BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Java News Roundup: Vector API, Spring Updates and CVE, Payara Platform, Groovy and TomEE Updates

Java News Roundup: Vector API, Spring Updates and CVE, Payara Platform, Groovy and TomEE Updates

This item in japanese

Lire ce contenu en français

This week's Java roundup for April 18th, 2022, features news from OpenJDK, JEP 426, Oracle’s Releases Critical Patch Update for April 2022, JDK 19, Liberica JDK and Native Image Kit updates, multiple Spring point and milestone releases, April 2022 Payara Platform release, Quarkus 2.8.1.Final, Apache Groovy 4.0.2, Apache TomEE 8.0.11, JobRunr 5.0.1, and an update to JReleaser 1.0.

OpenJDK

Within a week after being promoted from Draft to Candidate status, JEP 426, Vector API (Fourth Incubator), was promoted from Candidate to Proposed to Target status for JDK 19. This JEP, under the auspices of Project Panama, incorporates enhancements in response to feedback from the previous three rounds of incubation: JEP 417, Vector API (Third Incubator) (delivered in JDK 18), JEP 414, Vector API (Second Incubator) (delivered in JDK 17), and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. JEP 426 proposes to enhance the Vector API to load and store vectors to and from a MemorySegment as defined by JEP 424, Foreign Function & Memory API (Preview). The review is expected to conclude on April 28, 2022.

As part of Oracle's Releases Critical Patch Update for April 2022, release updates for JDK 18.0.1, 17.0.3, 11.0.15, 8u331 and 7u341, have been made available. More details may be found in the release notes for JDK 18, JDK 17, JDK 11, JDK 8 and JDK 7.

JDK 19

Build 19 of the JDK 19 early-access builds was made available this past week, featuring updates from Build 18 that include fixes to various issues. More details may be found in the release notes.

For JDK 19, developers are encouraged to report bugs via the Java Bug Database.

Liberica JDK and Native Image Kit

Concurrent with Oracle's Releases Critical Patch Update for April 2022, BellSoft has released versions 18.0.1, 17.0.3, 11.0.15 and 8u332 of Liberica JDK, their downstream distribution of OpenJDK.

BellSoft has also released a new Liberica Native Image Kit (NIK) version 22.1.0 and an upgraded version 21.3.2. New features include: an incremental, concurrent heap scanning during points-to analysis that provides shorter native image build times; support for the GarbageCollection, GCPhasePause, SafepointBegin, SafepointEnd, and ExecutionSample JFR events; and a special feature that searches for vulnerable log4j libraries in native images that produces a warning. This release also deprecates the --allow-incomplete-classpath option that links an image at run time since this is now the default option. Developers are encouraged to use the new --link-at-build-time option to link an image at build time.

Spring Framework

It was a busy week over at Spring as the team provided multiple release candidate and point releases on some of their projects.

On the road to Spring Boot 2.7.0, the first release candidate was made available that ships with bug fixes, improvements in documentation and dependency upgrades. New features include auto-configuration for: Kafka Retry Topics and RSocket support in GraphQL. More details on this release may be found in the release notes.

Spring Boot 2.6.7 has been released, delivering 38 bug fixes, improvements in documentation and dependency upgrades that include: Spring Framework 5.3.19, Spring Data 2021.1.4, Spring Session 2021.1.3, Spring Security 5.6.3, Micrometer 1.8.5, Reactor 2020.0.18 and Apache Tomcat 9.0.62. Further details on this release may be found in the release notes.

Spring Boot 2.5.13 has been released which delivers 31 bug fixes, improvements in documentation and dependency upgrades that include: Spring Framework 5.3.19, Spring Data 2021.0.11, Spring Session 2021.0.6, Spring Security 5.5.6, Micrometer 1.7.11, Reactor 2020.0.18 and Apache Tomcat 9.0.62.

Both of these Spring Boot versions address CVE-2022-22968, Spring Framework Data Binding Rules Vulnerability, that VMware announced last week. More details on this release may be found in the release notes.

VMware has announced CVE-2022-22969, Denial-of-Service (DoS) in spring-security-oauth2, in which versions of Spring Security OAuth prior to 2.5.2 are susceptible to a Denial-of-Service attack via the initiation of the Authorization Request in an OAuth 2.0 Client application. Spring Security OAuth 2.5.2 addresses this CVE.

On the road to Spring for GraphQL 1.0, the first release candidate was made available that ships with new features such as: server and client support for GraphQL over the RSocket protocol; support for the GraphQL over HTTP media type (application/graphql+json) as the default media type; and an improved GraghQLSource Builder.

