This week's Java roundup for February 3rd, 2025, features news highlighting: the first beta release of LangChain4j 1.0; versions 1.27.0 and 1.28.0 of JHipster Lite; GlassFish 7.0.22; and versions 2025.0.0 and 2024.0.1 of Spring Cloud Stream Applications.
JDK 24
Build 36 of the JDK 24 early-access builds was made available this past week featuring updates from Build 35 that include fixes for various issues. Further details on this release may be found in the release notes.
JDK 25
Build 9 of the JDK 25 early-access builds was also made available this past week featuring updates from Build 8 that include fixes for various issues. More details on this release may be found in the release notes.
For JDK 24 and JDK 25, developers are encouraged to report bugs via the Java Bug Database.
GlassFish
GlassFish 7.0.22, the twenty-second maintenance release, delivers bug fixes, dependency upgrades and improvements such as: mask password attribute names from the CommandInvokedEvent class and command logger; and the addition of Add-Opens and Add-Exports attributes to GlassFish static shell for compatibility with newer Java versions, GlassFish Embedded and GlassFish JVM options. More details on this release may be found in the release notes.
GraalVM
Oracle Labs has released version 0.10.5 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides notable changes such as: support for using a comprehensive reachability-metadata.json file, introduced in the latest version of GraalVM, due to tests failing with an instance of the JavaApplicationWithAgentFunctionalTest class that have previously expected separate metadata files; and a resolution to the Native Build Tools Gradle plugin failing due to the existence of the temporary access-filter.json file. Further details on this release may be found in the changelog.
Oracle Labs has also released version 4.7.3.1 of the Graal Development Kit featuring alignment with Micronaut 4.7.3. This new release features: an enhanced security with their software supply chain that includes validation of Maven artifacts built from source code against their equivalent versions on Maven Central; and updates to the GDK Launcher and GDK CLI. Formerly known as Graal Cloud Native, the Graal Development Kit for Micronaut provides a curated set of Micronaut framework modules that simplify cloud application development. More details on this release may be found in the release notes.
Spring Framework
The release of Spring Cloud Stream Applications 2025.0.0 and 2024.0.1 ship with dependency upgrades to Spring Boot 3.4.2/Spring Cloud 2024.0.0 and Spring Boot 3.3.8/Spring Cloud 2023.0.5, respectively along with other notable changes such as: support for Micrometer Tracing; and a new property, enableSecurityScan, added to the common.yml file to manage execution of a Trivy security scan set to a default value of false. More details on these releases may be found in the release notes for version 2025.0.0 and version 2024.0.1.
Micronaut
The Micronaut Foundation has released version 4.7.5 of the Micronaut Framework featuring Micronaut Core 4.7.13, bug fixes and patch updates to modules: Micronaut Security, Micronaut Validation, Micronaut Maven Plugin, Micronaut Kafka, Micronaut Test Resources and Micronaut Discovery Client. Further details on this release may be found in the release notes.
Quarkus
Quarkus 3.18.2, the first maintenance release (Quarkus 3.18.0 was skipped), features dependency upgrades and notable changes such as: a resolution to a NullPointerException from Hibernate ORM upon a problem establishing a connection to a data source; and ensure that the copied native executable has the appropriate Unix executable permissions when copied from the host to the container image. More details on this release may be found in the changelog.
WildFly
WildFly 35.0.1, the first maintenance release, provides dependency upgrades and resolutions to notable issues such as: a NullPointerException and a two-phase commit without any error in the log due to race condition between one thread committing a transaction while another thread is performing a recovery; and a NoClassDefFoundError due to the use of the server=name:import-journal sub-command while exporting a file with Enterprise Application Platform (EAP) 8.
LangChain4j
The first beta release of LangChain4j 1.0.0 features numerous breaking changes such as the deprecation of the overloaded generate() methods, defined in the ChatLanguageModel interface, in favor of the experimental overloaded chat() methods that will ultimately become part of a new Chat API. Other notable changes include: a more generic McpTransport interface by integrating most operations into the executeOperationWithResponse() and executeOperationWithoutResponse() methods instead of a separate method for each operation; and a refactor of the ToolExecution class to encapsulate configuration and execution of all tools and introduce a strategy for tool hallucinations. The team plans a GA release in Q12025. More details on this release may be found in the release notes.
JHipster
Versions 1.28.0 and 1.27.0 of JHipster Lite (announced here and here, respectively) ship with many dependency upgrades, most notably Vitest 3.0.5 to fix a critical security issue, CVE-2025-24964, an arbitrary Remote Code Execution vulnerability when a user accesses a malicious website while the Vitest API server is listening by Cross-Site WebSocket Hijacking (CSWSH). More details on these releases may be found in the release notes for version 1.28.0 and version 1.27.0
JDKUpdater
Version 14.0.73+109 of JDKUpdater, a utility that provides developers the ability to keep track of updates related to builds of OpenJDK and GraalVM, has been made available this past week. Introduced in mid-March 2024 by Gerrit Grunwald, principal engineer at Azul, this release provides two new features: an initial set of CVEs because accessing the National Vulnerability Database (NVD) is sometimes not reliable; and a change to not replace an existing CVE file, but to upsert with data from NVD. Further details on this release may be found in the release notes.
Keycloak
The release of Keycloak 26.1.1 ships with bug fixes and new features: a new option, x509-cert-auth-crl-abort-if-non-updated, in the X.509 authenticator to abort the login if the Certificate Revocation List (CRL) is configured to validate the certificate and the CRL is not updated in the time specified; and a new option, force-login, in the reset-credential-email (send reset email) authenticator to terminate the session and force a new login. More details on this release may be found in the release notes.
Jox
The release of Jox 0.4.0, a virtual threads library that implements an efficient Channel data structure in Java designed to be used with virtual threads, features notable changes such as: a restructured Channel class that changes the constructor to private access along with new factory methods; and a move of the scoped value determining the channel buffer size from an instance of the Channel class to an instance of the Flow class. More details on this release may be found in the release notes.