This week’s Java roundup for October 16th, 2023 features news from OpenJDK, JDK 22, BellSoft, Oracle VS Code extension, WildFly 30, Payara Platform, MicroProfile 6.1, EclipseCon and releases for GraalVM Native Build Tools, Spring Boot, Spring Security, Spring Authorization Server, Spring Cloud Dataflow, Micronaut, Quarkus, Open Liberty, Apache TomEE, Apache Tomcat, JHipster and JHipster Lite.
OpenJDK
JEP 456, Unnamed Variables and Patterns, has been promoted from Candidate to Proposed to Target for JDK 22. This JEP proposes to finalize this feature after one previous round of preview: JEP 443, Unnamed Patterns and Variables (Preview), delivered in JDK 21. This feature will “enhance the language with unnamed patterns, which match a record component without stating the component’s name or type, and unnamed variables, which can be initialized but not used.” Both of these are denoted by the underscore character as in r instanceof _(int x, int y) and r instanceof _. The review is expected to conclude on October 26, 2023.
Concurrent with Oracle’s Critical Patch Update (CPU) for October 2023, BellSoft has released CPU patches for versions 21.0.0.0.1, 17.0.8.1.1, 11.0.20.1.1, 8u391, 7u401 and 6u401 of Liberica JDK, their downstream distribution of OpenJDK. In addition, Patch Set Update (PSU) versions 21.0.1, 17.0.9, 11.0.21 and 8u392, containing CPU and non-critical fixes, have also been released.
Oracle
Oracle has introduced their Oracle Java Platform Extension for Visual Studio Code that brings full-featured Java development (edit/compile/debug/test cycle) for Maven and Gradle projects to VSCode along with other features such as a project explorer, debugging and launch configurations, a JDK downloader and supported refactorings.
GraalVM
On the road to version 1.0, Oracle Labs has released version 0.9.28 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides: revert to the previous version of the escapeArg() method defined in the NativeImageUtils class to fix issues with Windows path escaping; improve detection of major JDK versions; and a removal of the use of the deprecated Gradle JavaPluginConvention class and replace with the JavaPluginExtension class. More details on this release may be found in the changelog.
Similarly, versions 3.1.5, 3.0.12 and 2.7.17 of Spring Boot have been released featuring bug fixes, improvements in documentation, dependency upgrades, and the most notable change: correcting the behavior of the spring.jms.listener.concurrency property in which the maximum number of users was set to the value of this property and the minimum number of consumers was always set to 1. This is in contrast with the documentation, and developers should set their desired maximum value in the spring.jms.listener.max-concurrency property. More details on these releases may be found in the release notes for version 3.1.5, version 3.0.12 and version 2.7.17.
Similarly, versions 1.1.3, 1.0.4 and 0.4.4 of Spring Authorization Server have been released featuring minor bug fixes and dependency upgrades to respective versions of: Spring Boot 3.1.4, 3.0.11 and 2.7.16; Spring Security 6.1.5, 6.0.8 and 5.8.8; and Spring Framework 6.0.13, 6.0.13 and 5.3.30. More details on these releases may be found in the release notes for version 1.1.3, version 1.0.4 and version 0.4.4.
Red Hat has released version 30.0.0 of WildFly featuring: support for JDK 21 as WildFly 30 has passed the TCKs as a compatible implementation of the Jakarta EE Core Profile. This release also supports most of the MicroProfile 6.0 specifications, but cannot claim to be a compatible implementation as Red Hat does not support the MicroProfile Metrics specification. It is important to note that Red Hat recommends developers remain running their applications on JDK 17 and JDK 11 because they haven’t certified WildFly 30 on the Jakarta EE Platform and Jakarta EE Web Profile. Despite this, Red Hat says that “WildFly 30 is a great choice for evaluating how your applications run on SE 21.” More details on this release may be found in the release notes.
Payara
Payara has released their October 2023 edition of the Payara Platform that includes Community Edition 6.2023.10, Enterprise Edition 6.7.0 and Enterprise Edition 5.56.0 featuring: bug fixes; a dependency upgrade to the aforementioned json-smart 2.4.11 in the OIDC client to address CVE-2023-1370, a vulnerability a vulnerability in json-smart where parsing too many nested JSON structured arrays and objects, due to no defined limit, could cause a stack overflow and crash the software; and a new timeout option, --timeout, to the Payara domain commands such as start-domain and stop-domain. More details on these versions may be found in the release notes for Community Edition 6.2023.10 and Enterprise Edition 6.7.0 and Enterprise Edition 5.56.0.
