This week’s Java roundup for April 15th, 2024 features news highlighting: the second milestone release of Jakarta EE 11; Stream Gathers (Second Preview) and Vector API (Eighth Incubator) targeted for JDK 23; the first release candidate of Spring Boot 3.3.0; the first alpha release of Hibernate 7.0.0; and the fifth milestone release of GlassFish 8.0.0.
OpenJDK
After its review had concluded, JEP 473, Stream Gatherers (Second Preview), was promoted from Proposed to Target to Targeted for JDK 23. This JEP proposes a second round of preview from the previous round, namely: JEP 461, Stream Gatherers (Preview), delivered in JDK 22. This will allow additional time for feedback and more experience with this feature with no user-facing changes over JEP 461. This feature was designed to enhance the Stream API to support custom intermediate operations that will “allow stream pipelines to transform data in ways that are not easily achievable with the existing built-in intermediate operations.” More details on this JEP may be found in the original design document and this InfoQ news story.
Similarly, JEP 469, Vector API (Eighth Incubator), has also been promoted from Proposed to Target to Targeted for JDK 23. This JEP incorporates enhancements in response to feedback from the previous seven rounds of incubation: JEP 460, Vector API (Seventh Incubator), delivered in JDK 22; JEP 448, Vector API (Sixth Incubator), delivered in JDK 21; JEP 438, Vector API (Fifth Incubator), delivered in JDK 20; JEP 426, Vector API (Fourth Incubator), delivered in JDK 19; JEP 417, Vector API (Third Incubator), delivered in JDK 18; JEP 414, Vector API (Second Incubator), delivered in JDK 17; and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. Originally slated to be a re-incubation by reusing the original Incubator status, it was decided to keep enumerating. The Vector API will continue to incubate until the necessary features of Project Valhalla become available as preview features. At that time, the Vector API team will adapt the Vector API and its implementation to use them, and will promote the Vector API from Incubation to Preview.
JEP 476, Module Import Declarations (Preview), has been promoted from its JEP Draft 8315129 to Candidate status. This preview feature proposes to enhance the Java programming language with the ability to succinctly import all of the packages exported by a module with a goal to simplify the reuse of modular libraries without requiring to import code to be in a module itself.
George Adams, Senior Software Engineering Manager at Microsoft, and Bruno Borges, Principal PM Manager at Microsoft, have submitted JEP Draft 8330623, Remove Windows 32-bit x86 Port, that proposes to fully remove the Windows 32-bit x86 port following its deprecation as described in JEP 449, Deprecate the Windows 32-bit x86 Port for Removal, delivered in JDK 21. The goals are to: remove all code paths in the code base that apply only to Windows 32-bit; cease all testing and development efforts targeting the Windows 32-bit platform; and simplify OpenJDK’s build and test infrastructure, aligning with current computing standards.
JDK 23
Build 19 of the JDK 23 early-access builds was made available this past week featuring updates from Build 18 that include fixes for various issues. Further details on this release may be found in the release notes.
GlassFish
GlassFish 8.0.0-M5, the fifth milestone release, delivers dependency upgrades and notable changes such as: an improved certificate authentication for the JmacHttpsTest class; and the addition of a lock and a notifyWaitingThreads() method in the ConnectionPool class for improved max pool size logic. More details on this release may be found in the release notes.
In his weekly Hashtag Jakarta EE blog, Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation, has announced that the second milestone release of Jakarta EE 11 has been made available to the Java community.
Reviews for four specifications have been completed, two are in progress, and six are ready for their respective reviews. A total of four milestone releases are planned before the GA release in July 2024. Details for each profile may be found in Jakarta EE Platform 11-M2, Jakarta EE Web Profile 11-M2 and Jakarta EE Core 11-M2.
Gavin King, Senior Distinguished Engineer at IBM and Creator of Hibernate, has written a series (part I and part II) on Jakarta Data, a new specification in Jakarta EE 11.
BellSoft
Concurrent with Oracle’s Critical Patch Update (CPU) for April 2024, BellSoft has released CPU patches for versions 21.0.2.0.1, 17.0.10.0.1, 11.0.22.0.1, 8u411 of Liberica JDK, their downstream distribution of OpenJDK, to address this list of CVEs. In addition, Patch Set Update (PSU) versions 22.0.1, 21.0.3, 17.0.11, 11.0.23 and 8u412, containing CPU and non-critical fixes, have also been released.
Spring Framework
The first release candidate of Spring Boot 3.3.0 delivers bug fixes, improvements in documentation, dependency upgrades and new features such as: configure JpaBaseConfiguration class with a custom implementation of the spring Framework ManagedClassNameFilter interface; and improved support for Spring for Apache Pulsar transactions with new auto-configuration properties. More details on this release may be found in the release notes.
