This week’s Java Roundup for November 7, 2022 includes what’s new from OpenJDK, JDK 20, OpenSSL CVEs, Build 20-loom+20-40, Spring Framework 6.0-RC4, Spring Boot 3.0-RC2, Spring Security 6.0-RC2, Spring Cloud 2021.0 .5, WildFly 27, WildFly Bootable JAR 8.1, Quarkus 2.14.0 and 2.13.4, Project Reactor 2022.0, Micrometer Metrics 1.10 and Tracing 1.0, JHipster Lite 0.22.0 and Camel Quarkus 2.14 and 2.13.1.
JEP 432, Record Patterns (Second Preview), promoted by candidate to suggested target Status for JDK 20. This JEP is updated since JEP 405, Record Patterns (Preview) to include: added support for inferencing type arguments of generic record patterns; Added support for record patterns appearing in the header of an extended for statement; and remove support for named record patterns.
JEP 433, Pattern Matching for Switches (Fourth Preview), has been promoted from candidate to suggested target Status for JDK 20. This JEP is updated since JEP 427, Pattern Matching for switch (Third Preview), and includes: a simplified grammar for
switch keywords; and deduction of type arguments for generic type patterns and record patterns is now supported in
switch Expressions and statements along with the other constructs that support patterns.
The next step in a long history of dealing with the inherently uncertain realm
stop(Throwable) Methods defined in the
ThreadGroup classes was defined in JDK-8289610, Degrade Thread.stop. This suggests dismantling the
stop() method in the
Thread Class to throw in unconditionally
UnsupportedOperationException and discard them
ThreadDeath class to remove. This requires updates from Section 11.1.3 of the Java Language Specification and Section 2.10 of the Java Virtual Machine Specification, where asynchronous exceptions are defined.
Build 23 of the JDK 20 Early Access builds was also made available last week and includes updates from Build 22 that include fixes for various issues. See the release notes for more details on this build.
For JDK 20, developers are encouraged to report bugs through the Java Bug Database.
OpenSSL, a commercial, full-featured toolkit for general-purpose cryptography and secure communications projects, has released two Common Vulnerabilities and Exposures (CVE) reports affecting OpenSSL versions 3.0.0 through 3.0.6 that may lead to a denial of service – or remote code execution.
CVE-2022-3602, X.509 Email Address 4-byte Buffer Overflow, would allow an attacker to use a specially crafted email address that could overflow four bytes on the stack.
CVE-2022-3786, X.509 Email Address Variable Length Buffer Overflow, would allow an attacker to create a buffer overflow caused by a malicious email address abusing any number of bytes containing the “
.” characters (decimal 46) on the stack.
BellSoft has reported that OpenJDK distributions, which include Liberica JDK, are not affected by these vulnerabilities as they use their own implementation of TLS. Developers are encouraged to update to OpenSSL version 3.0.7.
Build 20-loom+20-40 of the Project Loom Early Access builds has been made available to the Java community and is based on Build 22 of the JDK 20 Early Access builds. This build also includes a snapshot of the ScopedValue API currently under development in JEP 429, Scoped Values (Incubator). It is important to note that JEP 429, originally called Extent-Local Variables (Incubator), was renamed in mid-October 2022.
The fourth Spring Framework 6.0.0 release candidate ships with new features including: support for the Jakarta WebSocket 2.1 specification; the introduce
DataFieldMaxValueIncrementer Interface for SQL Server sequences; and present a variant of the
findAllAnnotationsOnBean() method on the
ListableBeanFactory Interface for maintenance and possible reuse when retrieving annotations. There were also dependency upgrades to Micrometer 1.10.0, Micrometer Context Propagation 1.0.0, and Jackson 2.14.0. For more details about this release, see the release notes.
The second Spring Boot 3.0.0 release candidate has changes
/actuator Endpoints and dependency upgrades to Jakarta EE specifications such as: Jakarta Persistence 3.1, Jakarta Servlet 6.0.0, Jakarta WebSocket 2.1, Jakarta Annotations 2.1, Jakarta JSON Binding 3.0 and Jakarta JSON Processing 2.1. For more details about this release, see the release notes.
