This week’s Java roundup for April 8th, 2024 features news highlighting: JobRunr 7.0; introducing the Commonhaus Foundation; the April 2024 edition of Payara Platform; JEP 473, Stream Gatherers (Second Preview), and JEP 469, Vector API (Eighth Incubator), Proposed to Target for JDK 23; and Devnexus 2024.
OpenJDK
Less than a week after having been declared a candidate, JEP 473, Stream Gatherers (Second Preview), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP proposes a second round of preview from the previous round, namely: JEP 461, Stream Gatherers (Preview), delivered in JDK 22. This will allow additional time for feedback and more experience with this feature with no user-facing changes over JEP 461. This feature was designed to enhance the Stream API to support custom intermediate operations that will “allow stream pipelines to transform data in ways that are not easily achievable with the existing built-in intermediate operations.” More details on this JEP may be found in the original design document and this InfoQ news story. The review is expected to conclude on April 16, 2024.
Similarly, JEP 469, Vector API (Eighth Incubator), has been promoted from Candidate to Proposed to Target for JDK 23. This JEP incorporates enhancements in response to feedback from the previous seven rounds of incubation: JEP 460, Vector API (Seventh Incubator), delivered in JDK 22; JEP 448, Vector API (Sixth Incubator), delivered in JDK 21; JEP 438, Vector API (Fifth Incubator), delivered in JDK 20; JEP 426, Vector API (Fourth Incubator), delivered in JDK 19; JEP 417, Vector API (Third Incubator), delivered in JDK 18; JEP 414, Vector API (Second Incubator), delivered in JDK 17; and JEP 338, Vector API (Incubator), delivered as an incubator module in JDK 16. Originally slated to be a re-incubation by reusing the original Incubator status, it was decided to keep enumerating. The Vector API will continue to incubate until the necessary features of Project Valhalla become available as preview features. At that time, the Vector API team will adapt the Vector API and its implementation to use them, and will promote the Vector API from Incubation to Preview. The review is expected to conclude on April 16, 2024.
JEP 475, Late Barrier Expansion for G1, has been promoted from its JEP Draft to Candidate status. This JEP proposes to simplify the implementation of the G1 garbage collector’s barriers, which record information about application memory accesses, by shifting their expansion from early in the C2 JIT’s compilation pipeline to later. The goal is to reduce the execution time of C2 when using the G1 collector.
JDK 23
Build 18 of the JDK 23 early-access builds was made available this past week featuring updates from Build 17 that include fixes for various issues. Further details on this release may be found in the release notes.
Spring Framework
The first milestone release of Spring Framework 6.2.0 delivers bug fixes, improvements in documentation, dependency upgrades and numerous new features such as: replace use of the deprecated Jakarta Expression Language ELContext class in favor of the Jakarta Pages VariableResolver interface in the JspPropertyAccessor; an improved DefaultMessageListenerContainer class to support first-class virtual threads; and the addition of configuration and exposure of the Java DataSource interface to the LocalEntityManagerFactoryBean class. More details on this release may be found in the release notes.
Similarly, versions 6.1.6, 6.0.19 and 5.3.34 of Spring Framework have been released to primarily address CVE-2024-22262, Spring Framework URL Parsing with Host Validation (3rd report), a vulnerability in which applications that use the UriComponentsBuilder class to parse an externally provided URL and perform validation checks on the host of the parsed URL, may be vulnerable to an open redirect attack or a server-side-request forgery attack if the URL is used after passing validation checks. This CVE is the same as CVE-2024-22259 and CVE-2024-22243, but with different input. New features include: log column types that aren’t supported by the database driver in the getResultSetValue() method defined in the JdbcUtils class; avoid cloning an empty array of instances of the Annotation interface in the TypeDescriptor class; and consistent support for generic FactoryBean type matching when using the getBeanProvider() method defined in the DefaultListableBeanFactory class. More details on these releases may be found in the release notes for version 6.1.6, version 6.0.19 and version 5.3.34.