Similarly, Spring Boot 3.2.5 and 3.1.11 have also been released featuring improvements in documentation, dependency upgrades and notable bug fixes such as: the @ServletComponentScan annotation does not register servlet components in a mock web environment; and the BindValidationFailureAnalyzer class uses the wrong target. Further details on these releases may be found in the version 3.2.5 and version 3.1.11.
The first release candidate of Spring Security 6.3.0 provides bug fixes, dependency upgrades and new features such as: support for certificate-bound JWT access token validation; and improves logging with the AuthenticationWebFilter class. More details on this release may be found in the release notes.
Similarly, versions 6.2.4, 6.1.9 and 5.8.12 of Spring Security have also been released featuring dependency upgrades and notable bug fixes such as: a package entanglement with the AuthorizationObservationConvention class that imports the MethodInvocationResult class; and use of the @Transactional annotation breaks ahead-of-time compilation for native image. Further details on these releases may be found in the release notes for version 6.2.4, version 6.1.9 and version 5.8.12.
Versions 1.3.0-RC1, 1.2.4 and 1.1.7 of Spring Authorization Server have been released featuring dependency upgrades to Spring Framework and Spring Security. New features in version 1.3.0-RC1 include: the addition of Mutual-TLS client certificate-bound access tokens; and provide more flexibility on when to display the consent page. More details on this release may be found in the release notes for version 1.3.0-RC1, version 1.2.4 and version 1.1.7.
The first release candidate of Spring Modulith 1.2.0 provides dependency upgrades and improvements such as: avoid the inclusion of starters in Spring Boot repackaged JARs; and a new section added to the documentation on how to exclude packages from application module detection. Further details on this release may be found in the release notes.
Similarly, version 1.0.5 of Spring for Apache Pulsar has been released to provide dependency upgrades. Further details on this release may be found in the release notes.
Quarkus 3.9.4, the third maintenance release (version 3.9.0 was skipped) ships with dependency upgrades and notable bug fixes such as: annotating a producer method with the @Startup annotation throws a warning during compilation while still creating a bean as intended; and conflicts with hot reloading (quarkus:dev) not working and use of the Flatten Maven Plugin. More details on this release may be found in the changelog.
Similarly, the release of Quarkus 3.8.4 also provides dependency upgrades and notable bug fixes such as: an instance of the RestMulti class not sending headers if an implementation of the SmallRye Multi interface is empty; and removal of the outdated MetricBuildItem SPI. Further details on this release may be found in the changelog.
And lastly, Quarkus 3.2.12.Final has been released with minor bug fixes and improvements in documentation. More details on this release may be found in the release notes.
The first alpha release of Hibernate ORM 7.0.0 delivers: a migration to the Jakarta Persistence 3.2 specification, the latest version to be delivered in Jakarta EE 11; a baseline to JDK 17; a new XSD file that represents an extension of the Jakarta Persistence orm.xsd file that weaves in Hibernate-specific mapping features; and a migration from the Hibernate Commons Annotations (HCANN) to the new Hibernate Models project for low-level processing of an application domain model.
Hazelcast
The release of Hazelcast Platform 5.4 provides new features such as: Tiered Storage, a technology to ensure that frequently accessed (high-hit) data remains in fast memory and less frequently accessed (low-hit) data is stored on cheaper disks; a new CPMap data structure added to the Hazelcast CP Subsystem for improved data consistency; and a Thread-Per-Core architecture for both clients and cluster members to improve system performance. More details on this release may be found in the what’s new page. Please note that these new features are for the enterprise version of Hazelcast.
The release of Apache TomEE 9.1.3 provides dependency upgrades, a bug fix in which the TomEE Embedded Maven Plugin does not register Microprofile endpoints, and a new feature that introduces a placeholder replacement to enable the Simple MDB activation properties to be more customizable. More details on this release may be found in the release notes.
Versions 11.0.0-M19 and 9.0.88 of Apache Tomcat ship with notable changes such as: enhancements to the generation of cookie header; and a resolution to a regression when reloading TLS configuration and files. Version 11.0.0-M19 also finalizes the updates to the specification in the upcoming release of Jakarta EE 11. Further details on these releases may be found in the release notes for version 11.0.0-M19 and version 9.0.88.
The release of Apache Struts 6.4.0 delivers bug fixes, dependency upgrades and notable improvements such as: a change to the SecurityMemberAccess class to be extensible and a prototype bean to allow applications to easily extend its capabilities and for improved configuration loading; and replace the deprecated createInjectionTarget() method defined in the Jakarta CDI BeanManager interface with the recommended getInjectionTargetFactory() method. More details on this release may be found in the release notes.
OpenXava
The release of OpenXava 7.3 provides bug fixes, improvements in documentation, dependency upgrades and notable new features such as: compliance with the Open Web Application Security Project (OWASP) for improved security in OpenXava projects; an enhanced user experience and user interface; and improvements to the Calendar class. Further details on this release may be found in the release notes.
