Java SE version history (updated)

Version	Name	Release	Major new features
25 (LTS)		9/2025	simplifications: top level methods, instance main, IO package module imports
16		3/2021	record
15		9/2020	Text blocks
14		3/2020	Switch expressions
11 (LTS)		9/2018	Run (single file) source code
9		2016	JSR 294: modular JDK (Jigsaw) Searchable javadoc
8 (LTS)	Spider	3/2014	JSR 335: lambda expressions Collections Stream Framework JSR 310: Date and Time API Compact profiles JSR 308: annotations outside declarations (on usage)
7	Dolphin	7/2011	language (project coin): switch on strings, multi catch, try with autoclosing resources, empty generics (diamond operator), binary literal, underscores in numbers NIO.2 file handling Fork/Join concurrency JAX-WS 2.2 (SOAP 1.2, WS-I 2.0, metro 2.0)
6	Mustang	12/2006	JSR 223: scripting language support JSR 224: JAX-WS2.0 (metro 1.x) JSR 221: JDBC 4 (driver autoloading)) Perfomance enhancements in synchronisation and garbage collection
5	Tiger	9/2004	language (JSR 201): Enumerations, autoboxing, enhanced for loop, static import, vararg JSR 175: Annotations JSR 14: Generics java.util.concurrent java.util.Scanner RMI automatic stub generation
1.4	Merlin	2/2002	language: assert regular expressions JSR 51: NIO JSR 47: java.util.logging JSR 54: JDBC 3 (metadata API, autogenerated keys, transaction savepoints, multiple || resultsets/statement) security and cryptography
1.3	Kestrel	5/2000	HotSpot JVM RMI/CORBA support JNDI
1.2	Playground	12/1998	Collections Swing JIT compiler Browser plugin JDBC 2.1 (datasources, distributed transactions, connection pooling,RowSet, ResultSet backscrolling and updating )
1.1		2/1997	AWT events reorganisation inner classes JavaBeans JDBC RMI reflection
1.0		1/1996

Here's an overview of Java EE versions

Jakarta EE components overview

Jakarta EE is the successor of Java Enterprise Edition. The name change follows the transition of the governance from Oracle to the Eclipse organisation. Jakarta EE9 is simply taking over from Java EE 8 without functional changes. It changes package namespaces to jakarta.* and  removes some obsolete API's. You can find the Java EE evolution up to Java EE8 in an earlier post. From Jakarta EE9 the components are evolving.

Jakarta EE release	9	10	11
year	2020	2022	2025
Requires Java SE	8	11	17
Jakarta Activation	2.0	2.1
Jakarta Annotations	2.0.0	2.1	3.0
Jakarta Authentication	2.0.0	3.0	3.1
Jakarta Authorization	2.0.0	2.1	3.0
Jakarta Batch	2.0.0	2.1.0
Jakarta Concurrency	2.0.0	3.0	2.1
Jakarta Connectors	2.0.0	2.1.0
Jakarta Contexts and Dependency Injection	3.0	4.0	4.1
Jakarta Data			1.0
Jakarta Enterprise Beans	4.0
Jakarta Expression Language	4.0.0	5.0.0	6.0
Jakarta Faces	3.0.0	4.0	4.1
Jakarta Interceptors	2.0	2.1	2.2
Jakarta JSON Binding	2.0.0	3.0.0
Jakarta JSON Processing	2.0.0	2.1
Jakarta Mail	2.0.0	2.1
Jakarta Messaging	3.0.0	3.1.0
Jakarta (Server) Pages	3.0	3.1.0	4.0
Jakarta Persistence	3.0	3.1	3.2
Jakarta RESTful Web Services	3.0	3.1	4.0
Jakarta Security	2.0	3.0	4.0
Jakarta Servlet	5.0	6.0	6.1
Jakarta Standard Tag Library	2.0.0	3.0.0
Jakarta Transactions	2.0.0
Jakarta (Bean) Validation	3.0		3.1
Jakarta WebSocket	2.0	2.1	2.2
Jakarta XML Binding	3.0	4.0	X
Jakarta XML Web Services	3.0	4.0	X
Jakarta XML Web Services (SOAP with Attachments)	2.0	3.0	X

If a cell is empty in the above table, the version is the same as in the previous release.

An X means a specification is removed.

Microsoft disables crash messages on public displays

A public display with an error message is embarassing, both for its owner and for the OS it runs on, and Microsoft has had enough of it.

Microsoft will now offer Digital Signage mode which will optionally turn of a blue screen of death display after 15 seconds.

Congratulations, symptom fight won!

 

 

 

Windows Update Service exploits

Windows Server Update Services (WSUS) are internal Servers that receive softwate updates from Microsoft and distribute these to systems throughout the company.

