance of the ObservationValidator class if an InvalidObservationException is thrown; and improved performance when merging instances of the Tags and KeyValues classes. Further details on this release may be found in the release notes.
Similarly, versions 1.13.7 and 1.12.12 of Micrometer Metrics feature dependency upgrades and a resolution to a NoSuchMethodError exception thrown by the HazelcastIMapAdapter class upon attempting to resolve a method name while converting to native image. More details on these releases may be found in the release notes for version 1.13.7 and version 1.12.12.
Micrometer Tracing 1.4.0 provides dependency upgrades and new features such as: the addition of the Micrometer Metrics @Nullable annotation to method and fields under the micrometer-tracing-bridges directory; and support for tags containing values of String, boolean, long and double in the Span and SpanCustomizer interfaces to be stored in an array list. Further details on this release may be found in the release notes.
Project Reactor
After six milestones and one release candidate, Project Reactor 2024.0.0 has been released providing dependency upgrades to reactor-core 3.7.0, reactor-netty 1.2.0, reactor-pool 1.1.0, reactor-addons 3.5.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23. More details on this release may be found in the changelog.
Next, Project Reactor 2023.0.12, the twelfth maintenance release, provides dependency upgrades to reactor-core 3.6.12 and reactor-netty 1.1.24. There was also a realignment to version 2023.0.12 with the reactor-pool 1.0.8, reactor-addons 3.5.2, reactor-kotlin-extensions 1.2.3 and reactor-kafka 1.3.23 artifacts that remain unchanged. Further details on this release may be found in the changelog.
Piranha Cloud
The release of Piranha 24.11.0 delivers many dependency upgrades and notable changes such as: a removal of the Jakarta Expression Language specification from the Piranha Core Profile; a downgrade of Eclipse Epicyro, the compatible implementation of the Jakarta Authentication specification, from version 3.1.0 to 3.0.0 due to issues with the newer version of Epicyro. More details on this release may be found in the release notes, documentation and issue tracker.
JBang
Versions 0.121.0 and 0.120.4 of JBang provide new features such as: the ability to honor transitive dependencies managed dependencies (similar to Maven 4) and, conversely, the ability to ignore transitive dependencies as needed; and support for running posts in BlueSky. Further details on these releases may be found in the release notes for version 0.121.0 and version 0.120.4.
JHipster
The release of JHipster Lite 1.22.0 ships with dependency upgrades and new features/enhancements such as: support for LangChain4j; the addition of a missing test for the RestManagementRepository class; and removal of deprecated code. More details on this release may be found in the release notes.
LangChain4j
Version 0.36.0 of LangChain for Java (LangChain4j) features new integrations: an embedding store from Oracle Coherence; a streaming chat model from Google AI Gemini; and a moderation model from Mistral AI. Other notable changes include: introduce the use of the Testcontainers for Java MongoDBAtlasLocalContainer class to locally cache a new image that may be executed offline; and a JDK 17 minimal baseline. Further details on this release may be found in the release notes.
Gradle
The release of Gradle 8.11.0 delivers new features such as: improved performance in the configuration cache with an opt-in parallel loading and storing of cache entries; the C++ and Swift plugins now compatible with the configuration cache; and improved error and warning reporting in which Java compilation errors are now displayed at the end of the build output. More details on this release may be found in the release notes.