The second release candidate of Spring Security 6.0.0 delivers: a new one
addFilter() method to
SpringTestContext Class that allows a Spring Security probe to specify a filter; tea
createDefaultAssertionValidator() method in the
OpenSaml4AuthenticationProvider class should make it easier to add static parameters to the
ValidationContext Class; and numerous improvements in the documentation. For more details about this release, see the release notes.
Spring Cloud 2021.0.5 codenamed Jubilee has been released and includes upgrades for the sub-projects such as: Spring Cloud Kubernetes 2.1.5, Spring Cloud Config 3.1.5, Spring Cloud Function 3.2.8, Spring Cloud Config 3.1.5 and Spring Cloud Openfool 3.1.5. For more details about this release, see the release notes.
Red Hat has provided major and point releases of WildFly and Quarkus.
The WildFly 27 release adds support for Jakarta EE 10, MicroProfile 5.0, JDK 11, and JDK 17. There are also dependency upgrades for Hibernate ORM 6.1, Hibernate Search 6.1, Infinispan 14, JGroups 5.2, RESTEasy 6.2, and Weld 5. WildFly 27 is a compliant implementation for Jakarta EE 10 that has passed the TCKs in the Platform, Web and Core profiles. Jakarta EE 8 and Jakarta EE 9.1 are no longer supported. InfoQ will follow with a more detailed message.
WildFly Bootable JAR 8.1 was released with support for JDK 11, examples updated to use Jakarta EE 10, and a remote control
dev-watch. See the documentation for more details about bootable JAR.
Red Hat has released Quarkus 2.14.0.Final, which includes: support for Jandex 3, the class and annotation indexer; new Redis commands supporting JSON, graph and probabilistic data structures; and caching annotations for Infinispan. See the changelog for more details about this release.
Red Hat has also released Quarkus 2.13.4 Final, which includes: a minimum version of GraalVM 22.3; Dependency upgrades to JReleaser 1.3.0 and Mockito 4.8.1; and improvements like programmatic support
multipart/form-data Answers. See the changelog for more details about this release.
On the road to Quarkus 3.0, Red Hat plans to support: Jakarta EE 10; MicroProfile 6.0; Hibernation ORM 6.0; HTTP/3; improved virtual threads and structured concurrency support based on their initial integration; a new gRPC server; and an overhauled dev UI. InfoQ will follow with a more detailed message.
Project Reactor 2022.0.0 was released with upgrades for sub-projects: Reactor Core 3.5.0, Reactor Addons 3.5.0, Reactor Pool 1.0.0, Reactor Netty 1.1.0, Reactor Kafka 1.3.13, and Reactor Kotlin Extensions 1.2.0.
The Micrometer Metrics 1.10.0 release adds support for: Jetty 11; Creating instances of
KeyValues class of each iterable; Kotlin coroutines, allow different metric prefixes in the
StackdriverMeterRegistry Class; and a news provider in the
WarnThenDebugLogger reduce class
String Instance creation when debug level is not enabled.
The release of Micrometer Tracing 1.0.0 provides the following features: Setting up the Context Propagation library as a compile-time dependency to avoid having to explicitly define it in the classpath; support for
RemoteServiceAddress in sender/receiver contexts; a handler that enables tracking of data available for metrics; and setting an error status on an OpenTelemetery span when recording an exception.
JHipster Lite 0.22.0 was released with an upgrade to Spring Boot 3.0, a new PostgreSQL dialect module; a refactor of
AsyncSpringLiquibaseTest Class; Fix the dependency declaration of database drivers and developer tools; and remove the JPA properties that don’t change the default values.
Apache Software Foundation
To maintain alignment with Quarkus, version 2.14.0 of Camel Quarkus was released, which aligns with Camel 3.19.0 and Quarkus 2.14.0.Final. It has full support for new extensions, CloudEvents and Knative, and brings JVM support to the DSL modeline. See the Issues List for more details about this release.
Similarly, Camel Quarkus 2.13.1 was released, which ships with Camel 3.18.3, Quarkus 2.13.3.Final and several bug fixes.
#Java #News #Roundup #WildFly #Spring #Release #Candidates #JEPs #JDK #Project #Reactor