Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Java News Roundup: CVE-2022-22968, Vector API, Jakarta EE 10 Update, IntelliJ IDEA 2022.1, Ktor 2.0

Java News Roundup: CVE-2022-22968, Vector API, Jakarta EE 10 Update, IntelliJ IDEA 2022.1, Ktor 2.0

This item in japanese

Lire ce contenu en français


This week's Java roundup for April 11th, 2022, features news from OpenJDK, JEP 426, JDK 19, Jakarta EE 10 updates, Spring Framework point releases and CVE-2022-22968, Quarkus 2.8.0, Open Liberty and, Micronaut 3.4.2, WildFly 26.1, Eclipse GlassFish 7.0-M4, Piranha 22.4.0, Apache Camel Quarkus 2.8.0, IntelliJ IDEA 2022.1, Ktor 2.0, and the Devnexus 2022 Conference.


JEP 426, Vector API (Fourth Incubator), was promoted from its JEP Draft 8280173 to Candidate status. This JEP, under the auspices of Project Panama, incorporates enhancements in response to feedback from the previous three rounds of incubation: JEP 417, Vector API (Third Incubator) (delivered in JDK 18), JEP 414, Vector API (Second Incubator) (delivered in JDK 17), and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. JEP 426 proposes to enhance the Vector API to load and store vectors to and from a MemorySegment as defined by JEP 424, Foreign Function & Memory API (Preview).

JDK 19

Build 18 of the JDK 19 early-access builds was made available this past week, featuring updates from Build 17 that include fixes to various issues. More details may be found in the release notes.

For JDK 19, developers are encouraged to report bugs via the Java Bug Database.

Jakarta EE 10

On the road to Jakarta EE 10, Ivar Grimstad, Jakarta EE developer advocate at the Eclipse Foundation, announced in his Hashtag Jakarta EE weekly blog that release reviews for four additional specifications have concluded this past week. This means about half of the specifications defined to be included in the Platform Profile are ready for Jakarta EE 10:

The release review for Jakarta Context and Dependency Injection 4.0 is still in progress and expected to be completed by April 20, 2022. For the remaining specifications, currently waiting for compatibility certification requests and in various stages of TCK tests, the release reviews should be completed within the next three weeks to ensure that Jakarta EE 10 is delivered by the end of May 2022.

Spring Framework

VMware has announced CVE-2022-22968, Spring Framework Data Binding Rules Vulnerability, as a follow up to CVE-2022-22965, Spring Framework RCE via Data Binding on JDK 9+, after it was discovered that the disallowedFields configuration property on the WebDataBinder class was not protected. Spring Boot versions 2.6.7 and 2.5.13, scheduled to be released on April 21, 2022, will also contain this fix, but developers are encouraged to manually upgrade the Spring Framework dependency in their Spring Boot applications.

Spring Framework 5.3.19 and 5.2.21 have been released that ship with 12 bug fixes and improvements and five bug fixes and improvements, respectively. These two versions also address the CVE-2022-22968 vulnerability as described above.


Quarkus 2.8.0.Final has been released featuring: RESTEasy Reactive as the default REST layer; GraalVM 22.0 as the default version; a new QuarkusTransaction API; and Elasticsearch Dev Services that can automatically start an Elasticsearch container in dev and test modes. In addition, AssertJ was removed from the Quarkus BOM due to an unreliable binary compatibility. Developers would need to explicitly define AssertJ 3.22.0 in their applications. More details for this release may be found in the changelog.

InfoQ will follow up with a more detailed news story.

Open Liberty

IBM has promoted Open Liberty from its beta release to deliver: support for JDK 18; support for client certificates with URL encoded strings; introduce the Paketo Liberty Buildpack; and numerous bug fixes.

Open Liberty has also been released, featuring: support for MicroProfile GraphQL 2.0; and distributed security caches such that multiple Liberty servers may share caches via JCache.


The Micronaut Foundation has released Micronaut 3.4.2 which ships with bug fixes, improvements in documentation and upgrades to Micronaut AWS 3.2.3, Micronaut Email 1.2.1, Micronaut AOT 1.0.3, Micronaut Micrometer 4.2.1 and Netty 4.1.76. Further details on this release may be found in the changelog.


Three weeks after WildFly 26.1 Beta1 was made available, Red Hat has released WildFly 26.1 that ships with: support for LTS releases, JDK 8, JDK 11 and JDK 17; the ability to specify a root configuration source directory with MicroProfile Config; a new address_queue_scan attribute to configure the frequency at which queues marked to be deleted are effectively deleted; a new execution-records-limit attribute to limit the number of records retrieved via a JDBC store; and the ability to enable configuration of resource adapter validation log directory. More details for this release may be found in the WildFly 26.1 documentation.

Eclipse GlassFish

On the road to GlassFish 7.0, the fourth milestone release was made available by the Eclipse Foundation which delivers: the Jakarta Servlet 6.0 and Jakarta Server Pages 3.1 specifications passing their respective TCKs; and other updated Jakarta EE 10 components. GlassFish 7.0.0-M4, considered a beta release, compiles and runs on JDK 11 through JDK 18. Further details on this release may be found in the release notes.


Piranha 22.4.0 has been released. Dubbed the "Slowing the pace" edition for April 2022, this release includes updates to their dependencies and plugins. More details on this release may be found in their documentation and issue tracker.

Apache Camel Quarkus

Maintaining alignment with Quarkus, Apache has released Camel Quarkus 2.8.0, containing Camel 3.16.0 and Quarkus 2.8.0.Final. New features include: improved support for Windows; new JVM extensions azure-servicebus and google-secret-manager; native support for the mybatis extension; deprecation of the spark, ahc and ahc-ws extensions; removal of the ipfs and weka extensions; and a Vert.x-based Azure HTTP client for the Azure extensions. Further details on this release may be found in the list of closed issues.


JetBrains has released IntelliJ IDEA 2022.1 featuring;support for JDK 18; a new Dependency Analyzer for dependency management and conflict resolution; the Notifications tool window now offers a new way to receive and store notifications from the IDE; an updated New Project wizard for improved launch of new projects; and improved IDE performance with Kotlin. More details on this release may be found in the release notes.

A year in the making, Ktor 2.0 was also released by JetBrains to deliver: support for Kotlin 1.6.20; an easier way to create plugins with a simplified extensions API; support for Kotlin/Native to complement existing support for GraalVM; new APIs to simplify HTTP requests by eliminating the post<T> and get<T> methods; and built-in support for retries. Further details on this release may be found in the changelog.

InfoQ will follow up with more detailed news stories on both of these JetBrains products.

Devnexus Conference

After the virtual conference in 2021, Devnexus 2022, organized by the Atlanta Java Users Group, was held this past week at the Georgia World Congress Center in Atlanta, Georgia. The conference, complete with workshops, presentations and the third annual JUG Leaders Summit, featured many notable speakers from the Java community.

About the Author

Rate this Article


Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p