Author: Karsten Silz
Apr 7, 2022   |  updated May 1, 2022 2 min read

Permalink: https://betterprojectsfaster.com/guide/java-full-stack-report-2022-04/new-noteworthy/

Java Full-Stack Report April 2022: New & Noteworthy


This is an old version! Click below for the current one.

See Current Version


What’s This?

Here are the most important news for Java developers from last month - in my opinion, at least.

Archive

March 2022 February 2022 January 2022

Table Of Contents

New & Noteworthy

I didn’t have much time to collect news this month. But the

Java 18 Is Here

The new version of Java dropped on March 22. It doesn’t change how we write Java code. Well, unless you count the new @snippet Javadoc tag. And maybe the deprecation of finalize().

Apart from that, UTF-8 is now the “default charset of the standard Java APIs”. And there’s a whole bunch of under-the-hood changes and updates to incubating features and features in preview. And for reasons, Java now has a web server that only serves HEAD and GET requests and doesn’t have authentication or HTTPS.

Zero-Day Exploit Hits Spring Boot

That’s the kind of announcement you hope you’ll never have to make: A zero-day exploit hit Spring Boot. Worse: The details of the exploit leaked in full before a fix was ready.

At the time of writing, the Spring team says that only applications running as WAR files in a standalone Tomcat instance on JDK 9+ are vulnerable. Please upgrade to Spring Boot 2.6.6 or 2.5.12 to fix this vulnerability.

Please see the announcement for details.

Java Heap Deep Dive, Part 2

Last month, I had a news item about “Java Garbage Collection Deep Dive, Part 1”. Well, turns out I suck at reading: The article was “Java Heap Deep Dive, Part 1” and discussed garbage collection. So the heap discussion continues with memory leaks.


comments powered by Disqus