This week's Java roundup for December 2nd, 2024 features news highlighting: JDK 24 in Rampdown Phase One; the formation of the JDK 25 Expert Group; the release of Jakarta EE 11 Core Profile and Spring Cloud 2024.0.0; and point releases for GlassFish, Open Liberty, Quarkus and Apache Camel.
JDK 24
Build 27 of the JDK 24 early-access builds was made available this past week featuring updates from Build 26 that include fixes for various issues. Further details on this release may be found in the release notes.
As per the JDK 24 release schedule, Mark Reinhold, Chief Architect, Java Platform Group at Oracle, formally declared that JDK 24 has entered Rampdown Phase One. This means that the main-line source repository has been forked to the JDK stabilization repository and no additional JEPs will be added for JDK 24. Therefore, the final set of 24 features for the GA release in March 2025 will include:
- JEP 404: Generational Shenandoah (Experimental)
- JEP 450: Compact Object Headers (Experimental)
- JEP 472: Prepare to Restrict the Use of JNI
- JEP 475: Late Barrier Expansion for G1
- JEP 478: Key Derivation Function API (Preview)
- JEP 479: Remove the Windows 32-bit x86 Port
- JEP 483: Ahead-of-Time Class Loading & Linking
- JEP 484: Class-File API
- JEP 485: Stream Gatherers
- JEP 486: Permanently Disable the Security Manager
- JEP 487: Scoped Values (Fourth Preview)
- JEP 488: Primitive Types in Patterns, instanceof, and switch (Second Preview)
- JEP 489: Vector API (Ninth Incubator)
- JEP 490: ZGC: Remove the Non-Generational Mode
- JEP 491: Synchronize Virtual Threads without Pinning
- JEP 492: Flexible Constructor Bodies (Third Preview)
- JEP 493: Linking Run-Time Images without JMODs
- JEP 494: Module Import Declarations (Second Preview)
- JEP 495: Simple Source Files and Instance Main Methods (Fourth Preview)
- JEP 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism
- JEP 497: Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm
- JEP 498: Warn upon Use of Memory-Access Methods in sun.misc.Unsafe
- JEP 499: Structured Concurrency (Fourth Preview)
- JEP 501: Deprecate the 32-bit x86 Port for Removal
JDK 25
JSR 400, Java SE 25, was approved this past week to formally announce the four-member expert group for JDK 25, namely Simon Ritter (Azul Systems), Iris Clark (Oracle), Andrew Haley (Red Hat) and Christoph Langer (SAP SE). Clark will serve as the specification lead. Other notable dates at this time include a public review from June through August 2025 and the GA release in September 2025.
Build 0 and Build 1 of the JDK 25 early-access builds were also made available this past week featuring updates to resolve these initial issues.
For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, provided an update on Jakarta EE 11, writing:
The ballot for Jakarta EE 11 Core Profile is complete! This means that the specification is ratified and can be released. This is a milestone on several levels. First, we released (at least part of) Jakarta EE 11 in 2024. Second, we released the Core Profile specification independently of the Platform and Web Profile specifications. This is something we have wanted to do for a while and is a verification that we have been able to untangle the dependencies enough to make it possible.
There is still a little hope that the ballots for the Jakarta EE 11 Platform and Jakarta EE 11 Web Profile specifications will be started before the end of the year.
The road to Jakarta EE 11 included four milestone releases, the release of Core Profile with the potential for release candidates as necessary before the GA releases of the Platform and Web Profile in 1Q2025.
GlassFish
GlassFish 7.0.20, the twentieth maintenance release, delivers dependency upgrades and resolutions to notable issues such as: a failure to redirect to the home page or login page after a session timeout in the the Admin Console due to a Jakarta Faces ViewExpiredException; and the creation of an infinite number of logging pump threads upon updating the logging.properties file. More details on this release may be found in the release notes.
