This week's Java roundup for November 13th, 2023, features news from OpenJDK, JDK 22, and monthly, milestone and point releases of: Spring Framework; Spring Data; Payara Platform; Open Liberty; Micronaut; Grails; Quarkus; Tomcat; Apache Camel; Vert.x; Mojarra; Micrometer Metrics and Tracing; Project Reactor; Piranha; JDKMon; JobRunr; JHipster Lite; Testcontainers for Java; Arquillian; and Gradle.
OpenJDK
After its review has concluded, JEP 459: String Templates (Second Preview) has been promoted from Proposed to Target to Targeted for JDK 22. This JEP provides a second preview from the first round of preview: JEP 430, String Templates (Preview), delivered in JDK 21. This feature enhances the Java programming language with string templates, string literals containing embedded expressions, that are interpreted at runtime where the embedded expressions are evaluated and verified. More details on JEP 430 may be found in this InfoQ news story.
JEP 463, Implicitly Declared Classes and Instance Main Methods (Second Preview), has been promoted from Candidate to Proposed to Target for JDK 22. Formerly known as Unnamed Classes and Instance Main Methods (Preview), Flexible Main Methods and Anonymous Main Classes (Preview) and Implicit Classes and Enhanced Main Methods (Preview), this JEP incorporates enhancements in response to feedback from the previous round of preview, namely JEP 445, Unnamed Classes and Instance Main Methods (Preview). This JEP proposes to "evolve the Java language so that students can write their first programs without needing to understand language features designed for large programs." This JEP moves forward the September 2022 blog post, Paving the on-ramp, by Brian Goetz, Java language architect at Oracle. Gavin Bierman, consulting member of technical staff at Oracle, has published the first draft of the specification document for review by the Java community. More details on JEP 445 may be found in this InfoQ news story. The review is expected to conclude on November 28, 2023.
JEP 457, Class-File API (Preview), has been promoted from Candidate to Proposed to Target for JDK 22. This JEP proposes to provide an API for parsing, generating, and transforming Java class files. This will initially serve as an internal replacement for ASM, the Java bytecode manipulation and analysis framework, in the JDK with plans to have it opened as a public API. Brian Goetz, Java language architect at Oracle, characterized ASM as "an old codebase with plenty of legacy baggage" and provided background information on how this draft will evolve and ultimately replace ASM. The review is expected to conclude on November 28, 2023.
JEP 447, Statements before super(...) (Preview), has been promoted from Candidate to Proposed to Target for JDK 22. This JEP, under the auspices of Project Amber, proposes to: allow statements that do not reference an instance being created to appear before the this() or super() calls in a constructor; and preserve existing safety and initialization guarantees for constructors. Gavin Bierman, consulting member of technical staff at Oracle, has provided an initial specification of this JEP for the Java community to review and provide feedback. The review is expected to conclude on November 22, 2023.
JEP 423, Region Pinning for G1, has been promoted from Candidate to Proposed to Target for JDK 22. This JEP proposes to reduce GC latency by implementing region pinning to the G1 garbage collector. This will extend G1 so that arbitrary regions may be pinned during both major and minor collection operations so that disabling the garbage collection process may be avoided while implementing JNI critical regions. The review is expected to conclude on November 28, 2023.
JDK 22
Build 24 of the JDK 22 early-access builds was made available this past week featuring updates from Build 23 that include fixes to various issues. Further details on this build may be found in the release notes.
For JDK 22, developers are encouraged to report bugs via the Java Bug Database.
Spring Framework
The release of Spring Framework 6.1.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: introduce way to convert the response body to a desired type using message converters from the ClientHttpResponse interface; improved support for method validation for errors on elements within a container; and support for pattern matching on method names in ControlFlowPointcut class. More details on this release may be found in the release notes and What's New page.
Similarly, versions 6.0.14 and 5.3.31 of Spring Framework have been released featuring bug fixes, improvements in documentation, dependency upgrades and new features such as: Log4jLog inner class, defined in LogAdapter class, needs to re-resolve the Log4j ExtendedLogger interface on deserialization for compatibility with Log4j 2.21; an optimization of the StandardTypeLocator class for hotspot when the same classes are resolved; and enhancements to setting properties in the ProblemDetail class. More details on these releases may be found in the release notes for version 6.0.14 and version 5.3.31.
The release of Spring Data 2023.1.0, codenamed Vaughn, ships with: compatibility with JDK 21; use of virtual threads through configuration of the Java Executor interface; support for Kotlin inline value classes; and exploration on optimizations for Checkpoint/Restore (CRaC); single query loading for Spring Data JDBC; and a migration of documentation to Antora. More details on this release may be found in the release notes.
Similarly, versions 2023.0.6, 2022.0.12 and 2021.2.18, all service releases of Spring Data, feature bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.1.6, 3.0.12 and 2.7.18; Spring Data MongoDB 4.1.6, 4.0.12 and 3.4.18; Spring Data Elasticsearch 5.1.6, 5.0.12 and 4.4.18; and Spring Data Neo4j 7.1.6, 7.0.12 and 6.3.18. These versions can be consumed by the upcoming releases of Spring Boot 3.1.6, 3.0.13 and 2.7.18, respectively.
