WildFly 27, Spring Release Candidates, JEPs for JDK 20, Project Reactor
This week’s Java Roundup for November 7, 2022 includes what’s new from OpenJDK, JDK 20, OpenSSL CVEs, Build 20-loom+20-40, Spring Framework 6.0-RC4, Spring Boot 3.0-RC2, Spring Security 6.0-RC2, Spring Cloud 2021.0.5, WildFly 27, WildFly Bootable JAR 8.1, Quarkus 2.14.0 and 2.13.4, Project Reactor 2022.0, Micrometer Metrics 1.10 and Tracing 1.0, JHipster Lite 0.22.0 and Camel Quarkus 2.14 and 2.13.1.
JEP 432, Capture pattern (second preview)was promoted by candidate to suggested target Status for JDK 20. This JEP is updated since JEP 405, Capture pattern (preview)to include: added support for inferring type arguments of generic record patterns; Added support for record patterns appearing in the header of an extended for statement; and remove support for named record patterns.
JEP 433, Pattern matching for switches (fourth preview)was promoted by candidate to suggested target Status for JDK 20. This JEP is updated since JEP 427, Pattern Matching for Switch (Third Preview)included: a simplified grammar for
switch labels; and deduction of type arguments for generic type patterns and record patterns is now supported in
switch Expressions and statements along with the other constructs that support patterns.
The next step in a long history of dealing with the inherently uncertain realm
stop(Throwable) Methods defined in the
ThreadGroup classes , was defined in JDK-8289610, Reduce Thread.stop. This suggests dismantling the
stop() method in the
Thread Class to throw in unconditionally
UnsupportedOperationException and discard them
ThreadDeath class to remove. This requires updates for Section 11.1.3 the Java Language Specification and Section 2.10 the Java Virtual Machine Specification, where asynchronous exceptions are defined.
23 build of the JDK 20 Early Access Builds was also made available last week, with Update of Build 22, which includes fixes for various expenditure. More details on this build can be found in the Release Notes.
OpenSSLa commercial, full-featured toolkit for general-purpose cryptography and secure communications projects released Two Common Vulnerabilities and Exposures (CVE) reports affecting OpenSSL versions 3.0.0 through 3.0.6 that may lead to a denial of service or remote code execution.
CVE-2022-3602, X.509 email address 4-byte buffer overflowwould allow an attacker to use a specially crafted email address that could overflow four bytes on the stack.
CVE-2022-3786, Buffer overflow in X.509 variable-length email addresseswould allow an attacker to create a buffer overflow caused by a malicious email address abusing any number of bytes containing the “
.” characters (decimal 46) on the stack.
BellSoft has reported that OpenJDK distributions that include Liberica JDK are not affected by these vulnerabilities as they use their own implementation of TLS. Developers are encouraged to update to OpenSSL version 3.0.7.
Build 20-Loom+20-40 of Project Loom Early Access Builds was made available to the Java community and is based on build 22 of JDK 20 Early Access builds. This build also includes a snapshot of the ScopedValue APIcurrently developed in JEP 429, Range Values (Incubator). It is important to note that JEP was 429, originally called Extent-Local Variables (Incubator). renamed Mid-October 2022.
That Fourth Release Candidate from spring frame 6.0.0 ships with new features such as: B.: Support for the Jakarta WebSocket 2.1 Specification; introduces them
DataFieldMaxValueIncrementer Interface for SQL Server sequences; and presents a variant of the
findAllAnnotationsOnBean() method on the
ListableBeanFactory Interface for maintenance and possible reuse when retrieving annotations. There were also dependency upgrades too Micrometer 1.10.0, Micron context propagation 1.0.0 and Jackson 2.14.0. More details about this release can be found in the Release Notes.
That second release candidate from spring boots 3.0.0 offers changes
/actuator Endpoints and dependency upgrades to Jakarta EE specs such as: Jakarta persistence 3.1, Jakarta servlet 6.0.0, Jakarta WebSocket 2.1, Notes on Jakarta 2.1, Jakarta JSON Binding 3.0and Jakarta JSON Processing 2.1. More details about this release can be found in the Release Notes.
