OpenJDK has recently released a progress update, JEP 473 – Stream Gatherers (Second Preview), which not long after becoming a candidate feature, has now progressed to the Proposed to Target status. This JDK proposal, following JEP 461 – Stream Gatherers (First Preview) released in JDK 22, is now welcoming its second preview. This upgrade is aimed at providing more time to gather feedback, and to give users the opportunity to experience the feature more fully, without making any user-facing changes to JEP 461. The core of this feature is to strengthen the Stream API by supporting custom intermediate operations – a way to transform data streams that cannot be easily done with existing built-in intermediate operations.
For further details on Stream Gatherers, one can refer to its original design document and corresponding news reports. The review period for this feature is expected to end on April 16, 2024.
In the meantime, JEP 469 – Vector API (Eighth Incubator), has also been upgraded from candidate status to Proposed to Target status in JDK 23. This version of the Vector API combines feedback and enhancement features accumulated since JDK 16 through seven incubations. Considering the original plan to incubate multiple times, the final decision is to continue enumerating incubations. The Vector API will continue to be trialed and improved until the key features in the Valhalla project can be implemented as preview features. At that time, the development team will adjust the Vector API and its implementation to work with these features and will promote the Vector API from the incubation phase to the preview phase. This review will also close on April 16, 2024.
Additionally, JEP 475 – Late Barrier Expansion for the G1 Garbage Collector, has been raised from a draft to a candidate stage, marking a significant step forward in its development process.
To simplify the implementation of G1 garbage collector barriers, a proposal is presented to optimize the work of the G1 garbage collector from the early stages of the C2 JIT compilation pipeline to later stages. These barriers are responsible for recording relevant information about application memory accesses, and optimizing this process later in the pipeline can effectively reduce the execution time of C2 JIT compilation when using the G1 collector.
JDK 23 recently released Build 18 of its early access builds, which is an update patch to the previous Build 17, inclusive of fixes for multiple issues. Details of the update can be found in the release notes.
In the Spring Framework, the first milestone version 6.2.0 brought several updates, including bug fixes, documentation improvements, dependency upgrades, and the introduction of new features. Notably, the following updates are significant: the use of the Jakarta Pages VariableResolver interface in the JspPropertyAccessor to replace the deprecated Jakarta Expression Language ELContext class; the DefaultMessageListenerContainer class has been enhanced with support for first-tier virtual threads; the LocalEntityManagerFactoryBean class now has configurations and exposure settings for the Java DataSource interface. More detailed information about this release can be found in its release notes.
In the meantime, several other versions of the Spring Framework have also been released: 6.1.6, 6.0.19, and 5.3.34. The release of these versions is primarily to address the security vulnerability CVE-2024-22262, which arises from applications using the UriComponentsBuilder class to parse URLs provided externally and perform validation checks on the parsed URL host. If the URL is further used after passing the verification, it may be susceptible to open redirection attacks or server-side request forgery (SSRF) attacks. This CVE is of the same type of security risk as CVE-2024-22259 and CVE-2024-22243 but involves different input variables. These versions also introduced new feature enhancements and compatibility support, including changes to the getResultSetValue() method defined in the JdbcUtils class for database drivers, which no longer supports log column types; the TypeDescriptor class no longer clones empty arrays of the Annotation interface instances; and the getBeanProvider() method defined in the DefaultListableBeanFactory class now provides better generic support for FactoryBean types. Detailed update information can also be found in their respective release notes.
Spring Data 2024.0.0 first release candidate brought a wealth of new features, primarily including support for value expressions, which aims to optimize the processing of expressions in entity and property annotations, making it more consistent with Spring Framework’s @Value annotation. This version also implements compatibility with the new version of the MongoDB 5.0 driver, which has removed previously deprecated APIs.
Furthermore, a series of sub-projects have also been upgraded, including:
- Spring Data Commons 3.3.0-RC1
- Spring Data MongoDB 4.3.0-RC1
- Spring Data Elasticsearch 5.3.0-RC1
- Spring Data Neo4j 7.3.0-RC1
Detailed upgrade information and improvements for all relevant sub-projects can be found in their respective release notes.