The first release candidate of Spring Data 2024.0.0 provides new features: support for value expressions for improved in expressions in entity- and property-related annotations that aligns with Spring Framework @Value annotation; and compatibility with the new MongoDB 5.0 driver containing a deprecated API that has now been removed. There were also upgrades to sub-projects such as: Spring Data Commons 3.3.0-RC1; Spring Data MongoDB 4.3.0-RC1; Spring Data Elasticsearch 5.3.0-RC1; and Spring Data Neo4j 7.3.0-RC1. More details on this release may be found in the release notes.
Similarly, versions 2023.1.5 and 2023.0.11 of Spring Data have been released providing bug fixes and respective dependency upgrades to sub-projects such as: Spring Data Commons 3.2.5 and 3.1.11; Spring Data MongoDB 4.2.5 and 4.1.11; Spring Data Elasticsearch 5.2.5 and 5.1.11; and Spring Data Neo4j 7.2.5 and 7.1.11. These versions may also be consumed by the upcoming releases of Spring Boot 3.2.5 and 3.1.11, respectively.
Versions 2.3.0-RC1, 2.2.2 and 2.1.5 of Spring HATEOAS have been released to primarily upgrade to the latest releases of Spring Framework that address the aforementioned CVE-2024-22262 along with dependency upgrades to Project Reactor 2023.0.5 and Lombok 1.18.32. More details on these releases may be found in the release notes for version 2.3.0-RC1, version 2.2.2 and version 2.1.5.
Sergi Almar, Java and Spring Software Engineer and Spring I/O organizer, has introduced the Spring Builders initiative, an environment for Spring Framework developers to learn, present their Spring-related work, and connect with other Spring developers.
Payara
Payara has released their April 2024 edition of the Payara Platform that includes Community Edition 6.2024.4 and Enterprise Edition 6.13.0. Both editions feature a security fix for CVE-2023-4043, a vulnerability in which parsing JSON from untrusted sources would allow attackers to exploit the built-in support for parsing numbers with large scale to exploit the number of edge cases where the input text of a number can lead to much larger processing time than one would expect.
There were also a number of component upgrades and a resolution to a NullPointerException using profiled settings with MicroProfile Config. More details on these releases may be found in the release notes for Community Edition 6.2024.4 and Enterprise Edition 6.13.0.
Open Liberty
IBM has released version 24.0.0.4-beta of Open Liberty featuring: support for JDK 22 and an updated preview of Jakarta Data that includes the recent 1.0.0-M3 release in which the static metamodel was introduced. This allows for more type-safe usage, and the ability to define repository find methods with the @Find annotation.
Quarkus 3.9.3, the second maintenance release (3.9.0 was skipped), features notable fixes such as: the inability to access any of the static resources defined in an application using REST and servlets with a custom implementation of the Jakarta RESTful Web Services ExceptionMapper interface; and routing for the index.html file fails with a HTTP status code 404 for directories. More details on this release may be found in the changelog.
Helidon
The release of Helidon 4.0.7 provides notable changes such as: a disabled instance of the OidcFeature class no longer throws a NullPointerException; properly return Optional.empty() for a current span if there is no current OpenTelemetry span; and avoid using replicated default values for lists when creating from the corresponding builder pattern or instances. More details on this release may be found in the release notes.
WildFly
The first beta release of WildFly 32 features bug fixes, component upgrades and improvements such as: integrate the Open Worldwide Application Security Project (OWASP) dependency check plugin into the WildFly build; mark as optional or remove references to the deprecated Jakarta Annotations @ManagedBean annotation; and the removal of some outdated Quickstart examples. More details on this release may be found in the release notes.
Apache Software Foundation
The first milestone release of Apache TomEE 10.0.0 delivers bug fixes, dependency upgrades and new features: a MicroProfile OpenAPI Reader example; and improved logging when failing to load a class. There was also a resolution to CVE-2023-35116, a vulnerability in Jackson Databind 2.15.2 and below such that an attacker can craft an object that uses cyclic dependencies that may result in a denial of service. More details on this release may be found in the release notes.
