This week’s Java roundup for June 20, 2022 includes news from OpenJDK, JDK 19, JDK 20, Spring point releases, GlassFish 7.0.0-M6, GraalVM Native Build Tools 0.9.12, Micronaut 3.5.2, Quarkus 2.10. 0, Project Reactor 2022.0.0-M3, Apache Camel Quarkus 2.10.0 and Apache Tika versions 2.4.1 and 1.28.4.
Brian GoetzJava Language Architect at Oracle recently updated JEP Design 828039, Classfile APIto provide background on how this concept will evolve and eventually replace the Java bytecode manipulation and analysis framework, ASM, which Goetz describes as “an old codebase with a lot of legacy baggage.” This JEP proposes to provide an API for parsing, generating and transforming Java class files. This JEP will initially serve as an internal replacement for ASM in the JDK with plans to open it as a public API.
Build 28 of the JDK 19 early access builds was made available last week, featuring: updates from Build 27 with solutions for different issues† More details can be found in the release notes†
Build 3 of the JDK 20 early access builds was also made available last week, featuring: updates from Build 2 with solutions for different issues† Release notes are not yet available.
In front of JDK 19 and JDK 20developers are encouraged to report bugs through the Java bug database†
Spring Boot 2.7.1 has been issued with 66 bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.21, Spring Data 2021.2.1, Spring Security 5.7.2, Reactive Streams 1.0.4, Groovy 3.0.11, Hazelcast 5.1.2 and Kotlin Coroutines 1.6.3 . More details about this release can be found in the release notes†
Spring Boot 2.6.9 has been issued with 44 bug fixes, documentation improvements, and dependency upgrades similar to Spring Boot 2.7.1. More details about this release can be found in the release notes†
VMware has published CVE-2022-22980, Spring Data MongoDB Game Expression Injection Vulnerabilitya vulnerability where a “Spring Data MongoDB application is vulnerable to SpEL injection when in use”
@Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.” Spring Data MongoDB versions 3.4.1 and 3.3.5 addressed this vulnerability.
Spring Data versions 2021.2.1 and 2021.1.5 are issued with upgrades to all Spring Data subprojects, such as: Spring Data MongoDB, Spring Data Cassandra, Spring Data JDBC, and Spring Data Commons. These releases will also be used by Spring Boot 2.7.1 and 2.6.9, respectively, and relate to the aforementioned CVE-2022-22980.
Spring Authorization Server 0.3.1 has been issued with some improvements and bug fixes. However, the team decided to downgrade from JDK 11 to JDK 8 to maintain compatibility and consistency with Spring Framework, Spring Security 5.x, and Spring Boot 2.x. As a result, the HyperSQL (HSQLDB) dependency has also been downgraded to version 2.5.2 because HSQLDB 2.6.0 and later require JDK 11. More details about this release can be found in the release notes†
Spring Security versions 5.7.2 and 5.6.6 are issued with bug fixes and dependency upgrades. Both versions share a new feature in which test samples have been updated to use JUnit Jupiter, an integral part of JUNE 5† More details about these releases can be found in the release notes for: version 5.7.2 and version 5.6.6†
Towards GlassFish 7.0.0, the sixth milestone release was made available by the Eclipse Foundation making some changes related to passing the Technology Compatibility Kit (TCK) for the Jakarta Contexts and Dependency Injection 4.0 and Jakarta Concurrency 3.0 Specifications. However, this landmark release is not over the full Jakarta EE 10 TCK yet. GlassFish 7.0.0-M6, considered a beta version, compiles and runs on JDK 11 through JDK 18. More details about this release can be found in the release notes†
GraalVM Native Build Tools
Towards version 1.0, Oracle Labs it came out version 0.9.12 from Native Build Tools, a GraalVM project consisting of plug-ins for interoperability with GraalVM Native Image. This latest release provides: support documentation for Mockito and Byte Buddy; prevent builds from failing if no test list is provided; support different agent modes in the
native-image Gradle plugin, a groundbreaking change; and support for JVM Reachability Metadata in Maven. More details about this release can be found in the release notes†
The Micronaut Foundation has issued Micronaut 3.5.2 with bug fixes and point releases of the Micronaut Oracle Cloud 2.1.4† Micronaut Email 1.2.3and Micronaut spring 4.1.1 projects. Documentation for the
ApplicationContextConfigurer interface has also been updated with a recommendation for defining a standard Micronaut environment† More details about this release can be found in the release notes†
Red Hat has issued Quark 2.10.0. Finale with: Preliminary work on virtual threads (JEP 425) from Project Loom; support for non-blocking workloads in GraphQL extensions; a dependency upgrade to SmallRye Reactive Messaging 3.16.0; Kubernetes service binding support for Reactive SQL Clients extensions; and a new contract
CacheKeyGenerator to allow customization of generated cache keys of method parameters.
Towards Project Reactor 2022.0.0, the third milestone release has been made available with dependency upgrades for
reactor-addons 3.5.0-M3 and
Apache Camel Quarkus
The Apache Software Foundation has maintained alignment with Quarkus: issued Camel Quarkus 2.10.0 with Camel 3.17.0 and Quarkus 2.10.0.Final. New features include: new extensions, Azure Key Vault and DataSonnet† and removal of deprecated extensions in Camel 3.17.0. More details about this release can be found in the list of problems†
The Apache Tika team has issued version 2.4.1 of their metadata extraction toolkit. Formerly a sub-project of Apache Lucenethis latest version comes with improved customization and configuration such as: add a
stop() method to the
TikaServerCli class so that it can be run with Apache Commons Daemon; pass of allow
Content-Length header to metadata in the
TikaResource class; and support for users to extend system properties from the forking process to forked
Apache Tika 1.28.4 was also issued with security solutions and dependency upgrades. More details in this release can be found in the changelog† The 1.x release train will reach the end of its life on September 30, 2022.