In addition, Spring Data 2023.1.5 and 2023.0.11 versions have also been released, mainly providing a series of bug fixes and dependency upgrades, involving sub-projects including:
- Spring Data Commons 3.2.5 and 3.1.11
- Spring Data MongoDB 4.2.5 and 4.1.11
- Spring Data Elasticsearch 5.2.5 and 5.1.11
- Spring Data Neo4j 7.2.5 and 7.1.11
These released versions are expected to be integrated into the upcoming Spring Boot 3.2.5 and 3.1.11.
At the same time, Spring HATEOAS versions 2.3.0-RC1, 2.2.2, and 2.1.5 have been released, focusing on upgrading to the latest version of Spring Framework, addressing some key security vulnerabilities, such as CVE-2024-22262, and upgrading dependencies on Project Reactor 2023.0.5 and Lombok 1.18.32.
The Spring Builders program was also introduced as an environment for Spring framework developers to learn, communicate, and showcase Spring-related work.
Payara Platform launched two new versions in April 2024: Community Edition 6.2024.4 and Enterprise Edition 6.13.0. Both versions focused on security upgrades, specifically fixing the CVE-2023-4043 vulnerability, which allows attackers to parse JSON from untrusted sources and exploit built-in support for large-scale number parsing, leading to unexpectedly long processing times.
Open Liberty has rolled out a new iteration with remarkable updates. IBM has introduced the version 24.0.0.4-beta of this technology, which has made prominent enhancements in functionality. It has introduced support for JDK 22 and updated the preview version of Jakarta Data. A particular introduction in this round of updates is the static metamodel embedded with the latest release of version 1.0.0-M3. This improvement brings strengthened type safety and a new feature that allows the definition of repository find methods through the @find annotation.
Micronaut Foundation is not falling behind, announcing the release of Micronaut Framework version 4.3.8. This version focuses on both heritage and innovation, including updates to Micronaut Core 4.3.14, as well as bug fixes, advancements in documentation, and updates to modules—especially Micronaut Security and Micronaut SQL Libraries. These updates together constitute a step in the stable development of the Micronaut framework.
Quarkus maintains its dynamism with the launch of Quarkus version 3.9.3. Even though it skipped version 3.9.0, the release remains noteworthy. Version 3.9.3 of Quarkus has corrected a range of issues, including the problem of inaccessible static resources in the app when custom implementations of REST and servlet based on the Jakarta RESTful Web Services ExceptionMapper interface were present; it also fixed the issue where failing to route to index.html resulted in directories displaying a 404 HTTP status code.
The debut of Helidon version 4.0.7 has also brought attention-worthy improvements. It fixed the issue of the OidcFeature class throwing NullPointerExceptions when instances were disabled; corrected the behavior of appropriately returning Optional.empty() when there is no current OpenTelemetry span; additionally, when creating a list through the builder pattern or instances, it optimized the strategy to avoid the use of repetitive default values.
WildFly also demonstrated continuous progress by releasing the first Beta version of 32. This version not only fixed defects from previous versions but also upgraded components and brought the required improvements. Notable enhancements include the integration of OWASP’s Dependency-Check plugin into WildFly’s build process and the optimization of references to the Jakarta Annotations @ManagedBean annotation, marked as optional or completely removed. Also worth mentioning is that some outdated quick-start examples were cleared to maintain the project’s modernity and practicality.
Apache TomEE 10.0.0 Milestone Release:
The Apache TomEE 10.0.0 introduced its first milestone release, bringing a series of new dynamics. This version includes multiple bug fixes, dependency upgrades, and the addition of new features. Highlights among the features include an example of a MicroProfile OpenAPI Reader and enhanced logging functionality in the event of class loading failures. Additionally, this version also provides a solution to the security vulnerability CVE-2023-35116, which was previously found in Jackson Databind 2.15.2 and earlier, involving attackers exploiting cyclic dependencies to create objects that could lead to a denial of service.
Micrometer Metrics Update:
The 1.13.0-RC1 version of Micrometer Metrics brought new dependency upgrades and features. Users can now customize Prometheus properties via the PrometheusConfig interface; upon startup, the system announces the discovery of OtlpMeterRegistry class instance configuration; moreover, new constructors were introduced, paired with the WarnThenDebugLogger class, to log metadata discrepancies when they occur.
