Java Digest # 8: Kafka 3.7, Java 17 for Maven 4, Parallel bean initialization, Scala 3.3.3 LTS

?? Aloha, friends!

March is already underway, February felt like a blur. We've shaken off some dust, gathered ourselves, and prepared the following digest for you. So, let's dive into the news!

You can read the previous digest here.

JEP 468, which proposes the introduction of derived creation for records, has advanced to Candidate status from its original JDK Draft 8321133. This enhancement aims to simplify the Java language by allowing new records to be created from existing ones with ease, specifying only the differences. Since records are immutable objects, this feature facilitates developers in modeling new data by generating new records from existing ones through a streamlined process.

Meanwhile, JEP 467 has also reached Candidate status, moving up from its JDK Draft 8316039. It suggests the adoption of Markdown for JavaDoc documentation comments, moving away from the traditional mix of HTML and JavaDoc @ tags. This change intends to make documentation comments simpler to write and more readable in their source form.

Paul Sandoz, a Java Architect at Oracle, has also introduced a JEP Draft 8326878 for the Vector API, marking its submission. Having undergone seven rounds of incubation from JDK 16 through JDK 22, the proposal is to reintroduce the API in JDK 23 without any changes to the API or significant modifications to the implementation compared to JDK 22. The Vector API aims to enable the expression of vector computations compiled at runtime into optimal vector instructions on supported CPU architectures, thereby delivering performance that surpasses that of scalar computations.

Build 12 of the JDK 23 early-access builds recently became available. It features updates from Build 11 that include fixes for various issues. Find more details on this in the release notes.

Brian Goetz shared an essential update on the future of JEP 459 (String Templates).

Since the publication of our previous article, the Spring product ecosystem has experienced numerous updates and exciting developments. Without further ado, let's examine the latest changes in detail.

The Spring Framework has been updated with three new versions. Most importantly, the latest Spring Framework 6.1.4, 6.0.17, and 5.3.32 versions have addressed the CVE-2024-22243 vulnerability (Note! Attention! Beware!). Applications that use UriComponentsBuilder to handle external URLs may be vulnerable to this issue. The main danger in this case is the vulnerability of open redirection and server-side request forgery. We strongly recommend updating if you use UriComponentsBuilder for the tasks above.

Additionally, all versions include numerous bug fixes and documentation changes. Specifically, version 6.1.4 introduces many exciting updates, including:

• Adding SqlBinaryValue/SqlCharacterValue as an alternative to SqlLobValue enables the use of byte streams in JdbcClient.
• Improved scanning of JPA entities to provide additional control. Now, you can filter by classes, not just packages.
• Modifications to ConcurrencyThrottleSupport used in SimpleAsyncTaskExecutor to support virtual threads better.
• The expansion of BeanPropertyRowMapper provides subclasses with the ability to customize mapped names.

As expected, Spring Boot also received three new versions. Spring Boot 3.1.9, 3.2.3, and 3.3.0-M2 versions feature many bug fixes and documentation updates. For more information on these updates, follow the links (one, two, three). All these versions use Hibernate 6.4.4.Final. Although this version includes significant bug fixes, it does not function correctly with "native images" (Note! Attention! Beware!). In the case of using GraalVM, it is recommended to downgrade Hibernate to 6.4.2.Final, using the hibernate.version parameter.

Spring Boot 3.3.0-M2 introduces a range of new features, among which the following can be highlighted:

• A new Zipkin sender has been added based on the JDK HttpClient.
• Support for Docker Compose with Bitnami container images has been introduced.
• The new @BatchTransactionManager annotation makes configuring Spring Batch to use a custom transaction manager easy.
• Docker Compose support has been extended for Apache ActiveMQ Artemis, ActiveMQ Classic, and LDAP. Further details about these updates are provided here, here, and here.

Spring Security versions 6.2.2, 6.1.7, and 5.8.10 are maintenance releases that include bug fixes and dependency version updates.

Spring Data has received three new versions. Spring Data 2023.1.3 and 2023.0.9 serve as the basis for Spring Boot 3.2.3 and 3.1.9, respectively. Additionally, Spring Data 2024.0.0-M1 introduces several changes worth noting:

• Added support for value expressions.
• Introduced support of MongoDB driver 5.0.
• Spring Data Neo4j changes the way transactions are handled within Neo4jTemplate/ReactiveNeo4jTemplate. If a user does not specify transactions through @Transactional or TransactionTemplate/TransactionalOperator, each query will be executed in its transaction.