Payara
Payara has released their November 2023 edition of the Payara Platform that includes Community Edition 6.2023.11, Enterprise Edition 6.8.0 and Enterprise Edition 5.57.0 featuring: bug fixes; a dependency upgrade to Maven Bundle Plugin 5.1.9; and a security fix for CVE-2023-41699, a URL Redirection to Untrusted Site vulnerability in Payara Platform Payara Server, Micro and Embedded that allows redirect access to libraries.
New features include: a new --warmup command line parameter, in conjunction with the asadmin command, start-domain, to stop the server after bootstrapping; and the addition of individual timeout options for all the Payara Server Management asadmin commands.
With these releases, Payara also introduced Payara Starter, a source code generator to create new Payara Server or Payara Micro projects.
More details on these versions may be found in the release notes for Community Edition 6.2023.11 and Enterprise Edition 6.8.0 and Enterprise Edition 5.57.0.
Open Liberty
IBM has released version 23.0.0.11 of Open Liberty featuring new vendor metrics for MicroProfile Metrics 5.0, 4.0 and 3.0 that can be directly added to dashboards of various monitoring tools without additional computation. These new metrics are: Process CPU Utilization Percent; Heap Utilization Percent; GC Time per Cycle; Connection Pool in Use Time per Used Connection; Connection Pool Wait Time per Queued Request; Servlet Elapsed Time per Request; and REST Elapsed Time per Request.
Other new features include: a resolution for CVE-2023-46158, a vulnerability in IBM WebSphere Application Server Liberty 23.0.0.9 through 23.0.0.10 that could provide weaker than expected security due to improper resource expiration handling; and the ability to include all server configuration files in server.xml using the include element that eliminates the previous requirement in which they needed to be individually specified.
Micronaut
The Micronaut Foundation has released version 4.2.0 of the Micronaut Framework featuring Micronaut Core 4.2.0 with enhancements to their Kotlin Symbol Processing and dependency upgrades to Kotlin 1.9.20 and Netty 4.1.101. JDK 21 has been added to the list of available JDK versions in Micronaut Launch and support for the Gradle Kotlin DSL. More details on this release may be found in the release notes.
Grails
The Grails Foundation has released version 6.1.0 of the Grails Framework featuring bug fixes, improvements in documentation, dependency upgrades and notable changes such as: an upgrade to SnakeYAML 2.2 to mitigate CVE-2022-1471, a vulnerability in which the deserialization of types using the SnakeYAML Constructor() class will allow an attacker to initiate a malicious remote code execution; and a decoupling of the Sitemesh Plugin for improved flexibility. More details on this release may be found in the release notes.
Quarkus
The release of Quarkus 3.5.2 ships with bug fixes, improvements in documentation and notable changes such as: a resolution to mitigate CVE-2023-21971, a vulnerability that allows an attacker, with network access via multiple protocols, to compromise MySQL Connectors that may result in unauthorized ability to cause a hang or frequently repeatable denial-of-service of MySQL Connectors as well as unauthorized update, insert or delete access to some of MySQL Connectors accessible data; disable the Http2RSTFloodProtectionTest and CustomManifestArgumentsTest classes on Windows OS due to instability from the tests creating many streams in a single connection; and avoid using the JUnit @TempDir annotation in the RestClientCDIDelegateBuilderTest class due to continuous integration issues in Windows OS. More details on this release may be found in the changelog.
Apache Software Foundation
Versions 11.0.0-M14, 10.1.16, 9.0.83 and 8.5.96 of Apache Tomcat all feature bug fixes and notable changes such as: ensure that an IOException during the reading of a request always triggers error handling, regardless of whether the application consumes the exception; a fix for a Tomcat Connector that refused new connections or caused the JVM to crash upon reloading the Transport Layer Security (TLS) configuration via the TLSCertificateReloadListener class; and the StatusManagerServlet class can now output statistics in JSON format.
For version 11.0.0-M14, integration with OpenSSL will use the Foreign Function & Memory API API rather than Tomcat Native. OpenSSL support may be enabled by adding the OpenSSLLifecycleListener class on the Server element when using Java 22 or later. More details on these releases may be found in the changelogs for version 11.0.0-M14, version 10.1.16, version 9.0.83 and version 8.5.96.
The release of Apache Camel 4.2.0 delivers bug fixes, dependency upgrades and new features/improvements such as: support for OAuth 2.0 (Camel HTTP component); support for Spring bean autowiring using the @Primary annotation (Camel Spring component); and the ability to use the old Micrometer meter names or follow the new Micrometer naming conventions (Camel Micrometer component). More details on this release may be found in the release notes.
Eclipse Foundation
The release of Eclipse Vert.x 4.5.0 provides new feature such as: support for JDK 21 and virtual threads; the creation of dynamic SQL connections; the ability to update TCP client/server SSL options at runtime for certificate rotation; and implementation of the Builder Pattern for connecting to HTTP clients and SQL connection pools. More details on this release may be found in the release notes and deprecations and breaking changes.
