Java SE version history (updated)

Version	Name	Release	Major new features
25 (LTS)		9/2025	simplifications: top level methods, instance main, IO package module imports
16		3/2021	record
15		9/2020	Text blocks
14		3/2020	Switch expressions
11 (LTS)		9/2018	Run (single file) source code
9		2016	JSR 294: modular JDK (Jigsaw) Searchable javadoc
8 (LTS)	Spider	3/2014	JSR 335: lambda expressions Collections Stream Framework JSR 310: Date and Time API Compact profiles JSR 308: annotations outside declarations (on usage)
7	Dolphin	7/2011	language (project coin): switch on strings, multi catch, try with autoclosing resources, empty generics (diamond operator), binary literal, underscores in numbers NIO.2 file handling Fork/Join concurrency JAX-WS 2.2 (SOAP 1.2, WS-I 2.0, metro 2.0)
6	Mustang	12/2006	JSR 223: scripting language support JSR 224: JAX-WS2.0 (metro 1.x) JSR 221: JDBC 4 (driver autoloading)) Perfomance enhancements in synchronisation and garbage collection
5	Tiger	9/2004	language (JSR 201): Enumerations, autoboxing, enhanced for loop, static import, vararg JSR 175: Annotations JSR 14: Generics java.util.concurrent java.util.Scanner RMI automatic stub generation
1.4	Merlin	2/2002	language: assert regular expressions JSR 51: NIO JSR 47: java.util.logging JSR 54: JDBC 3 (metadata API, autogenerated keys, transaction savepoints, multiple || resultsets/statement) security and cryptography
1.3	Kestrel	5/2000	HotSpot JVM RMI/CORBA support JNDI
1.2	Playground	12/1998	Collections Swing JIT compiler Browser plugin JDBC 2.1 (datasources, distributed transactions, connection pooling,RowSet, ResultSet backscrolling and updating )
1.1		2/1997	AWT events reorganisation inner classes JavaBeans JDBC RMI reflection
1.0		1/1996

Here's an overview of Java EE versions

Jakarta EE components overview

Jakarta EE is the successor of Java Enterprise Edition. The name change follows the transition of the governance from Oracle to the Eclipse organisation. Jakarta EE9 is simply taking over from Java EE 8 without functional changes. It changes package namespaces to jakarta.* and  removes some obsolete API's. You can find the Java EE evolution up to Java EE8 in an earlier post. From Jakarta EE9 the components are evolving.

Jakarta EE release	9	10	11
year	2020	2022	2025
Requires Java SE	8	11	17
Jakarta Activation	2.0	2.1
Jakarta Annotations	2.0.0	2.1	3.0
Jakarta Authentication	2.0.0	3.0	3.1
Jakarta Authorization	2.0.0	2.1	3.0
Jakarta Batch	2.0.0	2.1.0
Jakarta Concurrency	2.0.0	3.0	2.1
Jakarta Connectors	2.0.0	2.1.0
Jakarta Contexts and Dependency Injection	3.0	4.0	4.1
Jakarta Data			1.0
Jakarta Enterprise Beans	4.0
Jakarta Expression Language	4.0.0	5.0.0	6.0
Jakarta Faces	3.0.0	4.0	4.1
Jakarta Interceptors	2.0	2.1	2.2
Jakarta JSON Binding	2.0.0	3.0.0
Jakarta JSON Processing	2.0.0	2.1
Jakarta Mail	2.0.0	2.1
Jakarta Messaging	3.0.0	3.1.0
Jakarta (Server) Pages	3.0	3.1.0	4.0
Jakarta Persistence	3.0	3.1	3.2
Jakarta RESTful Web Services	3.0	3.1	4.0
Jakarta Security	2.0	3.0	4.0
Jakarta Servlet	5.0	6.0	6.1
Jakarta Standard Tag Library	2.0.0	3.0.0
Jakarta Transactions	2.0.0
Jakarta (Bean) Validation	3.0		3.1
Jakarta WebSocket	2.0	2.1	2.2
Jakarta XML Binding	3.0	4.0	X
Jakarta XML Web Services	3.0	4.0	X
Jakarta XML Web Services (SOAP with Attachments)	2.0	3.0	X

If a cell is empty in the above table, the version is the same as in the previous release.