Spring Data versions 2021.2.0-RC1, 2021.1.4 and 2021.0.11 have been released featuring bug fixes and dependency upgrades that include: Spring Data Commons 2.7.0-RC1, 2.6.4, 2.5.11; Spring Data MongoDB 3.4.0-RC1, 3.3.4, 3.2.11; Spring Data JDBC 2.4.0-RC1, 2.3.4, 2.2.11; and Spring Data Redis 2.7.0-RC1, 2.6.4, 2.5.11.

Similarly, Spring Session versions 2021.2.0-RC1, 2021.1.3 and 2021.0.6 have been released featuring bug fixes and dependency upgrades to: Spring Session Core 2.7.0-RC1, 2.6.3, 2.5.6; Spring Session Data Redis 2.7.0-RC1, 2.6.3, 2.5.6; Spring Session JDBC 2.7.0-RC1, 2.6.3, 2.5.6; Spring Session Hazelcast 2.7.0-RC1, 2.6.3, 2.5.6; Spring Session MongoDB 2.7.0-RC1, 2.6.3; and Spring Session for Apache Geode 2.7.0-RC1, 2.6.1, 2.5.6.

On the road to Spring Security 5.7.0, the first release candidate was made available that ships bug fixes, improvements in documentation and dependency upgrades. New features include: a new SecurityContextHolderFilter class that allows for explicit saving of the SecurityContext interface; adding DSL support for Cross-Origins Policies headers; allow configuration of Proof Key for Code Exchange (PKCE) on confidential clients; and support for SAML 2.0 Login and Single Logout XML. Further details on this release may be found in the release notes.

Spring Security versions 5.6.3 and 5.5.6 have been released featuring bug fixes and dependency upgrades such as: Spring Framework 5.3.19; Spring Data 2021.1.3 and 2021.0.10; Reactor Netty 1.0.18; and Project Reactor 2020.0.18.

Payara

Payara has released their April 2022 edition of the Payara Platform. The Community 5.2022.2 edition includes 13 bug fixes, two component upgrades, three improvements and three security fixes. The Enterprise 5.38.0 edition includes two bug fixes, one improvement and four security fixes. Both editions share new features that include: a new gRPC extension; a hotfix to the Spring4Shell vulnerability in Spring Framework WAR packaged applications in Payara Server; and the ability to use Jakarta EE 9 and PrimeFaces with Eclipse Transformer.

Payara has also announced that the Payara 5 Community edition will reach end-of-life after the next release in favor of the Payara 6 Community edition, which will be aligned with the upcoming GA release of Jakarta EE 10. Developers will be encouraged to migrate to Payara 5 Enterprise should they decide to remain on Payara Platform 5.

Quarkus

One week after the release of Quarkus 2.8.0, Red Hat has provided a maintenance release with Quarkus 2.8.1.Final that features bug fixes and improvements in documentation. More details on this release may be found in the changelog.

Apache Groovy

The Apache Software Foundation (ASF) has provided point releases on Apache Groovy and Apache TomEE.

Groovy 4.0.2 has been released that ships with: preliminary support for JDK 19; an improved Gradle metadata that addresses an issue with the groovy-all property; an initial phase out of security policy files related to JEP-411, Deprecate the Security Manager for Removal; and a recommendation for developers using JDK 18 or JDK 19 to set the JAVA_OPTS environmental variable to -Djava.security.manager=allow while using the groovysh tool. More details may be found in the release notes and in this more detailed news story on Groovy 4.0, released in late January 2022.

Version 8.0.11 of TomEE, the Jakarta EE 9.1 Web Profile certified application server, has also been released featuring bug fixes, dependency upgrades and improvements such as: replace Google Analytics with ASF Matomo; a solution to GitHub Actions failing for PullRequest Builds due to the current auto generation of a bill of materials; and an update to the tomee.xml file so it refers to the correct location of the documentation after the website had been updated. Further details may be found in the release notes.

JobRunr

Less than a month after the release of JobRunr 5.0, version 5.0.1 was made available to include bug fixes and an improvement where dashboard logs after job success will remain. This was in response to the breaking change in which metadata was cleared after a job success. More details may be found in the release notes.

JReleaser

A small update to JReleaser was released to include deprecation of the GoFish package manager due to the project owner having closed the repository for contributions.

About the Author

Rate this Article

Adoption
Style

BT