GraalVM
Oracle Labs has released version 0.10.4 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides notable changes such as: ensure that the accessFilter input stream, defined in the AgentConfiguration class, is thread safe; and improvements to the generation of Native Image SBOMs. Further details on this release may be found in the changelog.
Oracle Labs has also released version 4.6.0.6 of the Graal Development Kit for Micronaut featuring alignment with Micronaut 4.6.0. Formerly known as Graal Cloud Native, the Graal Development Kit for Micronaut provides a curated set of Micronaut framework modules that simplify cloud application development. The release notes only cover OS-specific downloads, a list of GDK artifacts in Oracle Maven and how to remove the quarantine attribute for developers using macOS Catalina and above.
Spring Framework
Less than a week after the release of Spring Cloud 2023.0.4, codenamed Leyton, Spring Cloud 2024.0.0, codenamed Moorgate, has been released featuring bug fixes and notable updates to sub-projects: Spring Cloud Kubernetes 3.2.0; Spring Cloud Function 4.2.0; Spring Cloud OpenFeign 4.2.0; Spring Cloud Stream 4.2.0; and Spring Cloud Gateway 4.2.0. This release is based upon Spring Boot 3.4.0. More details on this release may be found in the release notes.
Version 4.27.0 of Spring Tools has been released featuring bug fixes, an update to Eclipse 2024-12 and new features such as: support for the Spring Boot @ConditionalOnProperty annotation that include completions, navigate to definition and find references; and support for concatenating Strings for data queries inside the Spring Data JPA @Query annotation. Further details on this release may be found in the release notes.
Open Liberty
IBM has released version 24.0.0.12 of Open Liberty featuring: support for MicroProfile 7.0; continuous improvements on the SameSite and improvements for handling the SameSite=None cookie value without worrying about breaking certain client versions; and a resolution to CVE-2024-7254, a vulnerability that affects IBM's grpc-1.0 and grpcClient-1.0 features where an attacker may corrupt nested groups/series of SGROUP tags upon parsing untrusted Protocol Buffers data. More details on MicroProfile 7.0 and Open Liberty may be found in this blog post by Emily Jiang, Liberty Cloud Native Architect at IBM.
Quarkus
Quarkus 3.17.3, the second maintenance release (3.17.1 was skipped due to a regression), features dependency upgrades and resolutions to notable issues such as: a NullPointerException from the mappingToNames() method, defined in the BuildTimeConfigurationReader class, caused by the SmallRye Config PropertyName class; a regression in startup time in the JLine console using JDK 23 and JDK 24 that was resolved by adding the -Djdk.console=java.base flag. Further details on this release may be found in the changelog.
Apache Software Foundation
The release of Apache Camel 4.9.0, delivers bug fixes, dependency upgrades and new features such as: support for OAuth2 to cache and refresh tokens in the Camel HTTP component; and a migration of Smooks Camel Cartridge to the main codebase. More details on this release may be found in the release notes and what's new page.
Java Operator SDK
The first beta release of Java Operator SDK 5.0.0 ships with new features such as: the Kubernetes Server-Side Apply has been elevated to a first-class citizen with a default approach for patching the status resource; and a change in responsibility with the EventSource interface to monitor the resources and handles accessing the cached resources, filtering, and additional capabilities that was once maintained by the ResourceEventSource subinterface. Further details on this release may be found in the changelog.
Keycloak
Keycloak 26.0.7, the seventh maintenance release, provides numerous bug fixes, improvements in documentation and a dependency upgrade to Infinispan 15.0.11. More details on this release may be found in the release notes.
JetBrains Ktor
Ktor 3.0.2, the second maintenance release, ships with resolutions to notable issues such as: an IndexOutOfBoundsException using the HttpCache plugin for HttpClient when the server sends an invalid header, cache-control: max-age: 120, where an equal sign should be used after max-age; and an application crash using the deprecated streamProvider() method, defined in the FileItem class, that has no implementation. Further details on this release may be found in the release notes and what's new page.