The release of Mojarra 4.0.5, the compatible implementation of the Jakarta Faces specification, ships with notable changes such as: move reinitialization of Weld from ConfigureListener class back into it original FacesInitializer class due to exception issues; a fix for a mismatch between the specification and implementation on the use of the constant field, "jakarta.faces.WEBAPP_CONTRACTS_DIRECTORY" defined as WEBAPP_CONTRACTS_DIRECTORY_PARAM_NAME in the ResourceHandler class; and a new ExceptionHandler class added to the getExceptionHandler() method defined in the InitFacesContext class to resolve an UnsupportedOperationException. More details on this release may be found in the release notes.
Micrometer
Versions 1.12.0, 1.11.6, 1.10.13 and 1.9.17 of Micrometer Metrics all deliver bug fixes, improvements in documentation, dependency upgrades and new features in version 1.12.0 such as: support for Generational ZGC; support for Jetty 12 in the JettyConnectionMetrics class; and a new JmsInstrumentation class to add observability for the Jakarta Messaging specification; more details on these releases may be found in the release notes for version 1.12.0, version 1.11.6, version 1.10.13 and version 1.9.17.
Similarly, versions 1.2.0, 1.1.7 and 1.0.12 of Micrometer Tracing all deliver dependency upgrades and new features in version 1.2.0 such as: make the SpanTagAnnotationHandler class optional such that it will match with the TimedAspect class for frameworks to more easily configure it; a new getDuration() method defined in the FinishedSpan interface; and deprecate HTTP instrumentation abstractions for removal due to a decision to not provide abstractions over transports in all instrumentation projects. More details on these releases may be found in the release notes for version 1.2.0, version 1.1.7 and version 1.0.12.
Project Reactor
The release of Project Reactor 2023.0.0 provides dependency upgrades to reactor-core 3.6.0, reactor-netty 1.1.13, reactor-kafka 1.3.22, reactor-pool 1.0.3, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2. More details on this release may be found in the changelog.
Similarly, Project Reactor 2022.0.13, the thirteenth maintenance release, provides dependency upgrades to reactor-core 3.5.12, reactor-netty 1.1.13 and reactor-kafka 1.3.22. There was also a realignment to version 2022.0.13 with the reactor-pool 1.0.3, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.
Piranha
The release of Piranha 23.11.0 delivers notable changes such as: support for JDK 21; support for Coordinated Restore at Checkpoint (CRaC) to the Piranha Core Profile; and a removal of the Maintainability, Lines of Code, Code Coverage and Code Smells badges. More details on this release may be found in their documentation and issue tracker.
JDKMon
Versions 17.0.85 and 17.0.83 of JDKMon, a tool that monitors and updates installed JDKs, has been made available this past week. Created by Gerrit Grunwald, principal engineer at Azul, these new versions provide new features: support for GraalVM for National Vulnerability Database (NVD) scans related to the JDK; a new search field for discovering OpenJDK JEPs, JSRs and Java projects; and support for Common Vulnerability Scoring System (CVSS) 4.0 and NVD API 2.0.
JobRunr
Version 6.3.3 of JobRunr, a library for background processing in Java that is distributed and backed by persistent storage, has been released featuring: a separate build time and runtime configuration for Quarkus; and a fix for JobRunr accepting the synthetic classes provided by the Quarkus ClientProxy interface instead of the original proxy name that result in beans that are not found. More details on this release may be found in the release notes.
JHipster Lite
Version 0.48.0 of JHipster Lite has been released featuring bug fixes, dependency upgrades and new features/enhancements such as: a minimal JDK 21 for the JHipster Lite engine; a new license module to build multiple instances of the JHipsterModule class; and the addition of name and description attributes to the @BusinessContext and @SharedKernel annotations for better documenting contexts and the ability to generate living documentation. More details on this release may be found in the release notes.
Testcontainers for Java
Testcontainers for Java 1.19.2 has been released with notable changes such as: enable HTTP and HTTPS on native for the HttpWaitStrategy class; a new shutdown hook to send a SIGTERM to Moby Ryuk to shutdown sooner than the current default of 10 seconds; and support for the Elasticsearch image from DockerHub.
Arquillian
The release of Arquillian 1.8.0.Final delivers notable changes such as: elimination of a file leak in the RemoteExtensionLoader class; a dependency upgrade to Jetty 9.4.51.v20230217 to resolve the Jetty 8.1.2.v20120308 bypass vulnerability; and a replacement of deprecated JUnit and Arquillian constructors and methods.
Gradle
The third release candidate and second release candidate of Gradle 8.5 deliver continuous improvements on new features such as: full support for compiling, testing and running on JDK 21; improvements in the Kotlin DSL that include faster first use and version catalog support in precompiled Kotlin script plugins; and improved reporting of errors and warnings. More details on these releases may be found in the release notes for version 8.5-RC3 and version 8.5-RC2.