Micrometer
Version 1.13.0-RC1 of Micrometer Metrics ships with dependency upgrades and new features such as: allow for customizing Prometheus properties via the PrometheusConfig interface; announce that configuration for an instance of the OtlpMeterRegistry class has been found at startup; and a new constructor containing a logger name for the WarnThenDebugLogger class for metadata discrepancy logging. More details on this release may be found in the release notes.
Similarly, versions 1.12.5 and 1.11.11 of Micrometer Metrics 1.12.5 provide dependency upgrades and new features such as: use the same description for the same meter name in Log4j2Metrics class; and deprecate the DefaultUriMapper and PoolingHttpClientConnectionManagerMetricsBinder classes in httpcomponents package as they seem to have been missed when deprecating other classes in the same package. More details on these releases may be found in the version 1.12.5 and version 1.11.11.
Versions 1.3.0-RC1, 1.2.5 and 1.1.12 of Micrometer Tracing provide dependency upgrades to version 1.13.0-RC1, 1.12.5 and 1.11.11 of Micrometer Metrics. More details on these releases may be found in the release notes for version 1.3.0-RC1, version 1.2.5 and version 1.1.12
Project Reactor
The first milestone release of Project Reactor 2024.0.0 provides dependency upgrades to reactor-core 3.7.0-M1 and reactor-netty 1.2.0-M1. There was also a realignment to version 2024.0.0-M1 with the reactor-kafka 1.4.0-M1, reactor-pool 1.1.0-M1, reactor-addons 3.6.0-M1 and reactor-kotlin-extensions 1.3.0-M1 artifacts that remain unchanged. More details on this release may be found in the changelog.
Next, Project Reactor 2023.0.5, the fifth maintenance release, provides dependency upgrades to reactor-core 3.6.5 and reactor-netty 1.1.18. There was also a realignment to version 2023.0.5 with the reactor-kafka 1.3.23, reactor-pool 1.0.5, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. More details on this release may be found in the changelog.
Next, Project Reactor 2022.0.18, the eighteenth maintenance release, provides dependency upgrades to reactor-core 3.5.16 and reactor-netty 1.1.18. There was also a realignment to version 2022.0.18 with the reactor-kafka 1.3.23, reactor-pool 1.0.5, reactor-addons 3.5.1 and reactor-kotlin-extensions 1.2.2 artifacts that remain unchanged. Further details on this release may be found in the changelog.
And finally, the release of Project Reactor 2020.0.43, codenamed Europium-SR43, provides dependency upgrades to reactor-core 3.4.37 and reactor-netty 1.0.44. There was also a realignment to version 2020.0.43 with the reactor-kafka 1.3.23, reactor-pool 0.2.12, reactor-addons 3.4.10, reactor-kotlin-extensions 1.1.10 and reactor-rabbitmq 1.5.6 artifacts that remain unchanged. More details on this release may be found in the changelog.
Hibernate
The second release candidate of Hibernate ORM 6.5.0 delivers bug fixes and improvements such as: improved use of Java time objects and timezone offsets that are now directly marshaled through the JDBC driver as defined by JDBC 4.2; a new layout to configure the format in which query results are stored in the query cache; and support for a Java record to be used as a parameter in the Jakarta Persistence @IdClass annotation. This release also provides a technical preview of the new Jakarta Data specification based on the Hibernate annotation processor.
Versions 7.1.1.Final, 7.0.1.Final and 6.2.4.Final of Hibernate Search, all maintenance releases, ship with dependency upgrades and notable changes such as: update potentially misleading error message about the minimum Elasticsearch version required for vector search capabilities; a resolution to possible issues with mass indexing when an ORM discriminator multi-tenancy is in use; and correct supported Java version discrepancies in the reference documentation. More details on this release may be found in the release notes.
The Hibernate team has also announced that it has joined the Commonhaus Foundation, a new foundation described below.