LangChain4j
Version 0.30.0 of LangChain for Java (LangChain4j) provides bug fixes and notable changes such as: the addition of getter methods and a change scope of attributes from protected to public in the AnthropicCreateMessageRequest class; and support for template variables in the method parameter annotated with @UserMessage annotation. More details on this release may be found in the release notes.
JHipster Lite
The release of version 1.7.0 of JHipster Lite ships with bug fixes, dependency upgrades and new features/enhancements such as: the creation of an agnostic Java build properties for both Gradle and Maven; and provide an implementation of the AddJavaBuildProfile command in the GradleCommandHandler class. Further details on this release may be found in the release notes.
JDKUpdater
Versions 14.0.39+67 and 14.0.39+65 of JDKUpdater, a new utility that provides developers the ability to keep track of updates related to builds of OpenJDK and GraalVM. Introduced in mid-March by Gerrit Grunwald, principal engineer at Azul, these releases include: support for builds of OpenJDK maintained by Jabba; the addition of maintainer icons to switches in the Settings view; and a resolution to a minor issue related to number of remaining days display. More details on this release may be found in the release notes.
JDK Operator SDK
The release of Java Operator SDK 4.8.3 features dependency upgrades and notable changes such as: a resolution to allow an event to be received when an instance of the EventProcessor class is starting; and a change to the changeNamespaces() method defined in the Controller class to start the event processor a namespace change still needs to be processed. Further details on this release may be found in the release notes.
Jox
The release of Jox 0.2.0, a virtual threads library that implements an efficient Channel data structure in Java designed to be used with virtual threads, features a rename of methods ending in …safe() , such as sendSafe(), to …orClosed(), such as sendOrClosed(), as inspired by this paper related to Kotlin co-routines. More details on this release may be found in the release notes.
The federal government is ordering the dissolution of TikTok’s Canadian business after a national security review of the Chinese company behind the social media platform, but stopped short of ordering people to stay off the app.
Industry Minister François-Philippe Champagne announced the government’s “wind up” demand Wednesday, saying it is meant to address “risks” related to ByteDance Ltd.’s establishment of TikTok Technology Canada Inc.
“The decision was based on the information and evidence collected over the course of the review and on the advice of Canada’s security and intelligence community and other government partners,” he said in a statement.
The announcement added that the government is not blocking Canadians’ access to the TikTok application or their ability to create content.
However, it urged people to “adopt good cybersecurity practices and assess the possible risks of using social media platforms and applications, including how their information is likely to be protected, managed, used and shared by foreign actors, as well as to be aware of which country’s laws apply.”
Champagne’s office did not immediately respond to a request for comment seeking details about what evidence led to the government’s dissolution demand, how long ByteDance has to comply and why the app is not being banned.
A TikTok spokesperson said in a statement that the shutdown of its Canadian offices will mean the loss of hundreds of well-paying local jobs.
“We will challenge this order in court,” the spokesperson said.
“The TikTok platform will remain available for creators to find an audience, explore new interests and for businesses to thrive.”
The federal Liberals ordered a national security review of TikTok in September 2023, but it was not public knowledge until The Canadian Press reported in March that it was investigating the company.
At the time, it said the review was based on the expansion of a business, which it said constituted the establishment of a new Canadian entity. It declined to provide any further details about what expansion it was reviewing.
A government database showed a notification of new business from TikTok in June 2023. It said Network Sense Ventures Ltd. in Toronto and Vancouver would engage in “marketing, advertising, and content/creator development activities in relation to the use of the TikTok app in Canada.”
Even before the review, ByteDance and TikTok were lightning rod for privacy and safety concerns because Chinese national security laws compel organizations in the country to assist with intelligence gathering.
Such concerns led the U.S. House of Representatives to pass a bill in March designed to ban TikTok unless its China-based owner sells its stake in the business.
Champagne’s office has maintained Canada’s review was not related to the U.S. bill, which has yet to pass.
Canada’s review was carried out through the Investment Canada Act, which allows the government to investigate any foreign investment with potential to might harm national security.
While cabinet can make investors sell parts of the business or shares, Champagne has said the act doesn’t allow him to disclose details of the review.
Wednesday’s dissolution order was made in accordance with the act.
The federal government banned TikTok from its mobile devices in February 2023 following the launch of an investigation into the company by federal and provincial privacy commissioners.
— With files from Anja Karadeglija in Ottawa
This report by The Canadian Press was first published Nov. 6, 2024.
LONDON (AP) — Most people have accumulated a pile of data — selfies, emails, videos and more — on their social media and digital accounts over their lifetimes. What happens to it when we die?