An X means a specification is removed.

Microsoft disables crash messages on public displays

A public display with an error message is embarassing, both for its owner and for the OS it runs on, and Microsoft has had enough of it.

Microsoft will now offer Digital Signage mode which will optionally turn of a blue screen of death display after 15 seconds.

Congratulations, symptom fight won!

 

 

 

Windows Update Service exploits

Windows Server Update Services (WSUS) are internal Servers that receive softwate updates from Microsoft and distribute these to systems throughout the company.

If these severs (version 2012 and up) are accessible from the internet on their default TCP ports, 8530 (HTTP) and 8531 (HTTPS), they can be exploited. A proof of concept of the attack is available since October 21. Internet servers are currently being actively scanned and exploited by automated hacking scanners.

Over the past month, Microsoft did 2 attempts to patch the vulnerability, but did not succeed: exploits can work around the changes made by microsoft.

Given that  WSUS is an internal software distribution system, it has the potential of distributing malicious code to internal machines.

People fail to detect a voice is an AI immitation

Using off the shelve software, UK researchers cloned human voices in 5 minutes.

Then they tested if people could distinguish between the real person and AI generated speech and most people could not identify who was the real person speaking. 

Obviously this is a dangerous tool for automating phone phishing scams. 

Java 25 quick wins

Here are some simple improvements that Java 25 brings to your everyday code.

Hello World simplified

Since the release of the C programming language, printing "Hello world!" is the first task a programmer does in a language. And Java did not shine at this:

public class HelloWorld {
    public static void main(String[] args) {
        System.out.println("Hello, World!");
    }
}

We tell our students it's magical incantation that they'll have to live with for a while and that all will become clear in due time.

At last Java 25 brings this down to the essentials:

void main() {
    IO.println("Hello, World!");
}

If I'm counting well, we go down from 89 characters to 40 characters,  That's less than half of the code. Additionally the code is more intuitive to understand.

 

This feature is called compact source files. The above improvement uses

• a launchable main method. The method automatically resides in a top level class in the unnamed package
• A new Input/Output class 

Less imports

void main() {
  List<String> ducklings = List.of("Huey", "Dewey", "Louis");
  IO.print("Hello " + ducklings);
}

We're all used to not having to import java.lang.String because Java automatically imports java.lang.*.

Java now automatically imports the java.base module.

Importing a module implies importing all public top level classes and interfaces in packages exported by that module.

The top level packages are defined in the module definitions, which exist since Java 9.

One of the packages exported by the java.base is java.util.*. Hence we do not need

import java.util.List;

for the code above to run anymore.

Additionally a program can now import modules without having to be a module itself, 

making modules more accessible to developers who never dabbled with them themselves.

You import modules (here java.util.desktop) using

import module java.util.desktop;

 

Shadowleak: tricking your AI into hacking you

ChatGPT has reported they closed a vulnerability exploited by the Shadowleak malware that was disclosed recently by Radware. 

Shadowleak uses prompt injection, the attacker tries to feed instructions to your AI service.

Security vectors have been warning against such an attack vector: when you let for example AI summarise a web page, hackers could try to craft malicious web pages that try to trick that AI.

ShwdowLeak uses ChatGPT DeepSearch, an AI tool that helps you automate email jobs. Shadowleak sends a malicious email to you and DeepSearch will happily report on the content of your email archive to the attacker. 

Particlarly worrying about the attack is that it is executed entirely on the OpenAI servers, so you cannot detect on your local machine an attack is happening. 

Radware recommends to limit the actions an AI agent can take on your system to limit the damage of such attacks.