JobRunr
After two release candidates, version 7.0 of JobRunr, a utility to perform background processing in Java, has been released to the Java community. New functionality and improvements include: built-in support for virtual threads that are enabled by default when using JDK 21; the InMemoryStorageProvider class now allows for a poll interval as small as 200ms that is useful for testing; and the ability to configure the shutdown period of BackgroundJobServer class. Breaking changes include: the delete(String id) method in the JobScheduler class has been renamed to deleteRecurringJob(String id); and updates to the StorageProvider interface and the Page and PageRequest classes that include new features. More details on this release may be found in the release notes. InfoQ will follow up with a more detailed news story.
Infinispan
Infinispan 15.0.1.Final, the first maintenance release, provide notable changes such as: avoid a server shutdown upon an error with Infinispan Insights; and a resolution to the SoftIndexFileStore API pointing to a non-existent data location upon clearing the index; and. More details on this release may be found in the changelog.
Piranha
The release of Piranha 24.4.0 delivers notable changes such as: the addition of coreprofilestart, coreprofilerun and coreprofilestop commands to the Piranha CLI; a rebrand of Payara Uber, the wrapper that will allow developers to run everything in a JAR file, to Payara Fin; and expose the --https-keystore-file and --https-keystore-password parameters to the Maven plugin. Further details on this release may be found in their documentation and issue tracker.
JDKUpdater
Versions 14.0.39+63 and 14.0.39+61 of JDKUpdater, a new utility that provides developers the ability to keep track of updates related to builds of OpenJDK and GraalVM. Introduced in mid-March by Gerrit Grunwald, principal engineer at Azul, these releases include updates such as: initial support of a download feature that enables developers to download JDKs from different vendors; change the menu bar icon to SVG format which will allow an automatic switch of colors depending on the text color of the menu bar; and move the switches for SDKMAN!, JBang, Homebrew and Nix to separate screen settings. More details on this release may be found in the release notes.
JReleaser
April 10, 2024 marked the third anniversary of JReleaser, a release automation tool for Java and non-Java projects with the goal to simplify creating releases and publishing artifacts to multiple package managers while providing customizable options. Created by Andres Almiray, Senior Principal Product Manager at Oracle, this anniversary was celebrated with the announcement that JReleaser has joined the Commonhaus Foundation, a new foundation described below.
Apache Software Foundation
Versions 5.0.0-alpha-8 and 4.0.21 of Apache Groovy feature bug fixes, dependency upgrades and improvements such as: support for JDK 23; and a new meta instance of the Closure abstract class to enhance SQL metadata access for the five variants of the execute method. More details on these releases may be found in the release notes for version 5.0.0-alpha-8 and version 4.0.21.
JHipster
The release of JHipster 8.3.0 provides bug fixes, dependency upgrades to Spring Boot 3.2.4 and Gradle 8.7, and notable changes such as: a replacement of the jhipster-dependencies in favor of Spring Boot’s dependency management; experimental support for Spring Cloud Gateway MVC; and an improvement in Spring context caching during tests. More details on this release may be found in the release notes.
JetBrains Ktor
JetBrains has released version 2.3.10 of Ktor, the asynchronous framework for creating microservices and web applications, that include improvements and fixes such as: a resolution to inconsistent behavior of Netty that return null or an empty string for query parameters without values; support for IPv6 addresses in the NettyConnectionPoint and CIOConnectionPoint classes; and support for the ZIP64 format to overcome limitation of 65535 entries. More details on this release may be found in the changelog.
Commonhaus Foundation
The Commonhaus Foundation, a new non-profit organization dedicated to the sustainability of open source libraries and frameworks, was introduced to the Java community this past week to provide succession planning and fiscal support for self-governing open-source projects.
Their mission is to:
Empower a diverse community of developers, contributors, and users to create, maintain, and evolve open source libraries and frameworks, ensuring long-term growth and stability through shared stewardship and community collaboration.
