Java News Digest

Java News Digest

January 13, 2023

by Maksim Shelkovich, Java Engineer at InterLogic

 

The world is constantly changing, including the world of technologies.
Today we will talk about the most interesting changes and news in the world of Java that happened recently.

What else would you like to add to the digest?

 

Apache Tomcat: Low: Apache Tomcat JsonErrorReportValve injection (CVE-2022-45143)

Description
The JsonErrorReportValve in Apache Tomcat 8.5.83, 9.0.40 to 9.0.68 and 10.1.0-M1 to 10.1.1 did not escape the type, message or description values. In some circumstances these are constructed from user provided data, and it was therefore possible for users to supply values that invalidated or manipulated the JSON output.

Kubernetes, Your Next Java App Server • Burr Sutter • GOTO 2022

In the Java ecosystem, we have historically been enamored by the concept of the "Application Server", the runtime engine that not only gave us portable APIs (e.g. JMS, JAX-RS, JSF, EJB) but also gave us critical runtime infrastructure for things like farm deployments, configuration, load-balancing, fail-over, distributed management and monitoring.

In this session, Burr Sutter will demonstrate how Kubernetes and OpenShift give you the critical runtime infrastructure you need for JVM-based applications.

This is whether they are Java EE, Spring, MicroProfile, Vert.x, Kotlin, etc. because in a cloud-native world, your APIs can be whatever best fit your project’s requirements.

From ThreadLocal to ScopedValue Tutorial

The video explains drawbacks of using TreadLocal variables and the way it is now fixed with ScopedValue variables. You will understand how ScopedValue are working and how it could be used.

Secure Coding Guidelines for Java SE

The video gives examples of insecure practices that may lead to security vulnerabilities and also discuss how to avoid them by applying the guidelines. It covers recent updates, including expanded guidance on topics such as deserialization, exception and error handling, and others.

Ktor 2.2.2 has been released

The JetBrains team announced the release of the Ktor 2.2.2. Release notes under the link.

Maven 3.8.7 has been released

The Apache Maven team is pleased to announce the release of the Apache Maven 3.8.7. Release notes under the link.

Efficient JSON serialization with Jackson and Java

Ben Evans is a Java Champion and Senior Principal Software Engineer at Red Hat. He has written five books on programming, including Optimizing Java (O'Reilly) and The Well-Grounded Java Developer (Manning).
In the article he reveals modern serialization problems and shares best practices to work with JSON.

Hidden gems in Java 19, Part 1: The not-so-hidden JEPs

The article demonstrates use of the latest Java 19 updates made in the scope of Panama, Amber and Loom projects, as well as porting the JDK to the Linux/RISC-V instruction set:

  1. Virtual threads
  2. Structured concurrency
  3. Record patterns
  4. Pattern matching for switch
  5. Foreign Function and Memory API
  6. Vector API
  7. Linux/RISC-V port

Nothing is better than the Optional type. Really. Nothing is better.

Best practices on using Optional class from Michael Ernst, professor of computer science and engineering at the University of Washington in Seattle, Washington.
The misunderstanding of real problem Optional built to solve just creates new problems, clutters code and adds leads to space, time, and coding overhead.
The article gives an idea which is a better way for null checking and how use Optional without causing new troubles.

Colossal Sparse Memory Segments

Did you know you can allocate memory segments that are larger than the physical size of your machine’s RAM and indeed larger than the size of your entire file system? Read this article and learn how to make use of mapped memory segments that may or may not be “sparse” and how to allocate 64 terabytes of sparse data on a laptop.

Time for pudding... and another Panama update

With JEP 434: Foreign Function & Memory API (Second Preview) an API has been introduced which allows Java programs interoperate with code and data outside the Java runtime. By efficiently invoking foreign functions (i.e., code outside the JVM), and by safely accessing foreign memory (i.e., memory not managed by the JVM), the API enables Java programs to call native libraries and process native data without the brittleness and danger of JNI.
This work has been done in the scope of Panama project.
The mail will give you the latest updates on Panama project and future development direction regarding feedbacks gathered.