Furthermore, Spring Batch versions 5.0.5 and 5.1.1 have been released. These versions contain a series of bug fixes, improvements, and dependency updates.

Updates for Spring LDAP versions 3.1.4 and 3.2.2 have been released. Besides dependency updates and minor bug fixes, these releases contain minimal changes.

Spring for Apache Kafka boasts three versions. Spring for Apache Kafka 3.0.14 includes a series of bug fixes. Meanwhile, Spring for Apache Kafka 3.1.2 contains bug fixes and several new features, more details of which can be read here. Spring for Apache Kafka 3.2.0-M1 also boasts changes, particularly from version 3.2 onwards:

• Spring for Apache Kafka provides basic capabilities necessary for interactive queries in Kafka Streams.
• Methods annotated with @KafkaListener and @KafkaHandler can be specified with asynchronous return types, allowing responses to be sent asynchronously.
• A new interface TransactionIdSuffixStrategy has been introduced to manage the suffix transactional.id.
• The ability to route messages to custom Dead Letter Topics (DLT) based on the type of errors that occurred during their processing has been added.

Spring for Apache Pulsar has two new versions. Spring for Apache Pulsar 1.0.3 includes dependency updates and a bug fix. More information about this can be read here. In the Spring for Apache Pulsar 1.1.0-M1 version, the following new features are notable:

• The introduction of the @PulsarMessage annotation allows specifying a default topic and/or schema information.
• The new schema type AUTO_CONSUME for reading data in GenericRecord format if the Pulsar topic's schema type is not known in advance.
• Support for the AUTO_PRODUCE schema.
• Support for defining topics using SpEL in the @PulsarMessage annotation.

Spring Authorization Server versions 1.1.5, 1.2.2, and 1.3.0-M2 are available for download. Further details can be found here, here, and there.

Spring for GraphQL 1.2.5 includes crucial fixes for @SubscriptionMapping, which was not functioning properly with graphql-java versions 21.x+, and for pagination with offset positions that did not comply correctly with the Relay specification. The GraphQL team has also published a detailed article on the new changes in Spring for GraphQL 1.3 M1, which is recommended reading.

You can learn about the changes in the new Spring Modulith versions 1.0.6, 1.1.3, and 1.2 M2.

New versions of Spring Shell 3.1.9 and 3.2.2, as well as Spring Tools 4.21.1, have been released. Detailed information about them can be found here and there.

The Spring Cloud Dataflow team released a new (not actually) product, Spring Functions Catalog 5.0.0‐M1. Spring Functions Catalog is a rebranding (and next generation) of the Stream Applications project's functions submodule. You can discover the reasons behind this rebranding and why it was decided to start with version 5.0.0 by reading the following article.

The Spring AI project has received its first release, version 0.8.0. It was founded on the realization that creating AI applications is no longer the exclusive prerogative of machine learning or artificial intelligence specialists. With the rapid rise in popularity of ChatGPT, which provides a simple web API for accessing pre-trained models, creating exciting artificial intelligence programs has become accessible to software developers across many programming languages and their ecosystems. You can find the key capabilities added in this first release in this article.

We conclude our overview of the latest in Spring products. Next, let's explore other exciting news about Spring.

Since our last issue, Josh Long has released six videos from the Spring Tips series.

??CQRS and Axon Framework:

Spring Tips: CQRS and Axon Framework

?? Spring AI:

Spring Tips: Spring AI

?? Spring Boot Testjars:

Spring Tips: Spring Boot Testjars

?? The Spring Authorization Server:

Spring Tips: The Spring Authorization Server

?? The Spring Authorization Server - securing SPAs and messaging flows:

Spring Tips: the Spring Authorization Server: securing SPAs and messaging flows

?? The Spring Authorization Server - durability of data:

Spring Tips: the Spring Authorization Server: durability of data

Maciej Walkowiak announced that the Spring Framework will introduce a new bean configuration feature @Fallback, starting with version 6.2.?

The @Fallback bean indicates that the bean qualifies as a backup candidate for automatic binding. It is an addition and alternative to the @Primary annotation.

After 13 years of waiting... Finally, parallel bean creation in Spring will be implemented!

The Spring team has announced that the final releases of versions 6.0.x and 5.3.x will be in August, with official support ending on August 31, 2024. You can learn about the details of their decision from this article.?