But that’s not all, versions 1.12.5 and 1.11.11 of Micrometer Metrics likewise provided dependency upgrades and new features, such as unifying the descriptions of identical instrument names in the Log4j2Metrics class. Additionally, the DefaultUriMapper and PoolingHttpClientConnectionManagerMetricsBinder classes in the httpcomponents package were deprecated, filling in a previously missing link.
Micrometer Tracing Update:
Micrometer Tracing has also been updated, including versions 1.3.0-RC1, 1.2.5, and 1.1.12, which depend on Micrometer Metrics versions 1.13.0-RC1, 1.12.5, and 1.11.11 respectively. This series of updates maintains synchronized component upgrades and continues to optimize integration.
Project Reactor 2024.0.0 Milestone Release:
In the Project Reactor 2024.0.0 milestone release, users will experience the upgraded dependencies of reactor-core 3.7.0-M1 and reactor-netty 1.2.0-M1, advancing the project further.
The new release information for Project Reactor indicates that a series of optimizations have been made for version 2024.0.0-M1. This includes maintaining version stability for components such as reactor-kafka 1.4.0-M1, reactor-pool 1.1.0-M1, reactor-addons 3.6.0-M1, and reactor-kotlin-extensions 1.3.0-M1. More details about this update can be found in the official changelog.
Furthermore, Project Reactor 2023.0.5 release, as the fifth maintenance version, involves enhancements to two dependencies: reactor-core 3.6.5 and reactor-netty 1.1.18. It is worth noting that components such as reactor-kafka 1.3.23, reactor-pool 1.0.5, reactor-addons 3.5.1, and reactor-kotlin-extensions 1.2.2 remain unchanged in their versions. Users interested in this upgrade are welcome to review the related changelog for detailed information.
Moreover, Project Reactor 2022.0.18 release, as the eighteenth maintenance version, has updated reactor-core 3.5.16 while maintaining stability for components like reactor-kafka 1.3.23, `reactor-pool 1.0.5`, `reactor-addons 3.5.1`, and `reactor-kotlin-extensions 1.2.2`. Detailed version changes can also be found in the official changelog.
The last release involves Project Reactor 2020.0.43 (codenamed Europium-SR43), which mainly provided dependency upgrades for reactor-core 3.4.37 and reactor-netty 1.0.44. In this version, the versions of components such as reactor-kafka 1.3.23, reactor-pool 0.2.12, reactor-addons 3.4.10, reactor-kotlin-extensions 1.1.10, and reactor-rabbitmq 1.5.6 remain unchanged. Detailed updates can be learned from the corresponding change logs.
In the second candidate release of Hibernate ORM 6.5.0, a range of bug fixes and feature improvements were covered. These include: the optimized use of Java time objects and time zone offsets, which can now be serialized directly through JDBC drivers implementing JDBC 4.2; the introduction of a new layout for configuring the storage format of query results in the query cache; and the added support for using Java record types as parameters through the Jakarta Persistence @IdClass annotation.
In the latest Hibernate Search maintenance version update, developers will discover a series of crucial improvements. For versions 7.1.1.Final, 7.0.1.Final, and 6.2.4.Final, the important update focus includes dependency upgrades and some significant changes. One significant change is the correction of misleading error messages regarding the minimum version of Elasticsearch required for vector search capabilities. Furthermore, they resolved large-scale indexing challenges that might be encountered in ORM discriminator-based multi-tenancy scenarios. At the same time, the development team also corrected differences between the Java versions supported in the reference documentation.
For detailed information about the new versions, developers can consult the corresponding release notes. Additionally, the Hibernate team has also announced that it has officially joined the Commonhaus Foundation, a new foundation aimed at providing support for various projects.
For JobRunr, after going through two candidate release versions, version 7.0 is now officially open to the Java community. This version introduces a range of new features and brings significant improvements. Among them is the default-enabled support for virtual threads, which is particularly noticeable when using JDK 21. The InMemoryStorageProvider class now allows polling intervals to be reduced to 200 milliseconds, making it perform better in test environments. The BackgroundJobServer class now has new functionality to configure its shutdown cycle. However, there are also some breaking changes, such as the delete(String id) method in the JobScheduler class has been renamed to deleteRecurringJob(String id); at the same time, the StorageProvider interface and the new features contained in the Page and PageRequest classes have also been updated. For detailed information, please refer to the release notes.
