Java Full-Stack Report November 2022: New & Noteworthy
What’s This?
Here are my most important news for Java developers from last month: Seven security vulnerabilities, we are 10 million Java developers, Spring bets on Gradle, ArchUnit verifies code organization, view talks from Devoxx Belgium, and GoF Design Patterns, functional style.
Archive
2022 | Oct | Sep | Aug | Jul | Jun | May | Apr | Mar | Feb | Jan |
Table Of Contents
New & Noteworthy
Seven Security Vulnerabilities
Usually, you have one or two vulnerabilities a month. This month, we got seven!
- Two Git vulnerabilities: We can upgrade Git to the latest version, 2.38.1, to fix this. Older, patched versions are 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, or 2.37.4.
- Text4Shell vulnerability in Apache Commons Text: We need to upgrade to Apache Commons Text 1.10.0.
- Two Spring Security vulnerabilities: There are two - here and here. To fix both, we need either Spring Security 5.6.9 or 5.7.5.
- Reactor Netty vulnerability: Frameworks like Spring WebFlux and its WebClient use Reactor Netty. We need to upgrade to version 1.0.24.
- OpenSSL vulnerability: If our projects use OpenSSL 3.0 - 3.0.5, then we need to upgrade to version 3.0.7 from November 1, 2022.
We are 10 Million Java Developers
I heard both 10 million and 12 million as the number of Java developers before. But now Oracle made it official at Java One by putting in on a slide: We are 10 million! It’s just too bad that we came in at the lower end of the range. 😩
In related news, there are 5 million Kotlin developers, according to Google. Most of them are on Android, though, not on the server.
Spring Bets On Gradle
The Spring Initializr lets us create Spring Boot projects easily. It now creates projects with Gradle by default instead of Maven.
Now that doesn’t influence our existing projects. What does, at least indirectly, is Spring’s reason: “Gradle is the future of build tools for Spring.” The GitHub issue below has a detailed list of reasons why they think Gradle is better for Spring.
So if you’re a Gradle fan — rejoice! If you’re a Maven fan — relax, you still lead Gradle by 2-3x.
I like Gradle for its brevity (compared to the “XML-ness” of Maven) and easy customization through code right in the build file. I don’t like how my build files sometimes break with new Gradle releases, though this seems to happen less. But that could be just my bias!
ArchUnit Verifies Code Organization
In Java, a public class is visible to all other classes. So how do we enforce rules like “Classes from the data repository package shouldn’t access classes in the controller package”? With ArchUnit!
ArchUnit has a Domain-Specific Language (DSL) that lets us encode the above rule:
ArchRule rule = noClasses().that()
.resideInAPackage("..repository..")
.should().dependOnClassesThat()
.resideInAPackage("..controller..");
And then, we can write JUnit tests that fail when somebody’s code violates the above rule.
The project has been around since 2017 and released version 1.0 in October. Spring Modulith uses it to verify its module structure.
View Talks from Devoxx Belgium
“Devoxx is a conference by developers, for developers.” True that! Now the original Devoxx conference comes from Belgium. It just took place again for the 19th time. And the talks are all on YouTube, too. Now for the more text-oriented readers, the button below shows talks & abstracts, but the videos are included, too.
James Gosling, the father of Java, talked about IoT there. Now he’s an experienced speaker. So I was a bit surprised to see that, apparently, he still got the jitters: His Apple Watch showed a workout during his talk! 😃
The UK version last May was terrific, too! Most of the talks are on YouTube. They’re six months old by now. But I think most hold up well!
GoF Design Patterns, Functional Style
Remember the design patterns craze in the late 90s and early 2000s? The book by the “Gang of Four” (Erich Gamma, Richard Helm, Ralph Johnson, and John Vlissides) started it all nearly 30 years ago. Its patterns are still in use today: Builder, singleton, facade, proxy, iterator, and so on.
The book had sample code in C++ and Smalltalk. Now the patterns have long been translated into Java. But the one & only Venkat Subramaniam recently showed what some of these patterns look like in Java in more functional Java.
Here’s a traditional iterator implementation:
int count = 0;
for(var name: names) {
if(name.length() == 4) {
System.out.println(name.toUpperCase());
count++;
if(count == 2) {
break;
}
}
}
}
And here it is in a functional style:
names.stream()
.filter(name -> name.length() == 4)
.map(String::toUpperCase)
.limit(2)
.forEach(System.out::println);
Slick, isn’t it? So read the article for other examples. Or brush up on the original patterns!
Side note: You know you’re old if you think of Erich Gamma as the “Eclipse guy”, not the “VS Code guy”. 😒