This week's Java roundup for January 15th, 2024, features news highlighting: JEP 455 Proposed to Target for JDK 23, JDK 22 in Rampdown Phase Two, an updated Jakarta EE 11 release plan, GraalVM, and Oracle's Critical Patch Update for January 2024.
OpenJDK
JEP 455, Primitive Types in Patterns, instanceof, and switch (Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP, under the auspices of Project Amber, proposes to enhance pattern matching by allowing primitive type patterns in all pattern contexts, and extend instanceof and switch to work with all primitive types. Aggelos Biboudis, principal member of technical staff at Oracle, has recently published an updated draft specification for this feature. The review is expected to conclude on January 22, 2024.
Ron Pressler, architect and technical lead for Project Loom at Oracle, and Alex Buckley, specification lead for the Java Language and the Java Virtual Machine at Oracle, have submitted JEP Draft 8323072, Deprecate Memory-Access Methods in sun.misc.Unsafe for Removal. This JEP proposes to deprecate the memory-access methods defined in the sun.misc.Unsafe class for removal in a future release. These now unsupported methods have had supported replacements since: JDK 9 for accessing on-heap memory; and JDK 22 for accessing off-heap memory.
JDK 23
Build 6 of the JDK 23 early-access builds was made available this past week featuring updates from Build 5 that include fixes for various issues. More details on this release may be found in the release notes.
JDK 22
Build 32 of the JDK 22 early-access builds was also made available this past week featuring updates from Build 31 that include fixes to various issues. Further details on this build may be found in the release notes.
As per the JDK 22 release schedule, Mark Reinhold, chief architect, Java Platform Group at Oracle, formally declared that JDK 22 has entered Rampdown Phase Two. This means that: no additional JEPs will be added for JDK 22; and there will be a focus on the P1 and P2 bugs which can be fixed via the Fix-Request Process. Late enhancements are still possible, with the Late-Enhancement Request Process, but Reinhold states that "the bar is now extraordinarily high." The final set of 12 features for the GA release in March 2024 will include:
- JEP 423: Region Pinning for G1
- JEP 447: Statements before super(...) (Preview)
- JEP 454: Foreign Function & Memory API
- JEP 456: Unnamed Variables & Patterns
- JEP 457: Class-File API (Preview)
- JEP 458: Launch Multi-File Source-Code Programs
- JEP 459: String Templates (Second Preview)
- JEP 460: Vector API (Seventh Incubator)
- JEP 461: Stream Gatherers (Preview)
- JEP 462: Structured Concurrency (Second Preview)
- JEP 463: Implicitly Declared Classes and Instance Main Methods (Second Preview)
- JEP 464: Scoped Values (Second Preview)
For JDK 23 and JDK 22, developers are encouraged to report bugs via the Java Bug Database.
Jakarta EE
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has announced a change to the targeted Java version for Jakarta EE 11 to support both JDK 21 and JDK 17. As explained by Grimstad:
While this may seem like a significant change, it turns out that it isn't that dramatic. None of the component specifications were actually planning on exposing any Java 21 features in their APIs. The only one close to it was Jakarta Concurrency 3.1, with the planned support for Java virtual threads. But it turns out that careful API design allows for support if the underlying JVM supports it.
The biggest change is for the Test Compatibility Kit (TCK), which must be able to run on both Java 17 and Java 21. The implementations that had moved their code base to Java 21 are also affected to some degree depending on how far they have gotten and how many Java 17+ features they have started using.
As a result, the Jakarta EE release plan for specification milestone releases has been modified to accommodate this change, but Grimstad maintained that the original GA release of Jakarta will remain at the June/July 2024 timeframe.
GraalVM
Oracle Labs has released GraalVM for JDK 21 Community 21.0.2 featuring fixes based on the Oracle Critical Patch Update for January 2024. These include: a simplified implementation of the ValueAnchorNode class; a resolution to a problem with the -XX:+PrintGCSummary command-line parameter if assertions are enabled; and a resolution to prevent failures from System.console().readPassword. More details on this release may be found in the release notes.
BellSoft
Concurrent with Oracle's Critical Patch Update (CPU) for January 2024, BellSoft has released CPU patches for versions 21.0.1.0.1, 17.0.9.0.1, 11.0.21.0.1, 8u401 of Liberica JDK, their downstream distribution of OpenJDK, to address this list of CVEs. In addition, Patch Set Update (PSU) versions 21.0.2, 17.0.10, 11.0.22 and 8u402, containing CPU and non-critical fixes, have also been released.
Spring Framework
The first milestone release of Spring Boot 3.3.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: the removal of APIs that were deprecated in a previous release; support for the Micrometer @SpanTag annotation; and support to auto-configure JwtAuthenticationConverter and ReactiveJwtAuthenticationConverter classes for dedicated Spring Security OAuth2 properties. Further details on this release may be found in the release notes.
The release of Spring Boot 3.2.2 ships with improvements in documentation, dependency upgrades and notable bug fixes such as: the getComment() method called within an instance of the JarEntry class returns incorrect results from instances of the NestedJarFile class; a database connection leak when using jOOQ without the spring.jooq.sql-dialect property having been established; and using the MockRestServiceServerAutoConfiguration class together with the Spring Framework RestTemplate class and RestClient interface throws an incorrect exception. More details on this release may be found in the release notes.