MicroProfile
The MicroProfile Working Group has released version 6.1 of MicroProfile featuring updates to specifications: MicroProfile Config 3.1, MicroProfile Metrics 5.1 and MicroProfile Telemetry 1.1.
Notable changes in MicroProfile Config include: an update to the TCK to align with breaking changes in the Jakarta EE Contexts and Dependency Injection 4.0 specification that include an empty beans.xml file and change in bean discovery mode from all to annotated; and the MissingValueOnObserverMethodInjectionTest class, that asserts a DeploymentException, fails a different reason due to the the ConfigObserver bean being defined as @ApplicationScoped (proxyable) and final (not proxyable). More details on this release may be found in the release notes.
Notable changes in MicroProfile Metrics include: introduce MicroProfile Config properties that customize how Histogram and Timer metrics track and output statistics for percentiles and histogram-buckets; define the @RegistryScope annotation as a qualifier; and include a new recommendation for multi-application deployments to use the mp.metrics.defaultAppName property to eliminate the problems caused by the requirement to have consistent tag sets for multi-app application server implementations. More details on this release may be found in the release notes.
Notable changes in MicroProfile Telemetry 1.1 include: a clarification of which API classes must be available to users; an implementation of tests that is not timestamp dependent; and a clarification of the behavior of the Span and Baggage beans when the current span or baggage changes. More details on this release may be found in the release notes.
The Micronaut Foundation has disclosed a vulnerability in the OAuth2 section of their Micronaut Security module. CVE-2023-36820, a vulnerability in which the IdTokenClaimsValidator class skips the audience claim validation if the token is issued by the same identity issuer/provider resulting in improper access control.
CVE-2023-44487, a vulnerability in which Tomcat’s implementation of HTTP/2 was vulnerable to the rapid reset attack causing a denial of service that was typically manifested as an OutOfMemoryError.
CVE-2023-39410, a vulnerability in Apache Avro that would allow an attacker to deserialize untrusted or corrupted data resulting in consuming memory beyond the allowed constraints and therefore leading to the system to run out of memory.
CVE-2023-34454, a vulnerability in snappy-java that would allow an attacker to take advantage of unchecked multiplications causing a possible integer overflow resulting in an unrecoverable fatal error.
The Quarkus team has also documented their journey in addressing CVE-2023-44487 that includes an overview of the CVE, threads vs. event loops and their solution.
Open Liberty
IBM has released 23.0.0.10 of Open Liberty featuring support for JDK 21 and an update to the featureUtility command that now verifies feature authenticity by default when a new feature is installed into Open Liberty. This replaces the verified checksums, but checksums do not ensure the authenticity of downloaded files.
Apache Software Foundation
The release of Apache TomEE 9.1.1 ships with bug fixes, dependency upgrades and the most notable change that drops support for their own shade of CFX in favor of Apache CXF 4.0. This release also includes fixes and backports for several CVEs:
CVE-2023-34981, a vulnerability in which a regression in the fix for Bug 66512 could lead to an information leak if a response did not include any HTTP headers, then no Apache JServ Protocol (AJP) SEND_HEADERS message would be sent for the response. This was fixed in Bug 66591 and developers are encouraged to migrate to minimal versions 11.0.0-M6, 10.1.9, 9.0.75 or 8.5.89.
CVE-2023-42795, an exposure that occurs when recycling various internal objects, including the request and the response, prior to re-use by the next request/response, an error could cause Tomcat to skip some parts of the recycling process leading to information leaking from the current request/response to the next.
CVE-2023-35116, a vulnerability in Jackson Databind 2.15.2 and below such that an attacker can craft an object that uses cyclic dependencies that may result in a denial of service. It is important to note that this CVE is in dispute because FasterXML, creators of Jackson, believe that the steps to construct a cyclic data structure with an attempt to serialize it cannot be achieved by an external attacker.
More details on this release may be found in the release notes.
