Java Full-Stack Report May 2022: New & Noteworthy
What’s This?
Here are the most important news for Java developers from last month - in my opinion, at least.
Archive
April 2022 | March 2022 | February 2022 | January 2022 |
Table Of Contents
New & Noteworthy
Spring Boot’s Zero-Day Exploit Gets Worse
Last month, I reported on a zero-day exploit of Spring Boot. That exploit’s called Spring4Shell and affected WAR files in a standalone Tomcat instance on JDK 9+. Then it got worse.
- First, it turned out that the application servers Glassfish and Payara are vulnerable to that attack, too.
- Then the Spring team discovered another vulnerability in Data Binding Rules.
Spring updated their initial blog post with the new information. So please read it!
New Relic’s “State of Java” Report
New Relic published its “2022 State of the Java Ecosystem” report at the end of April. The previous one was from 2020. This report is different from the surveys among 2-3 thousand developers that JRebel and Snyk publish: It’s based on data from “millions of [Java] applications”, collected in January 2022.
There are three main findings:
- Java 11 has surpassed Java 8 (48% vs. 46%). In 2020, Java 8 had 84%, and Java 11 had 11%.
- Amazon Corretto is the surprise winner of “second-most popular Java distribution” after Oracle. I guess “Oracle” includes both the Oracle JDK and Oracle OpenJDK. Yep, confusing each time. Anyhow, Eclipse Adoptium (previously known as “AdoptOpenJDK”) is only in third place. As New Relic mentioned, Amazon really pushed Corretta with Java 17 - before that, Adoptium was in second place.
- Java applications in containers run with few resources: 42% have one CPU core, 20% just two - and another 20% have eight. 43% have only up to 512 MB RAM, 15% 0.5-1 GB, another 15% 1-2 GB, and 12% 2-3 GB. So 62% of Java containers have just one or two CPU cores, 58% have 1 GB or less RAM, and 73% have 2 GB RAM or less.
Native Java Makes Java in the Cloud Cheaper
Java dominates enterprise applications. But in the cloud, Java is more expensive than some competitors. Native compilation with GraalVM makes Java in the cloud cheaper: It creates applications that start much faster and use less memory.
So native compilation raises many questions for all Java users: How does native Java change development? When should we switch to native Java? When should we not? And what framework should we use for native Java?
I’m the editor of an article series on InfoQ that provides some answers. So far, we have articles about GraalVM, Quarkus, Micronaut, and lessons learned. We have plans for two more articles over the coming weeks.
Eclipse IDE Moving to Web & Cloud
Eclipse IDE is 20 years old. But its best days are behind it: Surveys, such as JRebel’s “2022 Java Developer Productivity Report”, find IntelliJ at least twice as popular. Visual Studio Code is becoming the free IDE of choice of all developers and constantly updates its Java support. And in Stack Overflow’s “2021 Developer Survey”, 69% of 12,955 respondents dislike using the Eclipse IDE; only NetBeans scored worse. In contrast, 68% of 23,467 developers like IntelliJ, and 79% of 58,026 developers like Visual Studio Code. Ouch.
So, what’s a venerable, old IDE to do there? The answer is: Move to the web & cloud with Eclipse Theia. That’s at least what Mike Milinkovich, head of Eclipse, suggested in a blog post titled “Eclipse Theia is the next generation of Eclipse!”. What is Theia? And when will that move happen?
Eclipse Theia is not an IDE. It’s a set of components to build an IDE. Like Visual Studio Code, it’s based on web technologies and written in Typescript. It even uses the same code editor as Visual Studio Code and can use its extensions. This blog post compares Theia with the good ol’ Eclipse IDE.
The problem: There’s no general “Theia IDE” you can download, like you can download Eclipse IDE. There is Eclipse Che, but that also runs Visual Studio Code and IntelliJ. There is an IDE prototype called “Theia Blueprint”. But that’s “not a production-ready product”, though it may become that one day. And as Mike said, this was not “an announcement of the deprecation of the Eclipse IDE” - that will be maintained for a long time.
So if anything, this announcement is a statement of intent: “Developers really like Visual Studio Code, so we’ll have an IDE just like it in the future.” It’s the same thing that JetBrains did with its Fleet announcement last November.