Founders, Erin Schnabel, Distinguished Engineer at Red Hat, Ken Finnigan, OpenTelemetry Architect at Lumigo, and Cesar Saavedra, Senior Technical Marketing Manager at GitLab, will serve as Chair, Board Member and Treasurer, respectively.
The 20th edition of Devnexus 2024, held at the Georgia World Congress Center in Atlanta, Georgia, this past week, featured speakers from the Java community who delivered workshops and talks on topics such as: Jakarta EE, Java Platform, Core Java, Architecture, Cloud Infrastructure and Security.
Devnexus, hosted by the Atlanta Java Users Group (AJUG), has a history that dates back to 2004 when the conference was originally called DevCon. The Devnexus name was introduced in 2010.
The conference also featured on-site live interviews with speakers interested in participating. Entitled DevOps Speakeasy and Build Propulsion Lab, these interviews were facilitated by employees representing JFrog and Gradle, respectively. An example interview that has already been published, Brian Demers, Developer Advocate at Gradle, interviewed Matt Brown, Solutions Architect at Endor Labs. InfoQ will follow up with a more detailed news story.
LONDON (AP) — Most people have accumulated a pile of data — selfies, emails, videos and more — on their social media and digital accounts over their lifetimes. What happens to it when we die?
It’s wise to draft a will spelling out who inherits your physical assets after you’re gone, but don’t forget to take care of your digital estate too. Friends and family might treasure files and posts you’ve left behind, but they could get lost in digital purgatory after you pass away unless you take some simple steps.
Here’s how you can prepare your digital life for your survivors:
Apple
The iPhone maker lets you nominate a “ legacy contact ” who can access your Apple account’s data after you die. The company says it’s a secure way to give trusted people access to photos, files and messages. To set it up you’ll need an Apple device with a fairly recent operating system — iPhones and iPads need iOS or iPadOS 15.2 and MacBooks needs macOS Monterey 12.1.
For iPhones, go to settings, tap Sign-in & Security and then Legacy Contact. You can name one or more people, and they don’t need an Apple ID or device.
You’ll have to share an access key with your contact. It can be a digital version sent electronically, or you can print a copy or save it as a screenshot or PDF.
Take note that there are some types of files you won’t be able to pass on — including digital rights-protected music, movies and passwords stored in Apple’s password manager. Legacy contacts can only access a deceased user’s account for three years before Apple deletes the account.
Google
Google takes a different approach with its Inactive Account Manager, which allows you to share your data with someone if it notices that you’ve stopped using your account.
When setting it up, you need to decide how long Google should wait — from three to 18 months — before considering your account inactive. Once that time is up, Google can notify up to 10 people.
You can write a message informing them you’ve stopped using the account, and, optionally, include a link to download your data. You can choose what types of data they can access — including emails, photos, calendar entries and YouTube videos.
There’s also an option to automatically delete your account after three months of inactivity, so your contacts will have to download any data before that deadline.
Facebook and Instagram
Some social media platforms can preserve accounts for people who have died so that friends and family can honor their memories.
When users of Facebook or Instagram die, parent company Meta says it can memorialize the account if it gets a “valid request” from a friend or family member. Requests can be submitted through an online form.
The social media company strongly recommends Facebook users add a legacy contact to look after their memorial accounts. Legacy contacts can do things like respond to new friend requests and update pinned posts, but they can’t read private messages or remove or alter previous posts. You can only choose one person, who also has to have a Facebook account.
You can also ask Facebook or Instagram to delete a deceased user’s account if you’re a close family member or an executor. You’ll need to send in documents like a death certificate.
TikTok
The video-sharing platform says that if a user has died, people can submit a request to memorialize the account through the settings menu. Go to the Report a Problem section, then Account and profile, then Manage account, where you can report a deceased user.
Once an account has been memorialized, it will be labeled “Remembering.” No one will be able to log into the account, which prevents anyone from editing the profile or using the account to post new content or send messages.
X
It’s not possible to nominate a legacy contact on Elon Musk’s social media site. But family members or an authorized person can submit a request to deactivate a deceased user’s account.