Similarly, the release of Spring Boot 3.1.8 provides improvements in documentation, dependency upgrades and notable bug fixes such as: implementations of the SslBundle interface, PropertiesSslBundle and WebServerSslBundle, do not provide useful toString() results; the mark, ^, that indicates an error in the pattern is misplaced within the log message from a PatternParseException; and mixing PEM and JKS certificate material in the server.ssl properties does not work. Further details on this release may be found in the release notes.
The first milestone release of Spring Security 6.3.0 delivers bug fixes, dependency upgrades and new features such as: a new factory method for the RoleHierarchyImpl class for improved definition of the role hierarchy; a new offset to complement the order attribute within the @EnableMethodSecurity annotation to allow applications to select where the interceptors should be placed; and integrate caching into the HandlerMappingIntrospector class. More details on this release may be found in the release notes.
The first milestone release of Spring Authorization Server 1.3.0 provides dependency upgrades and new features such as: the ability to configurable scope validation strategy in the OAuth2ClientCredentialsAuthenticationProvider class; improved error logging to document an invalid or expired authorization code; and support for multi-tenancy using the path component for the issuer of a certificate. Further details on this release may be found in the release notes.
Versions 1.2.0-M1, 1.1.2 and 1.0.5 of Spring Modulith have been released featuring bug fixes, dependency upgrades and improvements such as: eliminate the use of the deprecated fromDataSource() method defined in the Spring Boot DatabaseDriver enum class; avoid the potential for the ModuleTestExecution class to include modules twice if a module is listed as an extra include but already part of the calculated dependencies; and exclude classes generated by Spring AOT from architecture verification as they might otherwise introduce dependencies to application components considered module internals. More details on these releases may be found in the release notes for version 1.2.0-M1, version 1.1.2 and version 1.0.5.
The first milestone release of Spring Session 3.3.0 ships with dependency upgrades and new features such as: a new ReactiveFindByIndexNameSessionRepository interface to provide an Actuator endpoint for non-indexed session repositories; and a new ReactiveRedisIndexedSessionRepository class to provide a /sessions endpoint for Spring WebFlux applications. Further details on this release may be found in the release notes.
The release of Spring for Apache Pulsar 1.0.2 ships with dependency upgrades and a new Bill of Materials module, spring-pulsar-bom, added to the project. This version will be included in the release of Spring Boot 3.2.2 More details on this release may be found in the release notes.
Helidon
The release of Helidon 4.0.3 delivers notable changes such as: support for the use of Map<String, String> in configured builders to eliminate the use of "complicated" config.detach().asMap() to obtain the child values; restore the access specifiers of the RegistryFactory class and its getInstance() and getRegistry() methods to public for improved backwards compatibility with the 3.x release train; and improved security resulting from the OIDC provider performing authentication against the ID Token first the introduction of an access token refresh mechanism. Further details on this release may be found in the changelog.
Quarkus
The first release candidate of Quarkus 3.7 features notable changes such as: support for the LinkedIn OIDC provider; the ability to observe security events for an authorization check failure or success such that an application could use this to implement a custom security logging mechanism; and support for the Micrometer @MeterTag annotation, making it possible to add additional tags for methods annotated with @Counted and @Timed from method arguments. More details on this release may be found in the release notes.
The Quarkus team has also announced that the Quarkus documentation is now equipped with full-text search that has initially been implemented on the Quarkus Guides page. This replaces the original simple substring search on the title and summary of each guide. This new capability is powered by the Quarkus.io Search application that uses the Hibernate Search extension which provides integration with OpenSearch/Elasticsearch.
Hibernate
The release of Hibernate ORM 6.4.2.Final provides bug fixes and improvements such as: a new CurrentTenantIdentifierResolver interface to allow for non-string tenant identifiers and tenant resolver as a managed bean; and resolutions to the query problem with joined inheritance hierarchy structure and an HQL join entity not generating a delete condition with the use of the @SoftDelete annotation. Further details on this release may be found in the list of issues.
Similarly, the release of Hibernate Reactive 2.2.1.Final ships with notable changes such as: support for the Order class introduced in Hibernate ORM 6.3; support for applying the upsert() method defined in the StatelessSession interface on all databases; and a resolution for issues with out-of-the-box support for arrays of basic Java types. This release is compatible with Hibernate ORM 6.4.1.Final and Vert.x SQL driver 4.5.1. Hibernate Reactive 2.0.8.Final was also released, however despite compatibility with Vertx SQL client 4.5.1, the team has decided to revert the version 2.0.8 upgrade because it was preventing other applications from upgrading to the latest 2.0 version. More details on this release may be found in the release notes.
Apache Software Foundation
The fifth alpha release of Apache Groovy 5.0.0 delivers bug fixes, dependency upgrades and new features/improvements such as: a custom type checker for format strings to find invalid conversion characters, missing parameters, incorrect types and invalid flags; Generate a serialVersionUID for an instance of the Closure class because it implements the Java Serializable interface; and support for matching on a method call that contains variable arguments with the ASTMatcher class. Further details on this release may be found in the release notes.
Similarly, Apache Groovy 4.0.18 has also been released featuring bug fixes, dependency upgrades and improvements such as: the Groovy Docs now list the inherited properties; and a resolution to avoid processing duplicated entries within META-INF folder. More details on this release may be found in the release notes.
The twelfth alpha release of Apache Maven 4.0.0 provides notable changes such as: leveraging the artifact collection filtering and new transitive dependency manager in the Maven Artifact Resolver; use of JLine for improved line editing; and improved consistency during builds by not resolving projects outside the reactor. Further details on this release may be found in the release notes.