This week’s review of Java for June 20, 2022 includes news from OpenJDK, JDK 19, JDK 20, Spring point editions, GlassFish 7.0.0-M6, GraalVM Native Build Tools 0.9.12, Micronaut 3.5.2, Quarkus, Project 2.10 .0 Reactor 2022.0.0-M3, Apache Camel Quarkus 2.10.0 and Apache Tika versions 2.4.1 and 1.28.4.
OpenJDK
Brian Goetz, a Java language architect at Oracle, recently updated the JEP Draft 828039, Classfile API, to provide basic information on how this draft will evolve and eventually replace the Java byte code manipulation and analysis framework, ASM which JEZ describes as “old code base with a lot of legacy.” This JEP proposes to provide an API for parsing, generating, and transforming Java-class files. open as a public API.
JDK 19
A build 28 of the JDK 19 early access compilations was provided last week, including updates from Build 27 that include fixes for various issues. More details can be found in the notes to the publication.
JDK 20
Release 3 of the JDK 20 early access compilations was also available last week, including updates from Build 2, which includes fixes for various issues. Version notes are not yet available.
For JDK 19 and JDK 20, developers are encouraged to report bugs through the Java bug database.
Spring frame
Spring Boot 2.7.1 has been released with 66 bug fixes, documentation improvements and dependency upgrades such as: Spring Framework 5.3.21, Spring Data 2021.2.1, Spring Security 5.7.2, Reactive Streams 1.0.4, Groovy 3.0.11 , Hazelcast 5.1.2 and Kotlin Coroutines 1.6.3. You can find more details about this edition in the notes to the edition.
Spring Boot 2.6.9 has been released with 44 bug fixes, documentation improvements and dependency upgrades similar to Spring Boot 2.7.1. Further details on this edition can be found in the notes to the edition.
VMware publishes CVE-2022-22980, Spring Data MongoDB SpEL Expression Injection Vulnerability, a vulnerability in which a “Spring Data MongoDB application is vulnerable to SpEL Injection when using @Query or @Aggregation-annotated query methods with SpEL statements that contain a parameter on request substitutes for value binding if the input is not disinfected. ” Spring Data MongoDB versions 3.4.1 and 3.3.5 have resolved this vulnerability.
Versions of Spring Data 2021.2.1 and 2021.1.5 have been released, including upgrades to all Spring Data subprojects such as: Spring Data MongoDB, Spring Data Cassandra, Spring Data JDBC and Spring Data Commons. These editions will also be used by Spring Boot 2.7.1 and 2.6.9, respectively, and will address the aforementioned CVE-2022-22980.
Spring Authorization Server 0.3.1 has been released, including some improvements and bug fixes. However, the team decided to downgrade from JDK 11 to JDK 8 to maintain compatibility and consistency with Spring Framework, Spring Security 5.x and Spring Boot 2.x. As a result, the HyperSQL dependency (HSQLDB) has also been reduced to version 2.5.2, as HSQLDB 2.6.0 and later requires JDK 11. More details on this version can be found in the release notes.
Versions of Spring Security 5.7.2 and 5.6.6 have been released, including bug fixes and dependency upgrades. Both versions share a new feature in which the test cases have been updated to use JUnit Jupiter, an integral part of JUnit 5. Further details on these releases can be found in the release notes for version 5.7.2 and version 5.6.6 .
Eclipse GlassFish
On the way to GlassFish 7.0.0, the sixth important version was provided by the Eclipse Foundation, which delivers a number of changes related to the transition of the Technology Compatibility Kit (TCK) to the specifications of Jakarta Contexts and Dependency Injection 4.0 and Jakarta Concurrency 3.0. However, this important edition has not yet passed the full Jakarta EE 10 TCK. GlassFish 7.0.0-M6, considered a beta version, compiles and runs on JDK 11 to JDK 18. More details on this version can be found in the release notes.
Built-in tools for building GraalVM
On the way to version 1.0, Oracle Labs released version 0.9.12 of Native Build Tools, a GraalVM project consisting of GraalVM Native Image interoperability plug-ins. This latest version provides: support documentation for Mockito and Byte Buddy; preventing compilations from failing if a test list is not provided; supports various agent modes in the Gradle plugin with natural image, critical change; and support for JVM accessibility metadata in Maven. Further details on this edition can be found in the notes to the edition.
micronaut
The Micronaut Foundation has released Micronaut 3.5.2, which includes bug fixes and point editions of the Micronaut Oracle Cloud 2.1.4, Micronaut Email 1.2.3 and Micronaut Spring 4.1.1 projects. The ApplicationContextConfigurer interface documentation has also been updated to include a recommendation on how to define a default Micronaut environment. You can find more details about this edition in the notes to the edition.
Quarkus
Red Hat released Quarkus 2.10.0.Final including: pre-work on virtual threads (JEP 425) from Project Loom; support non-blocking workloads in GraphQL extensions; upgrade dependency to SmallRye Reactive Messaging 3.16.0; support for binding the Kubernetes service for Reactive SQL Clients extensions; and a new CacheKeyGenerator contract that allows customization of generated cache keys from method parameters.
Reactor Project
On the way to Project Reactor 2022.0.0, the third corner edition was provided, including add-on upgrades to reactor-core 3.5.0-M3, reactor-pool 1.0.0-M3, reactor-netty 1.1.0-M3, reactor-addons 3.5 .0-M3 and reactor-kotlin-extensions 1.2.0-M3.
Apache Camel Quarkus
Maintaining compliance with Quarkus, the Apache Software Foundation released Camel Quarkus 2.10.0, containing Camel 3.17.0 and Quarkus 2.10.0.Final. New features include: new extensions, Azure Key Vault and DataSonnet; and remove rejected extensions in Camel 3.17.0. Further details on this release can be found in the list of issues.
Apache Tika
The Apache Tika team has released version 2.4.1 of its metadata retrieval toolkit. Previously a subproject of the Apache Lucene, this latest version comes with improved customization and configuration, such as: adding a stop () method to the TikaServerCli class so that it can run with the Apache Commons Daemon; allow the transition of the Content-Length header to metadata in the TikaResource class; and support for users to extend system properties from the branch process to branched tika-server processes.
Apache Tika 1.28.4 has also been released, including security fixes and dependency upgrades. More details in this version can be found in the change log. The 1.x release train will reach the end of its life on September 30, 2022.
Add Comment