Mistral AI, a leading developer of open large language models (LLMs), has announced the addition of function call support to their advanced models. Function-calling is a feature that simplifies the integration of large language models with external tools and APIs. It allows the language model to request the execution of functions on the client side, giving it the ability to access necessary information in real-time or dynamically perform tasks. If you're interested, we recommend reading the following article.

The State of Spring survey is back with us. We suggest taking it.

?? AWS

• Converting a standard Spring Boot web application with Tomcat to an AWS Lambda container is detailed in an article on AWS blogs. This approach removes Tomcat from the build, and a special handler is used instead. To overcome the cold start issue, the article suggests either using snap start or implementing certain optimizations that limit the amount of work Spring needs to do upon initialization.
• Another article on AWS blogs describes what a Software Bill of Materials (SBOM) is and how to create one using the AWS Inspector SBOM Generator. This tool analyzes nested dependencies in jar/war archives and uploads a report to AWS Inspector, where you can review any security vulnerabilities found within these dependencies.

?? Azure

• An article about the PublishTestResults task, which integrates JUnit and Playwright test results into Azure DevOps Pipelines, has been published on Azure Blogs. This task streamlines the process of incorporating test results from these popular testing frameworks into the CI/CD pipeline, enhancing visibility into test outcomes and facilitating better development practices.
• An article on Azure Blogs also details event sourcing and its implementation in CosmosDB using the Change Feed.?
• Another article describes monitoring a Spring Boot native application with Azure Application Insights. This integration utilizes the OpenTelemetry Spring Boot starter distribution from Azure, which is currently in beta and preparing for General Availability (GA).?
• Updates to Java tooling on Azure for January 2024 include several key improvements:Support for Azure Key Vault: Now allows for the secure storage and management of secrets, keys, and certificates directly in the Toolkit for IntelliJ, enhancing the security of Java applications.Creation of projects based on Azure samples: Integration of Azure samples into the toolkit simplifies the creation of projects and their foundational structure, helping developers save time and utilize existing code templates.Enhanced experience with Azure Kubernetes: Improved management and interaction with Azure Kubernetes resources directly from IntelliJ IDEA, optimizing Java application development and deployment process on Azure Kubernetes.
• Updates for JakartaEE on Azure for February 2024 include:Configuration of high availability and disaster recovery for WAS on VM: A new tutorial is available on setting up minimum recovery time and recovery point objectives for Jakarta EE applications on WebLogic Server.A how-to guide for using Azure Redis as a session cache for WebSphere/Open Liberty: Instructions for integrating Azure Cache for Redis in Java applications to enhance performance and scalability.OpenJDK 11 and 17 for JBoss EAP are now available for VM PAYG on Marketplace: Provide performance, security, and compatibility enhancements for deploying JBoss EAP.
• Support for Tomcat in Azure Container Apps has been announced, which includes:Support for Tomcat in the cloud development process, making it easier to migrate existing Java web applications to Azure Container Apps without code or configuration changes. Support for environment variables to specify versions of tools and frameworks, such as Maven or Tomcat, is required for building the application. Inclusion of Tomcat in the image build, optimizing the deployment of Java applications that require a web server without the need for additional steps.

?? GCP

• Another method to reduce cold starts is described in an article on GCP Blogs, this time focusing on Spring Boot and Kubernetes. This approach utilizes In-place Resource Resize, which allows for the dynamic allocation of additional resources to a container for a specific period. In the case of Spring Boot, the pod receives double the CPU allocation during the startup period, which helps to reduce the cold start. Unfortunately, this mechanism is still in the alpha stage.