Versions 10.1.15 and 8.5.95 of Apache Tomcat both feature notable fixes: a regression with HTTP compression after refactoring code; and a regression in the clean-up of unnecessary use of fully qualified class names in versions 10.1.14 and 8.5.94 that broke the JDBC pool. More details on these releases may be found in the release notes for version 10.1.15 and version 8.5.95.
JHipster
The first release candidate of JHipster 8.0.0 provides bug fixes, dependency upgrades and notable changes such as: the JHipster-generated equals() method is now safe to use in Hibernate; improved code coverage of the MetricsComponent class; and improved support of JHipster Blueprints. More details on this release may be found in the release notes.
Version 0.45.0 of JHipster Lite has been released featuring bug fixes, improvements in documentation, dependency upgrades and new features/improvements such as: a new YamlFileSpringPropertiesHandler class in preparation for supporting YAML configuration; new toString() methods added to various JHipster classes for improved debugging; and support for processing multi-line comments in Spring property files. More details on this release may be found in the release notes.
The JHipster team also celebrated their 10th anniversary this past week. The very first commit was published on October 21, 2013.
EclipseCon
EclipseCon 2023 was held at the Forum am Schlosspark and the Film-und-Medienzentrum (FMZ) in Ludwigsburg, Germany this past week featuring speakers from the Java Community who presented on topics such as: Automotive & Mobility, IOT & Edge, Open Source Best Practices, Programming Languages & Runtimes, and Tools & IDEs. The conference also featured a Community Day that brings together like-minded individuals, passionate experts, and curious minds from all walks of life for meetings, project updates, workshops, presentations or panel discussions. Ivar Grimstad, Jakarta EE Developer Advocate at the Eclipse Foundation posted his daily summaries for Community Day, Day One, Day Two and Day Three.
CHICAGO (AP) — United Airlines has struck a deal with Elon Musk’s SpaceX to offer satellite-based Starlink WiFi service on flights within the next several years.
The airline said Friday the service will be free to passengers.
United said it will begin testing the service early next year and begin offering it on some flights by later in 2025.
Financial details of the deal were not disclosed.
The announcement comes as airlines rush to offer more amenities as a way to stand out when passengers pick a carrier for a trip. United’s goal is to make sitting on a plane pretty much like being on the ground when it comes to browsing the internet, streaming entertainment and playing games.
“Everything you can do on the ground, you’ll soon be able to do on board a United plane at 35,000 feet, just about anywhere in the world,” CEO Scott Kirby said in announcing the deal.
The airline says Starlink will allow passengers to get internet access even over oceans and polar regions where traditional cell or Wi-Fi signals may be weak or missing.
Sony has made it easy for Canadian consumers to preorder the PlayStation 5 Pro in Canada directly from PlayStation’s official website. Here’s how:
Visit the Official Website: Go to direct.playstation.com and navigate to the PS5 Pro section once preorders go live on September 26, 2024.
Create or Log in to Your PlayStation Account: If you don’t have a PlayStation account, you will need to create one. Existing users can simply log in to proceed.
Place Your Preorder: Once logged in, follow the instructions to preorder your PS5 Pro. Ensure you have a valid payment method ready and double-check your shipping information for accuracy.
Preorder Through Major Canadian Retailers
While preordering directly from PlayStation is a popular option, you can also secure your PS5 Pro through trusted Canadian retailers. These retailers are expected to offer preorders on or after September 26:
Best Buy Canada
Walmart Canada
EB Games (GameStop)
Amazon Canada
The Source
Steps to Preorder via Canadian Retailers:
Visit Retailer Websites: Search for “PlayStation 5 Pro” on the website of your preferred retailer starting on September 26.
Create or Log in to Your Account: If you’re shopping online, having an account with the retailer can speed up the preorder process.
Preorder in Store: For those who prefer in-person shopping, check with local stores regarding availability and preorder policies.
3. Sign Up for Notifications
Many retailers and websites offer the option to sign up for notifications when the preorder goes live. If you’re worried about missing out due to high demand, this can be a useful option.
Visit Retailer Sites: Look for a “Notify Me” or “Email Alerts” option and enter your email to stay informed.
Use PlayStation Alerts: Sign up for notifications directly through Sony to be one of the first to know when preorders are available.
4. Prepare for High Demand
Preordering the PS5 Pro is expected to be competitive, with high demand likely to result in quick sellouts, just as with the initial release of the original PS5. To maximize your chances of securing a preorder:
Act Quickly: Be prepared to place your order as soon as preorders open. Timing is key, as stock can run out within minutes.
