Java Digest #9
Hello everybody! 👋 👋 👋 We are Tinkoff Java developers: Konstantin, Andrew and Arsen. We collect interesting news, articles, tutorials and other materials from the world of Java development – and decided to share it not only with colleagues, but also with the entire community.
Build 33 of the early version of JDK 22 was made available last week and contains updates from Build 32 to fix various issues. For JDK 23 and JDK 22, developers are encouraged to report bugs through the Java Bug Database.
Spring Framework Vulnerability. The Spring Framework team said that versions 6.1.3 and 6.0.16, released on January 11, 2024, fix CVE-2024-22233, known as the Spring Framework Server Web DoS vulnerability. It allows an attacker to send a specially crafted HTTP request that can cause a denial of service condition if the application uses Spring MVC and Spring Security 6.1.6+ or 6.2.1+ is present in the classpath.
The Micronaut Foundation has released version 4.2.4 of the Micronaut framework. The new version includes Micronaut Core 4.2.4, bug fixes, dependency updates and modules: Micronaut AWS, Micronaut Flyway, Micronaut JAX-RS, Micronaut JMS, Micronaut MicroStream, Micronaut MQTT and Micronaut Servlet.
Quality Outreach Heads-up – Deprecate Memory-Access Methods in sun.misc.Unsafe for Removal in a Future Release. Text about the intention to remove memory access methods in the sun.misc.Unsafe class in future versions of Java. This is due to the increased focus on ensuring the integrity of the Java platform. Deprecate is planned to be done in draft JEP.
Hibernate Reactive 2.2.2.Final release carries an update of dependencies on Hibernate ORM 6.4.2.Final, removing unused code. and new @EnableFor and @DisabledFor annotations to enable and disable tests for database types. The second alpha release of Hibernate Search 7.1.0 offers compatibility with Hibernate ORM 6.4.2.Final, Lucene 9.9.1, and Elasticsearch 8.12, integration of Elasticsearch/OpenSearch vector search capabilities, and per-field capability information during metamodel analysis.
JEP 455: Primitive Types in Patterns, instanceof, and switch targets JDK 23.
JEP adds pattern-matching with primitive types in Patterns, instanceof and switch. This previous version feature is targeted in JDK 23.
Maksym Shafirov leaves the position of CEO of JetBrains. He will be replaced by Kyrylo Skrygan, who headed the IntelliJ department, and during his time at the company he managed the Code With Me and Rider projects.
Kyrylo Danilov – SBP: how do we ensure “quick and reliable” and why did we speed up reports 5,000 times. The talk is more about SBP architecture than Java. It gives a good idea of how a highly loaded system with 99.99% availability requirements can be arranged, what design decisions need to be made, what difficulties may arise and how to solve them.
Java’s Plans for 2024 – Inside Java Newscast #61. In the last issue, there was a video about what was added to Java in 2023. And this is about what may appear in 2024. Mykola talks about Babylon, Loom, Leyden, Valhalla, Amber, Panama and Lilliput projects. Which features are expected already this year, and which will have to wait longer.
Panama Effect – Inside Java Podcast 32. The Foreign Function & Memory API will be completed in JDK 22 and will help integrate native code into a Java application. With the new API, you can efficiently call code outside the JVM, safely access non-JVM managed memory, call native libraries, and manipulate native data without the fragility and dangers of JNI. Anna’s guest in this episode is Jorn Vernee, one of the main developers and maintainers of the Foreign Function & Memory API.
Tutorial: JWebserver – Launch the Java Simple Web Server. JwebServer is a JDK tool that provides a minimal HTTP server. This server can be used for prototyping, testing, and debugging. The tool only works with static files and browses one directory hierarchy under the HTTP/1.1 protocol, dynamic content and other versions of HTTP are not supported.
Writing Java Inspection for IntelliJ IDEA Using AI Assistant.
IntelliJ IDEA AI Assistant writes Java code inspections for IntelliJ IDEA itself. Taghir Valeev describes in detail the process of implementing a simple inspection (int)($VAR$ ^ $VAR$ << 32) => Long.hashCode($VAR$) using AI-assisted code generation and concludes that so far AI unable to generate production-ready code. For example, the AI was not confused by the fact that there is no <<< operator in Java, it's just a bug. Although such an assistant will not write the code for you, it will definitely save time when writing it.
(Semantic) Versioning your Java libraries. The semantic versioning scheme of Java libraries has long become a standard. It is simple and intuitive. But many could face the fact that the patch version allegedly contains incompatible changes. The author wrote a maven plugin that automatically checks for changes and suggests which part of the version number needs to be updated.
Project Loom. Not just virtual streams. An interesting note about some of the technical details of virtual threads and the use cases of their internal APIs.
Creating and using BOMs in Gradle. In a simple and understandable form, our regular contributor @IvanVakhrushev explained what a BOM is and why it is needed. An example of how to create a PTO in Gradle is given, as well as how to resolve conflicts in dependency versions.
Project Valhalla: Java’s epic performance quest A small but very interesting article about primitive objects from Project Valhalla, which provide high memory locality and, as a result, higher performance. The story is backed up by benchmarks for sorting and counting the sum of primitives.
How we started using Java 21 virtual threads and got stuck once or twice in TPC-C for PostgreSQL. An article about the experience of Yandex when switching to virtual streams, which tells about how poorly they work together with synchronized. And also about the fact that even if you are sure that your code will work normally, some synchronized thing deep in a third-party library can ruin your life.
How to use Java CountDownLatch. A small article by Vlad Mihalcea that may be useful for newbies. This time, the author is not talking about saving data, but about synchronizing streams in Java using CountDownLatch.
How to load classes in Java 8 and Java 9+? Great material, useful for those who want to deepen their knowledge on the topic of classloading in Java. The article looks at how loading worked up to and including Java 8, and then talks about the changes that came in Java 9 with the introduction of modularity.
Java ScopedValue — about scoped values, which are an alternative to thread local variables in Project Loom. Their APIs and implementation details are reviewed and compared.
Plugin for analyzing PostgreSQL plans in the JetBrains IDE and its development. Tensor, used to analyze postgresql query plans, can now be plugged in as a plugin for the Jetbrains IDE. In addition to this news, the article describes the development of the plugin step by step, which may be of interest to those who wanted to learn more about this topic.
FOSDEM 2024 Conference was held on February 3-4. The conf featured a separate Java track discussing the current state of OpenJDK, the Liliput project, and the steps needed to make the Loom project better and more stable. We talked about the intricacies of working with JFR – both in JDK and in GraalVM.
Thanks to @rudikone and @IvanVakhrushev for helping me collect the materials! To the readers, I thank you for motivating me to look for interesting and important things. Drop in the comments with feedback, see you in a month 😉
Send materials if you come across something interesting – we will publish it in the next issue!