InfoQ Homepage Java Content on InfoQ
-
Upgrade to Apache Commons Text 1.10 to Avoid New Exploit
A new vulnerability in the Apache Commons Text, AKA Text4Shell, allows an attacker to execute arbitrary code on the host machine. Originally reported by Alvaro Munoz, principal security researcher at GitHub, CVE-2022-42889 is similar to Spring4Shell and Log4Shell, allowing remote code execution (RCE).
-
Spring Modulith Structures Spring Boot 3 Applications with Modules and Events
VMware shipped the experimental Spring Modulith project to better structure Spring Boot 3 applications with modules and events. The project introduces new classes and annotations but doesn't generate code. Modules map to Java packages and are encouraged to use Spring events which can be automatically stored in an event log. Spring Modulith also eases the testing of modules and events.
-
Omni Faces 4.0 Changes Minimal Dependency to Java 11, While Removing Deprecated Classes
Five years after its previous major release, OmniFaces 4.0 has been released after a long series of milestones that included a "Jakartified version of 3.14 with a couple of breaking changes" following the release of Jakarta EE 10. Besides the minimum requirements and breaking changes, new utility methods have been added and omnifaces.js is now sourced by Typescript rather than vanilla JavaScript.
-
Java News Roundup: WildFly 27, Spring Release Candidates, JEPs for JDK 20, Project Reactor
This week's Java roundup for November 7th, 2022, features news from OpenJDK, JDK 20, OpenSSL CVEs, Build 20-loom+20-40, Spring Framework 6.0-RC4, Spring Boot 3.0-RC2, Spring Security 6.0-RC2, Spring Cloud 2021.0.5, WildFly 27, WildFly Bootable JAR 8.1, Quarkus 2.14 and 2.13.4, Project Reactor 2022.0, Micrometer Metrics 1.10 and Tracing 1.0, JHipster Lite 0.22.0 and Camel Quarkus 2.14 and 2.13.1.
-
Porting Million Lines of Code from Java to Kotlin at Meta
Meta has been at work to port their Android codebase from Java to Kotlin. In the process, they have learned a number of lessons of general interest and developed a few useful approaches, explains Meta engineer Omer Strulovich.
-
Debezium Releases Version 2.0 of Its Change Data Capture Tool
Debezium, an open-source distributed platform for change data capture (CDC), converts records from existing databases into event streams, enabling applications to detect and respond to database row-level changes. This release of version 2.0 introduces many changes: Java 11 is now required; incremental snapshots are improved [...]
-
Java News Roundup: Payara Platform 6, Spring Updates and CVEs, Asynchronous Stack Trace VM API
This week's Java roundup for October 31st, 2022, features news from OpenJDK, JDK 20, JavaFX 20, GZC 20, Spring Framework milestone, point and release candidates, Payara Platform 6, Micronaut 3.7.3, MicroProfile 6.0-RC2, Hibernate ORM point releases, Apache TomEE 9.0-RC1, Apache Camel 3.18.3, GraalVM Native Build Tools 0.9.17, JReleaser 1.3.1, JobRunr 5.3.1, JDKMon 17.0.39 and J-Fall 2022.
-
Maven Central Search Retrieves Dependency Coordinates from Maven Central
Maven Central Search (mcs) is a command line tool to retrieve dependency coordinates from Maven Central. The tool uses Picocli for the command line interface and GraalVM to compile executable native images for macOS, Linux and Windows.
-
Azul Joins the Effort of Improving Supply Chain Security by Launching Vulnerability Detection SaaS
November, 2nd: Azul released a new security product that intends to offer a solution to the increased risk of enterprise software supply chain attacks, compounded by severe threats such as Log4Shell. Azul Vulnerability Detection is a new SaaS that continuously detects known security vulnerabilities in Java applications. In addition, they promise not to affect the application’s performance.
-
Java News Roundup: OpenJDK Updates, JDK 20 Release Schedule, GraalVM 22.3, JReleaser 1.3.0
This week's Java roundup for October 24th, 2022, features news from OpenJDK, JDK 20 release schedule, Build 20-loom+20-34, Spring Integration 6.0-RC1, Spring Tools 4.16.1, GraalVM 22.3, Open Liberty 22.0.0.11 and 22.0.0.12-beta, Eclipse Vert.x 3.9.14, Apache TomEE 8.0.13, JReleaser 1.3.0, Hibernate Search 5.11.11 and 5.10.13, PrimeFaces point releases, JDKMon 17.0.37 and EclipseCon 2022.
-
James Gosling Shares Wisdom Related to IoT at Devoxx: Code on the Edge and Its Hurdles
In his Devoxx talk, James Gosling, the father of Java, zooms in on the technicalities of writing code for devices on the network's edge. Based on his impressive career developing software for devices ranging from satellites to autonomous submarines, he provides practical advice for the moments when the hardware is on the bottom of the sea, or when minor errors could cause mayhem or even fatality.
-
Apache Kafka 3.3 Replaces ZooKeeper with the New KRaft Consensus Protocol
The Apache Software Foundation has released Apache Kafka 3.3.1 with many new features and improvements. In particular, this is the first release that marks KRaft (Kafka Raft) consensus protocol as production ready. In development for several years, it was released in early access in Kafka 2.8, then in preview in Kafka 3.0.
-
Java News Roundup: JEP Updates, GraalVM Code to OpenJDK, Return of JavaOne
This week's Java roundup for October 17th, 2022, features news from OpenJDK, JDK 19, JDK 20, JavaFX 20, Generational ZGC Build 20, Oracle Labs, Liberica JDK and Native Image Kit, Spring milestone, point and release candidates, EclipseLink 4.0, Quarkus 2.13.3, Micronaut 3.7.2, Hibernate Reactive 1.1.9, JHipster Lite 0.20, Apache Commons CVE, Groovy 4.0.6 and 2.5.29 and the return of JavaOne.
-
BellSoft Introduces Alpaquita Linux for Containerized Java Applications
BellSoft has released Alpaquita Linux, an operating system based upon Alpine Linux, optimized for containerized Java applications. A plain Docker image is available, as well as Docker images with Liberica JDK or JRE or a Native Image Kit based upon GraalVM. Alternatively, Alpaquita Linux can be installed via Windows Subsystem for Linux (WSL), Linux repositories or an ISO file.
-
Quarkus Defends REST APIs against Attack
Quarkus has released a new release that integrates RESTEasy APIs with an integrated control against CSRF attacks, making web applications more resilient against certain types of fraud.