In its 15.0.1.Final version, Infinispan introduced some notable changes as the first maintenance release of that series. Significantly, it avoids server shutdown when there are issues with Infinispan Insights, and addresses the problem where the SoftIndexFileStore API might point to non-existent data locations when clearing indexes. More related updates can be found in the change log.
With the release of Piranha 24.4.0, developers will see many major updates. For example, the coreprofile start, coreprofile run, and coreprofile stop commands were introduced in the Piranha CLI. In addition, Payara Uber has been renamed to Payara Fin, which means developers can now run all necessary content within a single JAR file. Moreover, the –https-keystore-file and –https-keystore-password parameters have been exposed to the Maven plugin.
JDKUpdater has announced the release of versions 14.0.39+63 and 14.0.39+61, this utility offers convenience for developers in tracking updates for OpenJDK and GraalVM builds. These versions were launched by Azul’s Chief Engineer Gerrit Grunwald in mid-March. This update includes:
- Preliminary download functionality, supporting developers to download JDKs from different vendors.
- SVG format menu bar icons, which can automatically change according to the color of the menu bar text.
- The switch operations for SDKMAN!, JBang, Homebrew, and Nix have been moved to independent screen settings.
For more details, please refer to the respective release notes.
On April 10, 2024, as an automation tool for releasing Java and non-Java projects, JReleaser celebrated its third anniversary. Created by Andres Almiray, a senior principal product manager at Oracle, it aims to simplify the build release process and distribute builds across multiple package managers, offering a rich set of customizable options. To celebrate this milestone, JReleaser announced its entry into the Commonhaus foundation.
Apache Groovy has released versions 5.0.0-alpha-8 and 4.0.21. These releases include bug fixes, dependency upgrades, and some new feature improvements:
- Additional support for JDK 23.
- A new abstract class instance for Closure, enhancing the execute method’s five variants of SQL metadata access.
For detailed information, refer to the release notes of the relevant versions.
The latest version of JHipster 8.3.0 brings bug fixes, upgraded support for Spring Boot 3.2.4 and Gradle 8.7, and significant changes:
- Replaced jhipster-dependencies with support for Spring Boot’s dependency management.
- Experimental support for Spring Cloud Gateway MVC.
- Improved caching of the Spring context during tests.
For detailed version updates, please refer to the release notes.
JetBrains has released version 2.3.10 of the Ktor framework, suitable for creating microservices and web applications, this upgrade involves improvements and fixes:
- Resolved an inconsistency where Netty returned null or an empty string for query parameters with no value.
- Added support for IPv6 addresses in NettyConnectionPoint and CIOConnectionPoint classes.
- Added support for the ZIP64 format, surpassing the traditional limit of 65,535 entries.
The Commonhaus Foundation is a newly established non-profit organization focused on supporting the continued development of open-source libraries and frameworks. The foundation was recently introduced to the Java community with the aim of providing succession planning and financial support for independent open-source projects. Its mission is to empower a community of developers, contributors, and users to create, maintain, and advance the development of open-source libraries and frameworks, ensuring their long-term growth and stability through shared governance and community collaboration. The founding members of the foundation include Red Hat’s distinguished engineer Erin Schnabel, Lumigo OpenTelemetry architect Ken Finnigan, and GitLab senior technical marketing manager Cesar Saavedra, who will serve as the foundation’s chair, board member, and treasurer respectively. Since the foundation’s inception, the open-source projects that have joined include well-known projects such as Hibernate, Jackson, OpenRewrite, JBang, JReleaser, and Morphia.
Last week, the 20th Devnexus conference opened grandly at the Georgia World Congress Center in Atlanta, Georgia. The conference attracted many members of the Java community and featured workshops and talks on a range of topics such as Jakarta EE, the Java platform, core Java, architecture, cloud infrastructure, and security. Devnexus is organized by the Atlanta Java Users Group (AJUG), originating from the DevCon in 2004 and officially named Devnexus since 2010. During the conference, the organizers conducted one-on-one live interviews with speakers who were interested in the topics. These interviews were named “DevOps Speakeasy” and “Build Propulsion Lab,” hosted by employees representing JFrog and Gradle, respectively. Gradle’s developer advocate Brian Demers interviewed Endor Labs’ solutions architect Matt Brown, and content from this session has been published.