Double-Check Payment Information: Ensure your credit card or payment method is ready to go. Any delays during the checkout process could result in losing your spot.
Stay Informed: Monitor PlayStation and retailer websites for updates on restocks or additional preorder windows.
Final Thoughts
The PlayStation 5 Pro is set to take gaming to the next level with its enhanced performance, graphics, and new features. Canadian gamers should be ready to act fast when preorders open on September 26, 2024, to secure their console ahead of the holiday season. Whether you choose to preorder through PlayStation’s official website or your preferred retailer, following the steps outlined above will help ensure a smooth and successful preorder experience.
For more details on the PS5 Pro and to preorder, visit direct.playstation.com or stay tuned to updates from major Canadian retailers.
Since the PlayStation 5 (PS5) launched four years ago, PlayStation has continuously evolved to meet the demands of its players. Today, we are excited to announce the next step in this journey: the PlayStation 5 Pro. Designed for the most dedicated players and game creators, the PS5 Pro brings groundbreaking advancements in gaming hardware, raising the bar for what’s possible.
Key Features of the PS5 Pro
The PS5 Pro comes equipped with several key performance enhancements, addressing the requests of gamers for smoother, higher-quality graphics at a consistent 60 frames per second (FPS). The console’s standout features include:
Upgraded GPU: The PS5 Pro’s GPU boasts 67% more Compute Units than the current PS5, combined with 28% faster memory. This allows for up to 45% faster rendering speeds, ensuring a smoother gaming experience.
Advanced Ray Tracing: Ray tracing capabilities have been significantly enhanced, with reflections and refractions of light being processed at double or triple the speed of the current PS5, creating more dynamic visuals.
AI-Driven Upscaling: Introducing PlayStation Spectral Super Resolution, an AI-based upscaling technology that adds extraordinary detail to images, resulting in sharper image clarity.
Backward Compatibility & Game Boost: More than 8,500 PS4 games playable on PS5 Pro will benefit from PS5 Pro Game Boost, stabilizing or enhancing performance. PS4 games will also see improved resolution on select titles.
VRR & 8K Support: The PS5 Pro supports Variable Refresh Rate (VRR) and 8K gaming for the ultimate visual experience, while also launching with the latest wireless technology, Wi-Fi 7, in supported regions.
Optimized Games & Patches
Game creators have quickly embraced the new technology that comes with the PS5 Pro. Many games will receive free updates to take full advantage of the console’s new features, labeled as PS5 Pro Enhanced. Some of the highly anticipated titles include:
Alan Wake 2
Assassin’s Creed: Shadows
Demon’s Souls
Dragon’s Dogma 2
Final Fantasy 7 Rebirth
Gran Turismo 7
Marvel’s Spider-Man 2
Ratchet & Clank: Rift Apart
Horizon Forbidden West
These updates will allow players to experience their favorite games at a higher fidelity, taking full advantage of the console’s improved graphics and performance.
Design & Compatibility
Maintaining consistency within the PS5 family, the PS5 Pro retains the same height and width as the original PS5 model. Players will also have the option to add an Ultra HD Blu-ray Disc Drive or swap console covers when available.
Additionally, the PS5 Pro is fully compatible with all existing PS5 accessories, including the PlayStation VR2, DualSense Edge, Pulse Elite, and Access controller. This ensures seamless integration into your current gaming setup.
Pricing & Availability
The PS5 Pro will be available starting November 7, 2024, at a manufacturer’s suggested retail price (MSRP) of:
$699.99 USD
$949.99 CAD
£699.99 GBP
€799.99 EUR
¥119,980 JPY
Each PS5 Pro comes with a 2TB SSD, a DualSense wireless controller, and a copy of Astro’s Playroom pre-installed. Pre-orders begin on September 26, 2024, and the console will be available at participating retailers and directly from PlayStation via direct.playstation.com.
The launch of the PS5 Pro marks a new chapter in PlayStation’s commitment to delivering cutting-edge gaming experiences. Whether players choose the standard PS5 or the PS5 Pro, PlayStation aims to provide the best possible gaming experience for everyone.
Preorder your PS5 Pro and step into the next generation of gaming this holiday season.
