This week's Java roundup for December 16th, 2024 features news highlighting: GA releases of Apache TomEE 10.0.0 and Apache Struts 7.0.0; the December 2024 release of the Payara Platform, GlassFish 8.0.0-M9, Infinispan 15.1.0, Gradle 8.12.0, and SlateDB and Debezium join the Commonhaus Foundation.
JDK 24
Build 29 of the JDK 24 early-access builds was made available this past week featuring updates from Build 28 that include fixes for various issues. Further details on this release may be found in the release notes.
JDK 25
Build 3 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 2 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.
GlassFish
The ninth milestone release of GlassFish 8.0.0 incorporates all the Jakarta EE 11-M4 specifications with the exception of Jakarta Data. Other notable changes include: an improved EntityManagerFactoryWrapper
class that removes the unused _logger
field and adds a serialVersionUID
; and a removal of the jakarta.faces.PARTIAL_STATE_SAVING
property in the web.xml
file that was deprecated in Jakarta Faces 4.1. This release also supports Jakarta Persistence injection using CDI and synchronizes with GlassFish 7. Further details on this release may be found in the release notes.
Spring Framework
It was a busy week over at Spring as the various teams have delivered point releases of Spring Boot, Spring Security, Spring Authorization Server, Spring Session, Spring Integration, Spring Modulith, Spring Batch, Spring AMQP, Spring for Apache Kafka, Spring for Apache Pulsar and Spring Shell. More details may be found in this InfoQ news story.
Payara
Payara has released their December 2024 edition of the Payara Platform that includes Community Edition 6.2024.12 and Enterprise Edition 6.21.0 and Enterprise Edition 5.70.0. All three releases provide resolutions to notable issues such as: a ClassCastException
upon deserializing an instance of the Jakarta Validation ConstraintViolation
interface; and a NullPointerException
from the WebappClassLoader
class. The Community Edition now supports Jakarta MVC 2.1 specification via the Eclipse Krazo 3.0.1, one of the implementations of the specification. More details on these releases may be found in the release notes for Community Edition 6.2024.12 and Enterprise Edition 6.21.0 and Enterprise Edition 5.70.0.
This edition also features the third alpha release of Payara Community Edition 7.2024.1 that delivers continued support for the upcoming release of Jakarta EE 11 with an implementation of the Jakarta Security specification.
Open Liberty
IBM has released version 25.0.0.1-beta of Open Liberty featuring stronger password encryption with support for AES-256 password encryption; and Open Liberty features - Batch API (batch-1.0
), Jakarta Batch 2.0 (batch-2.0
), Jakarta Batch 2.1 (batch-2.1
), Java Connector Architecture Security Inflow 1.0 (jcaInboundSecurity-1.0
), Jakarta Connectors Inbound Security 2.0 (connectorsInboundSecurity-2.0
) - have been updated to support InstantOn.
Apache Software Foundation
The release of Apache TomEE 10.0.0 delivers bug fixes, dependency upgrades and new features such as: an implementation of the Jakarta Security @OpenIdAuthenticationMechanismDefinition
annotation; and the addition of a Jandex index cache to the to TomEEMicroProfileListener
class. Further details on this release may be found in the release notes.
The release of Apache Struts 7.0 ships with bug fixes, dependency upgrades and new features such as: JDK 17 as a minimal version; support for Jakarta EE 9+, i.e., a migration from the javax
to jakarta
namespace; and an implementation of stronger security defaults. More details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.
The Apache Tomcat team has disclosed (here and here) two Common Vulnerability and Exposures (CVEs) affecting Tomcat versions 11.0.0-M1 to 11.0.1, 10.1.0-M1 to 10.1.33 and 9.0.0.M1 to 9.0.97:
- CVE-2024-50379, a Time-of-Check-Time-of-Use vulnerability in which a write-enabled default servlet for a case insensitive file system can bypass Tomcat's case sensitivity checks and cause an uploaded file to be treated as a JSP leading to a remote code execution.
- CVE-2024-54677, a vulnerability in which the web application examples, not having placed limits on uploaded data, triggered an
OutOfMemoryError
causing a denial of service.
Developers are encouraged to upgrade to Tomcat versions 11.0.2+, 10.1.34+ and 9.0.98+.
Infinispan
The release of Infinispan 15.1.0, codenamed It Was All A Dream, delivers: a new Java Hot Rod client that replaces the current hotrod-client
module; support for geographical queries that are based on geographical criteria; nested entities joins that allows for nested, i.e., not-flattened, relations between root entities and embedded entities in order to join their values to be queried. Further details on this release may be found in the release notes.
JBang
JBang 0.122.0 features: the addition of a --no-integrations
flag and corresponding //NOINTEGRATIONS
directive for JBang projects that do not require integrations; and the addition of the -parameters
flag as a default with the javac
command in build files and the ProjectBuilder
class. More details on this release may be found in the release notes.
Commonhaus Foundation
The Commonhaus Foundation, a non-profit organization dedicated to the sustainability of open source libraries and frameworks, has announced that SlateDB and Debezium have joined the foundation this past week. In a blog post published in early November 2024, Chris Cranford, Principal Software Engineer at Red Hat, described their transition to the foundation, writing:
Commonhaus stands out because of its innovative governance framework and commitment to project independence. This benefits the Debezium community and its collaborators by allowing us to continue to provide the same release cadence and commitment to excellence that we have today. We are thrilled to join other prominent projects at Commonhaus, which includes Hibernate, Jackson, and Quarkus.
Other notable projects that have joined the foundation include: JReleaser, JBang, OpenRewrite, SDKMAN, EasyMock, Objenesis and Feign.
Gradle
Gradle 8.12.0 has been released featuring: enhancements to the Problems API with an improved readability in the error and warning reporting by summarizing duplicate entries in the generated problems report and enhanced console output when the API is used to fail the build; and platform enhancements that include support for file-system watching on the Alpine Linux distribution and support for building and testing Swift 6 applications. Further details on this release may be found in the release notes.