BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ
Register Sign in

Unlock the full InfoQ experience

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources.

Log In
or

Don't have an InfoQ account?

Register
News Articles Presentations Podcasts Guides

Topics

Choose your language

Online InfoQ AI Engineering Certification

Production AI calls on retrieval, agents, evals, and infrastructure, checked with peers.
Register Now.

Online InfoQ Architect Certification

Distributed systems, decentralized decisions, platform engineering, and AI architecture.
Register Now.

QCon San Francisco

What's working across AI, architecture, and leadership, from the teams doing it.
Register. Early bird ends July 14.

QCon London

What early-adopter teams have proven in production, across 15 engineering tracks.
Register. Early bird ends July 14.

InfoQ Homepage News Java News Roundup: Spring Tools, Helidon, Open Liberty, TomEE, JobRunr, Hibernate, Commonhaus

Java

Java News Roundup: Spring Tools, Helidon, Open Liberty, TomEE, JobRunr, Hibernate, Commonhaus

Jun 22, 2026 5 min read

Write for InfoQ

Feed your curiosity. Help 550k+ global
senior developers
each month stay ahead.Get in touch
Listen to this article -  0:00

This week's Java roundup for June 15th, 2026, features news highlighting: point releases of Spring Tools, Helidon, JobRunr and Gradle; the June 2026 edition of Open Liberty; the first milestone release of Apache TomEE 11.0; the first beta release of Hibernate ORM 8.0; Quarkus emergency maintenance releases to address CVE-2026-50559; and four open-source projects join the Commonhaus Foundation.

OpenJDK

Version 8.3.0 of the Regression Test Harness for the JDK, jtreg, has been released and ready for integration in the JDK. The most significant changes are: support for JEP 512, Compact Source Files and Instance Main Methods, in main tests; and enhanced support in driver mode for the /native tag and tests using the @enablePreview tag. More details on this release may be found in the release notes.

JDK 27

Build 27 of the JDK 27 early-access builds was made available this past week featuring updates from Build 26 that include fixes for various issues. Further details on this release may be found in the release notes.

JDK 28

Build 3 of the JDK 28 early-access builds was also made available this past week featuring updates from Build 2 that include fixes for various issues. More details on this release may be found in the release notes.

Spring Framework

The release of Spring Tools 5.2.0 delivers bug fixes, an upgrade to the latest release of Eclipse 2026-06 and new features such as: a new, experimental Claude Code Plugin that provides an embedded MCP server and Claude code skills; support for Spring AI; and support for type-safe property references that automatically refactor string-based properties to type-safe references. Further details on this release may be found in the release notes.

Helidon

The release of Helidon 4.5.0 ships with bug fixes and notable changes such as: hardened value encryption in configuration of shared secrets in Helidon Config; a competition of their API stability project that makes use of the annotations defined in the Api class for characterizing constructors as internal, preview, incubating and stable; and a rejection of malformed integers in HPACK header compression for HTTP/2. More details on this release may be found in the release notes.

Open Liberty

The GA release of Open Liberty 26.0.0.6 provides bug fixes and resolutions to these CVEs:

  • CVE-2026-4410, a vulnerability that allows an attacker to send a malicious specially-crafted request to consume an excess of memory resources and cause a denial of service.
  • CVE-2026-5516, a vulnerability that allows an attacker to exploit a specific timing window for bypassing, under limited conditions, security authentication.

These CVEs affect Open Liberty versions 19.0.0.7 through 26.0.0.5 and 22.0.0.11 through 26.0.0.5, respectively.

Apache TomEE

The first milestone release of Apache TomEE 11.0.0 delivers bug fixes, dependency upgrades and new features such as: support for Jakarta EE 11 and MicroProfile 7.1 noting that Apache OpenJPA, a compatible implementation of the Jakarta Persistence specification, is still at Jakarta EE 10; and an improved display of the conf.0008 deployment messages that now include the deployed bean names and bean names declared in ejb-jar.xml file. Further details on this release may be found in the release notes.

JobRunr

The release of JobRunr 8.7.0 ships with bug fixes and new features such as: lazy server initialization that now starts up the BackgroundJobServer and WebServer classes when configured with the Fluent API; improvements to the JobRunr dashboard that adds a link to GitHub release page and defaults to the developer's system color scheme; and the ability to deserialize supported Java Collections via an instance of the Jackson3JsonMapper class. More details on this release may be found in the release notes.

Hibernate

The first beta release of Hibernate ORM 8.0.0 provides notable changes such as: an implementation of the Jakarta Persistence 4.0-M5 specification; a new graph-based flush coordination that "plans insert, update, delete, and collection work using the mapped relational constraints of the domain model;" and the ability to apply row-level security to enforce the visibility rules implied by discriminator-based multi-tenancy on databases (PostgreSQL, Db2, SQL Server and CockroachDB) that support that security feature. Further details on this release may be found in the release notes.

Quarkus

The Quarkus team has provided emergency maintenance releases in the 3.20, 3.27, 3.33. 3.36 and 3.37 release trains to address CVE-2026-50559, a vulnerability related to CVE-2026-39852, a vulnerability where an attacker may use: encoded semicolons (%3B) to smuggle matrix parameters past the security layer; and encoded slashes (%2F) or backslashes (%5C) to access protected static resources.

Commonhaus Foundation

The Commonhaus Foundation, a non-profit organization dedicated to the sustainability of open source libraries and frameworks, has announced that OkHttp, Okio, Retrofit, and SQLDelight have joined the foundation this past week.

As to why they joined Commonhaus as project representatives for all four of these projects, Jesse Wilson and Jake Wharton, stated:

We've been working on our projects for years, and we've built a large community of contributors and users.

When we decided to leave Block [formerly Square, Inc.], we knew we had to be thoughtful about governance. Our users have a lot of trust in us and we want to show them that our projects' new home is dependable.

Commonhaus is stable, predictable, and worthy of that trust. It's already home to the engineers and projects that power our world, and we're proud to join them.

OkHttp, Okio and Retrofit were formerly under the auspices of Block, a company that facilitates various open-source projects.

Gradle

The GA release of Gradle 9.6.0 delivers notable changes such as: improvements to the hit rates of the Configuration Cache by accurately tracking project properties supplied via system properties and environment variables; a new --non-interactive command line option for logging and generated problem reports to disable all interactive console prompting in automated environments; and a deprecation of the Groovy DSL implicit property and method lookup in parent projects that will be removed in Gradle 10.0. More details on this release may be found in the release notes.

About the Author

Michael Redlich

Show moreShow less

Rate this Article

Adoption
Style

This content is in the Java topic

Related Topics:
BT