That second release candidate from spring security 6.0.0 delivers: a new one
addFilter() method to
SpringTestContext Class that allows a Spring Security probe to specify a filter; the
createDefaultAssertionValidator() method in the
OpenSaml4AuthenticationProvider class should make it easier to add static parameters to the
ValidationContext Class; and numerous improvements in the documentation. More details about this release can be found in the Release Notes.
spring cloud 2021.0.5 codenamed Jubilee released with upgrades for the sub-projects like: Spring Cloud Kubernetes 2.1.5, Spring Cloud Config 3.1.5, Spring Cloud Function 3.2.8, Spring Cloud Config 3.1.5 and Spring Cloud Openfeign 3.1.5. More details about this release can be found in the Release Notes.
That publication from Wild Fly 27 adds support for Jakarta EE 10, MicroProfile 5.0, JDK 11 and JDK 17. There are also dependency upgrades too Hibernate ORM 6.1, Hibernate Search 6.1, infinity 14, JGroups 5.2, Sleep calmly 6.2 and welding 5. WildFly 27 is a compatible implementation for Jakarta EE 10 that has passed the TCKs in platform, network and core profiles. Jakarta EE 8 and Jakarta EE 9.1 are no longer supported. InfoQ will follow with a more detailed message.
WildFly Bootable JAR 8.1 released with support for JDK 11, examples after upgrading to Jakarta EE 10 and a remote control
dev-watch. For more details about bootable JAR, please refer to the documentation.
RedHat has released Quarkus 2.14.0.Final, which ships with: support for Jandex 3, the class and annotation indexer; new Redis commands supporting JSON, graph and probabilistic data structures; and caching annotations for Infinispan. More details about this release can be found in the changelog.
Red Hat has too released Quarkus 2.13.4.Final includes: a minimum version of GraalVM 22.3; Dependency upgrades to JReleaser 1.3.0 and Mockito 4.8.1; and improvements such as support programmatically
multipart/form-data Answers. More details about this release can be found in the changelog.
On the Path to Quarkus 3.0, Red Hat plans to support: Jakarta EE 10; MicroProfile 6.0; Hibernation ORM 6.0; HTTP/3; improved virtual threads and structured concurrency support based on their initial integration; a new gRPC server; and an overhauled dev UI. InfoQ will follow with a more detailed message.
project reactor 2022.0.0 was released with subproject upgrades: Reactor Core 3.5.0, Reactor Addons 3.5.0, Reactor Pool 1.0.0, Reactor Netty 1.1.0, Reactor Kafka 1.3.13 and Reactor Kotlin Extensions 1.2.0.
That publication from Micrometer Metrics 1.10.0 adds support for: Jetty 11; Creating instances of
KeyValues class of each iterable; Kotlin coroutines that use different metric prefixes in the
StackdriverMeterRegistry Class; and a news provider in the
WarnThenDebugLogger reduce class
String Instance creation when debug level is not enabled.
That publication by Micrometer Tracing 1.0.0 Features: Establishment of context passing Library as a compile-time dependency to avoid having to explicitly define it on the classpath; support for
RemoteServiceAddress in sender/receiver contexts; a handler that enables tracking of data available for metrics; and setting an error status to on OpenTelemetry Span when recording an exception.
JHipster Lite 0.22.0 was released released with an upgrade to Spring Boot 3.0, a new PostgreSQL dialect module; a refactor of
AsyncSpringLiquibaseTest Class; Correct the dependency declaration of the database drivers and developer tools; and removing the JPA properties that don’t change the default values.
Apache Software Foundation
maintaining alignment with QuarcusVersion 2.14.0 of Camel Quarcus was released which matches Camel 3.19.0 and Quarkus 2.14.0.Final. It offers full support for new extensions, CloudEvents and Barand brings JVM support to the DSL modeline. More details about this release can be found in the list of problems.