This week’s Java roundup for June 20th, 2022 features news from OpenJDK, JDK 19, JDK 20, Spring point releases, GlassFish 7.0.0-M6, GraalVM Native Build Tools 0.9.12, Micronaut 3.5.2, Quarkus 2.10.0, Project Reactor 2022.0.0-M3, Apache Camel Quarkus 2.10.0, and Apache Tika versions 2.4.1 and 1.28.4.
Brian Goetz, Java language architect at Oracle, recently updated JEP Draft 828039, Classfile API, to provide background information on how this draft will evolve and ultimately replace the Java bytecode manipulation and analysis framework, ASM, that Goetz characterizes as “an old codebase with plenty of legacy baggage.” This JEP proposes to provide an API for parsing, generating, and transforming Java class files. This JEP will initially serve as an internal replacement for ASM in the JDK with plans to have it opened as a public API.
Build 28 of the JDK 19 early-access builds was made available this past week, featuring updates from Build 27 that include fixes to various issues. More details may be found in the release notes.
Build 3 of the JDK 20 early-access builds was also made available this past week, featuring updates from Build 2 that includes fixes to various issues. Release notes are not yet available.
For JDK 19 and JDK 20, developers are encouraged to report bugs via the Java Bug Database.
Spring Boot 2.7.1 has been released featuring 66 bug fixes, improvements in documentation and dependency upgrades such as: Spring Framework 5.3.21, Spring Data 2021.2.1, Spring Security 5.7.2, Reactive Streams 1.0.4, Groovy 3.0.11, Hazelcast 5.1.2 and Kotlin Coroutines 1.6.3. More details on this release may be found in the release notes.
Spring Boot 2.6.9 has been released featuring 44 bug fixes, improvements in documentation and dependency upgrades similar to Spring Boot 2.7.1. Further details on this release may be found in the release notes.
VMware has published CVE-2022-22980, Spring Data MongoDB SpEL Expression Injection Vulnerability, a vulnerability in which a “Spring Data MongoDB application is vulnerable to SpEL Injection when using
@Aggregation-annotated query methods with SpEL expressions that contain query parameter placeholders for value binding if the input is not sanitized.” Spring Data MongoDB versions 3.4.1 and 3.3.5 have resolved this vulnerability.
Spring Data versions 2021.2.1 and 2021.1.5 have been released featuring upgrades to all of the Spring Data sub projects such as: Spring Data MongoDB, Spring Data Cassandra, Spring Data JDBC and Spring Data Commons. These releases will also be consumed by Spring Boot 2.7.1 and 2.6.9, respectively, and address the aforementioned CVE-2022-22980.
Spring Authorization Server 0.3.1 has been released featuring some enhancements and bug fixes. However, the team decided to downgrade from JDK 11 to JDK 8 to maintain compatibility and consistency with Spring Framework, Spring Security 5.x and Spring Boot 2.x. As a result, the HyperSQL (HSQLDB) dependency was also downgraded to version 2.5.2 because HSQLDB 2.6.0 and above require JDK 11. More details on this release may be found in the release notes.
Spring Security versions 5.7.2 and 5.6.6 have been released featuring bug fixes and dependency upgrades. Both versions share a new feature in which testing examples have been updated to use JUnit Jupiter, an integral part of JUnit 5. Further details on these releases may be found in the release notes for version 5.7.2 and version 5.6.6.
On the road to GlassFish 7.0.0, the sixth milestone release was made available by the Eclipse Foundation that delivers a number of changes related to passing the Technology Compatibility Kit (TCK) for the Jakarta Contexts and Dependency Injection 4.0 and Jakarta Concurrency 3.0 specifications. However, this milestone release has not yet passed the full Jakarta EE 10 TCK. GlassFish 7.0.0-M6, considered a beta release, compiles and runs on JDK 11 through JDK 18. More details on this release may be found in the release notes.
GraalVM Native Build Tools
On the road to version 1.0, Oracle Labs has released version 0.9.12 of Native Build Tools, a GraalVM project consisting of plugins for interoperability with GraalVM Native Image. This latest release provides: support documentation for Mockito and Byte Buddy; prevent builds from failing if no test list has been provided; support different agent modes in the
native-image Gradle plugin, a breaking change; and support for JVM Reachability Metadata in Maven. Further details on this release may be found in the release notes.
The Micronaut Foundation has released Micronaut 3.5.2 featuring bug fixes and point releases of the Micronaut Oracle Cloud 2.1.4, Micronaut Email 1.2.3, and Micronaut Spring 4.1.1 projects. Documentation for the
ApplicationContextConfigurer interface was also updated to include a recommendation on how to define a default Micronaut environment. More details on this release may be found in the release notes.
Red Hat has released Quarkus 2.10.0.Final featuring: preliminary work on virtual threads (JEP 425) from Project Loom; support non-blocking workloads in GraphQL extensions; a dependency upgrade to SmallRye Reactive Messaging 3.16.0; support for Kubernetes service binding for Reactive SQL Clients extensions; and a new contract
CacheKeyGenerator to allow for customizing generated cache keys from method parameters.
On the road to Project Reactor 2022.0.0, the third milestone release was made available featuring dependency upgrades to
reactor-addons 3.5.0-M3 and
Apache Camel Quarkus
Maintaining alignment with Quarkus, The Apache Software Foundation has released Camel Quarkus 2.10.0 containing Camel 3.17.0 and Quarkus 2.10.0.Final. New features include: new extensions, Azure Key Vault and DataSonnet; and removal of deprecated extensions in Camel 3.17.0. Further details on this release may be found in the list of issues.
The Apache Tika team has released version 2.4.1 of their metadata extraction toolkit. Formerly a subproject of Apache Lucene, this latest version ships with improved customization and configuration such as: add a
stop() method to the
TikaServerCli class so that it can be executed with Apache Commons Daemon; allow pass-through of
Content-Length header to metadata in the
TikaResource class; and support for users to expand system properties from the forking process into forked
Apache Tika 1.28.4 was also released featuring security fixes and dependency upgrades. More details in this release may be found in the changelog. The 1.x release train will reach end-of-life on September 30, 2022.
Adblock test (Why?)