It’s wise to draft a will spelling out who inherits your physical assets after you’re gone, but don’t forget to take care of your digital estate too. Friends and family might treasure files and posts you’ve left behind, but they could get lost in digital purgatory after you pass away unless you take some simple steps.
Here’s how you can prepare your digital life for your survivors:
Apple
The iPhone maker lets you nominate a “ legacy contact ” who can access your Apple account’s data after you die. The company says it’s a secure way to give trusted people access to photos, files and messages. To set it up you’ll need an Apple device with a fairly recent operating system — iPhones and iPads need iOS or iPadOS 15.2 and MacBooks needs macOS Monterey 12.1.
For iPhones, go to settings, tap Sign-in & Security and then Legacy Contact. You can name one or more people, and they don’t need an Apple ID or device.
You’ll have to share an access key with your contact. It can be a digital version sent electronically, or you can print a copy or save it as a screenshot or PDF.
Take note that there are some types of files you won’t be able to pass on — including digital rights-protected music, movies and passwords stored in Apple’s password manager. Legacy contacts can only access a deceased user’s account for three years before Apple deletes the account.
Google
Google takes a different approach with its Inactive Account Manager, which allows you to share your data with someone if it notices that you’ve stopped using your account.
When setting it up, you need to decide how long Google should wait — from three to 18 months — before considering your account inactive. Once that time is up, Google can notify up to 10 people.
You can write a message informing them you’ve stopped using the account, and, optionally, include a link to download your data. You can choose what types of data they can access — including emails, photos, calendar entries and YouTube videos.
There’s also an option to automatically delete your account after three months of inactivity, so your contacts will have to download any data before that deadline.
Facebook and Instagram
Some social media platforms can preserve accounts for people who have died so that friends and family can honor their memories.
When users of Facebook or Instagram die, parent company Meta says it can memorialize the account if it gets a “valid request” from a friend or family member. Requests can be submitted through an online form.
The social media company strongly recommends Facebook users add a legacy contact to look after their memorial accounts. Legacy contacts can do things like respond to new friend requests and update pinned posts, but they can’t read private messages or remove or alter previous posts. You can only choose one person, who also has to have a Facebook account.
You can also ask Facebook or Instagram to delete a deceased user’s account if you’re a close family member or an executor. You’ll need to send in documents like a death certificate.
TikTok
The video-sharing platform says that if a user has died, people can submit a request to memorialize the account through the settings menu. Go to the Report a Problem section, then Account and profile, then Manage account, where you can report a deceased user.
Once an account has been memorialized, it will be labeled “Remembering.” No one will be able to log into the account, which prevents anyone from editing the profile or using the account to post new content or send messages.
X
It’s not possible to nominate a legacy contact on Elon Musk’s social media site. But family members or an authorized person can submit a request to deactivate a deceased user’s account.
Passwords
Besides the major online services, you’ll probably have dozens if not hundreds of other digital accounts that your survivors might need to access. You could just write all your login credentials down in a notebook and put it somewhere safe. But making a physical copy presents its own vulnerabilities. What if you lose track of it? What if someone finds it?
Instead, consider a password manager that has an emergency access feature. Password managers are digital vaults that you can use to store all your credentials. Some, like Keeper,Bitwarden and NordPass, allow users to nominate one or more trusted contacts who can access their keys in case of an emergency such as a death.
But there are a few catches: Those contacts also need to use the same password manager and you might have to pay for the service.
___
Is there a tech challenge you need help figuring out? Write to us at onetechtip@ap.org with your questions.
LONDON (AP) — Britain’s competition watchdog said Thursday it’s opening a formal investigation into Google’s partnership with artificial intelligence startup Anthropic.
The Competition and Markets Authority said it has “sufficient information” to launch an initial probe after it sought input earlier this year on whether the deal would stifle competition.
The CMA has until Dec. 19 to decide whether to approve the deal or escalate its investigation.
“Google is committed to building the most open and innovative AI ecosystem in the world,” the company said. “Anthropic is free to use multiple cloud providers and does, and we don’t demand exclusive tech rights.”
San Francisco-based Anthropic was founded in 2021 by siblings Dario and Daniela Amodei, who previously worked at ChatGPT maker OpenAI. The company has focused on increasing the safety and reliability of AI models. Google reportedly agreed last year to make a multibillion-dollar investment in Anthropic, which has a popular chatbot named Claude.
Anthropic said it’s cooperating with the regulator and will provide “the complete picture about Google’s investment and our commercial collaboration.”
“We are an independent company and none of our strategic partnerships or investor relationships diminish the independence of our corporate governance or our freedom to partner with others,” it said in a statement.
The U.K. regulator has been scrutinizing a raft of AI deals as investment money floods into the industry to capitalize on the artificial intelligence boom. Last month it cleared Anthropic’s $4 billion deal with Amazon and it has also signed off on Microsoft’s deals with two other AI startups, Inflection and Mistral.