• Engineers at Meta have published a scientific article about TestGen-LLM, a tool for generating tests (in this case, in Kotlin) with the help of LLM. This tool does not fully write tests on its own but supplements tests written by humans.
• eBPF, a mechanism for safely extending the Linux Kernel, can now be tried out in Java thanks to the hello-ebpf library, which is still in the early-access stage and utilizes the Foreign Function & Memory API, set to be released in Java 22. The blog's author also maintains a series of blog posts with examples of using eBPF in Java.
• Netflix joins the eBPF news with the release of bpftop, a tool for monitoring eBPF programs.
• NATS, a messaging system similar to Kafka/Rabbit/Redis/etc, has released a new video. It discusses one of the main features distinguishing it from competitors – the JetStream API for consumers. Among other things, this feature allows you to move data filtering from clients to NATS servers. In addition to the JetStream API, the video also describes push/pull-based consumers, durable/ephemeral consumers, several acknowledgment mechanisms, and several examples of implementing JetStream consumers.
• Recently, a new major version of Javalin 6 was released, and this month, version 6.1.x has already appeared. Javalin is a simple and lightweight framework for creating web applications, and if you're interested, here's the official site with code examples. Interestingly, in Javalin 5, virtual threads were enabled by default, but in Javalin 6, they decided to revert to using standard threads by default. Possible reasons for this change can be found in this GitHub issue.
• Virtual threads are also discussed in the new Quarkus Insights #153 video by Quarkus. In addition to the advantages, some potential downsides are also discussed – such as the pattern of creating expensive resources for each thread through threadLocal in some thread pool implementations, as well as the blocking or monopolization of carrier threads. Mainly, the old good rule applies: Don't Ever Block the Event Loop.
• You can refresh your knowledge about SQL query optimization with this article, which includes about 20 ways to optimize select/insert/delete queries.
• Apache NiFi recently added support for the OpenTelemetry Protocol (OTLP). Details of the implementation and requirements for integration with the ListenOTLP Processor are in this article. Additionally, Apache NiFi is preparing for a new major release 2.0, and last month, version 2.0.0-M2 was released.
• If you've been eager to understand Bloom filters, this article might be just what you're looking for.
• Scala versions 3.4.0 and 3.3.3 LTS have been released.
• Oracle Labs released version 0.10.1 of Native Build Tools, a GraalVM project consisting of plugins for interaction with GraalVM Native Image. You can read more about it here.
• Kafka 3.7.0 is now available. You can read the full list of changes and updates here. Support for JBOD (Just a Bunch of Disks) in KRaft is available in early access. JBOD allows the use of multiple disks to store Kafka logs. This feature is not yet ready for production use, but you can read details about the current state of this capability here. Also available in early access is a new consumer rebalancing protocol. This new protocol shifts most of the rebalancing logic to the coordinator instead of the clients. It retains the same semantics for consumer groups but is more efficient and expected to perform better. You can find out more about this feature here. Clients can now send their metrics to brokers. It facilitates easy collection of client metrics and simplifies monitoring of client applications. Apache Kafka now provides an official Docker image on Dockerhub.
• Docker released Docker Desktop version 4.27. This version transitions Docker Init to General Availability (GA) with support for Java, introduces synchronized file shares, and includes support for TestContainers with Enhanced Container Isolation (ECI), Docker Build Cloud, Docker Debug, and much more. Docker Init, initially released in beta with Docker 4.18, is a CLI command designed to simplify adding Docker resources. Docker 4.26 added support for PHP, and now Docker 4.27 supports Java. The list of supported languages currently includes Go, Node.js, Rust, and ASP.NET. To automatically create assets, simply run the docker init command in the target project folder, and it will automatically create dockerfiles, compose, and .dockerignore files based on the project characteristics. Synchronized file shares are an alternative file-sharing mechanism aimed at addressing the problems of using large codebases in containers with virtual file systems. According to Docker, this feature increases file operation speeds by 2-10 times through the use of synchronized file system caches. Users with large repositories and those using virtual file systems such as VirtioFS, gRPC FUSE, and osxfs, as well as those experiencing performance limitations, can benefit from this feature. Docker Desktop 4.27 introduces the ability to use TestContainers with Enhanced Container Isolation (ECI). ECI provides a new level of security to prevent the compromise of Docker Desktop or the host machine by malicious workloads running in containers by running containers without root access to the Docker Desktop virtual machine.

We hope you've already added the videos from the Spring Tips series we wrote about in the Spring Updates section to your watch list. However, we also recommend paying attention to the videos presented below:

?? (Dirty?) Tricks in Java 22 - Inside Java Newscast #64

?? Project Leyden: Capturing Lightning in a Bottle

????Java's Virtual Threads - Next Steps

• A great tip from Maciej Walkowiak: If you frequently use the pattern repository.findById(..).orElseThrow(..) at the service level, consider adding a default method findByIdOrThrow to your repository interface:

• It seems that the minimum Java version for Maven 4 will be Java 17.

• ChatGPT continues to impress. Recently, the authors of this digest learned that if you ask ChatGPT to behave like the captain of the USS Enterprise and present the response as a log entry, the accuracy of such an answer significantly increases. We have also discovered that using ASCII art is enough to circumvent censored topics.?

Thanks for reading the digest! Don't forget to like and subscribe to our monthly newsletter on LinkedIn. We also appreciate your ideas on how we can improve our future articles.

As usual, the Avenga team worked on the digest:

• Ivan Mahlatii;
• Oleg Chernygevych;
• Andrew Petryk.