Passwords
Besides the major online services, you’ll probably have dozens if not hundreds of other digital accounts that your survivors might need to access. You could just write all your login credentials down in a notebook and put it somewhere safe. But making a physical copy presents its own vulnerabilities. What if you lose track of it? What if someone finds it?
Instead, consider a password manager that has an emergency access feature. Password managers are digital vaults that you can use to store all your credentials. Some, like Keeper,Bitwarden and NordPass, allow users to nominate one or more trusted contacts who can access their keys in case of an emergency such as a death.
But there are a few catches: Those contacts also need to use the same password manager and you might have to pay for the service.
___
Is there a tech challenge you need help figuring out? Write to us at onetechtip@ap.org with your questions.
LONDON (AP) — Britain’s competition watchdog said Thursday it’s opening a formal investigation into Google’s partnership with artificial intelligence startup Anthropic.
The Competition and Markets Authority said it has “sufficient information” to launch an initial probe after it sought input earlier this year on whether the deal would stifle competition.
The CMA has until Dec. 19 to decide whether to approve the deal or escalate its investigation.
“Google is committed to building the most open and innovative AI ecosystem in the world,” the company said. “Anthropic is free to use multiple cloud providers and does, and we don’t demand exclusive tech rights.”
San Francisco-based Anthropic was founded in 2021 by siblings Dario and Daniela Amodei, who previously worked at ChatGPT maker OpenAI. The company has focused on increasing the safety and reliability of AI models. Google reportedly agreed last year to make a multibillion-dollar investment in Anthropic, which has a popular chatbot named Claude.
Anthropic said it’s cooperating with the regulator and will provide “the complete picture about Google’s investment and our commercial collaboration.”
“We are an independent company and none of our strategic partnerships or investor relationships diminish the independence of our corporate governance or our freedom to partner with others,” it said in a statement.
The U.K. regulator has been scrutinizing a raft of AI deals as investment money floods into the industry to capitalize on the artificial intelligence boom. Last month it cleared Anthropic’s $4 billion deal with Amazon and it has also signed off on Microsoft’s deals with two other AI startups, Inflection and Mistral.
DUBAI, United Arab Emirates (AP) — The tiny Mideast nation of Kuwait has banned the release of the video game “Call of Duty: Black Ops 6,” which features the late Iraqi dictator Saddam Hussein and is set in part in the 1990s Gulf War.
The video game, a first-person shooter, follows CIA operators fighting at times in the United States and also in the Middle East. Game-play trailers for the game show burning oilfields, a painful reminder for Kuwaitis who saw Iraqis set fire to the fields, causing vast ecological and economic damage. Iraqi troops damaged or set fire to over 700 wells.
There also are images of Saddam and Iraq’s old three-star flag in the footage released by developers ahead of the game’s launch. The game’s multiplayer section, a popular feature of the series, includes what appears to be a desert shootout in Kuwait called Scud after the Soviet missiles Saddam fired in the war. Another is called Babylon, after the ancient city in Iraq.
Activision acknowledged in a statement that the game “has not been approved for release in Kuwait,” but did not elaborate.
“All pre-orders in Kuwait will be cancelled and refunded to the original point of purchase,” the company said. “We remain hopeful that local authorities will reconsider, and allow players in Kuwait to enjoy this all-new experience in the Black Ops series.”
Kuwait’s Media Ministry did not respond to requests for comment from The Associated Press over the decision.
“Call of Duty,” which first began in 2003 as a first-person shooter set in World War II, has expanded into an empire worth billions of dollars now owned by Microsoft. But it also has been controversial as its gameplay entered the realm of geopolitics. China and Russia both banned chapters in the franchise. In 2009, an entry in the gaming franchise allowed players to take part in a militant attack at a Russian airport, killing civilians.
But there have been other games recently that won praise for their handling of the Mideast. Ubisoft’s “Assassin’s Creed: Mirage” published last year won praise for its portrayal of Baghdad during the Islamic Golden Age in the 9th century.