If these severs (version 2012 and up) are accessible from the internet on their default TCP ports, 8530 (HTTP) and 8531 (HTTPS), they can be exploited. A proof of concept of the attack is available since October 21. Internet servers are currently being actively scanned and exploited by automated hacking scanners.

Over the past month, Microsoft did 2 attempts to patch the vulnerability, but did not succeed: exploits can work around the changes made by microsoft.

Given that  WSUS is an internal software distribution system, it has the potential of distributing malicious code to internal machines.

People fail to detect a voice is an AI immitation

Using off the shelve software, UK researchers cloned human voices in 5 minutes.

Then they tested if people could distinguish between the real person and AI generated speech and most people could not identify who was the real person speaking. 

Obviously this is a dangerous tool for automating phone phishing scams. 

Java 25 quick wins

Here are some simple improvements that Java 25 brings to your everyday code.

Hello World simplified

Since the release of the C programming language, printing "Hello world!" is the first task a programmer does in a language. And Java did not shine at this:

public class HelloWorld {
    public static void main(String[] args) {
        System.out.println("Hello, World!");
    }
}

We tell our students it's magical incantation that they'll have to live with for a while and that all will become clear in due time.

At last Java 25 brings this down to the essentials:

void main() {
    IO.println("Hello, World!");
}

If I'm counting well, we go down from 89 characters to 40 characters,  That's less than half of the code. Additionally the code is more intuitive to understand.

 

This feature is called compact source files. The above improvement uses

• a launchable main method. The method automatically resides in a top level class in the unnamed package
• A new Input/Output class 

Less imports

void main() {
  List<String> ducklings = List.of("Huey", "Dewey", "Louis");
  IO.print("Hello " + ducklings);
}

We're all used to not having to import java.lang.String because Java automatically imports java.lang.*.

Java now automatically imports the java.base module.

Importing a module implies importing all public top level classes and interfaces in packages exported by that module.

The top level packages are defined in the module definitions, which exist since Java 9.

One of the packages exported by the java.base is java.util.*. Hence we do not need

import java.util.List;

for the code above to run anymore.

Additionally a program can now import modules without having to be a module itself, 

making modules more accessible to developers who never dabbled with them themselves.

You import modules (here java.util.desktop) using

import module java.util.desktop;

 

Shadowleak: tricking your AI into hacking you

ChatGPT has reported they closed a vulnerability exploited by the Shadowleak malware that was disclosed recently by Radware. 

Shadowleak uses prompt injection, the attacker tries to feed instructions to your AI service.

Security vectors have been warning against such an attack vector: when you let for example AI summarise a web page, hackers could try to craft malicious web pages that try to trick that AI.

ShwdowLeak uses ChatGPT DeepSearch, an AI tool that helps you automate email jobs. Shadowleak sends a malicious email to you and DeepSearch will happily report on the content of your email archive to the attacker. 

Particlarly worrying about the attack is that it is executed entirely on the OpenAI servers, so you cannot detect on your local machine an attack is happening. 

Radware recommends to limit the actions an AI agent can take on your system to limit the damage of such attacks.

Windows powershell Get-Process: get parentprocess ID / name, get process using port...

Powershell command to get parent processes of all processes with a given name (e. g. javaw.exe):

Get-CimInstance Win32_Process -Filter "Name = 'javaw.exe'" | select ParentProcessId

Or in a script. This one takes the process name as a parameter and also shows the , this time with the parent process name: 

$targetProcessName = $args[0]

$targetProcessName = $args[0]
$targetProcesses = Get-CimInstance -ClassName Win32_Process -Filter "Name = '$targetProcessName'"

foreach ($process in $targetProcesses) {
    $parentProcessId = $process.ParentProcessId
    $parentProcess = Get-CimInstance -ClassName Win32_Process -Filter "ProcessId = $parentProcessId"
    Write-Output "Process: $($process.processId) $($process.Name), Parent Process: $($ParentProcessId)    $($parentProcess.Name)"
}

Powershell command to get ID of process occupying a port (e.g. 8080)

 Get-Process -Id (Get-NetTCPConnection -LocalPort 8080).OwningProcess

 Once you have the id you can shoot it using 

taskkill /PID <processid> /F

 

(AI) bots eat 30% of the web bandwidth

 One of the hidden costs of AI is the hunt for training data by ripping content from websites. 

The bots are massively using content from websites without paying for it, ignoring any copyright that may be associated to that content. They are even using AI to find content that is hidden behind JavaScript logic.

AI providers often argue that they refer to their sources and that this leads to more visists to those websites. Cloudflare, a major CDN provider, has shown that often the referrals are very low compared to the bot traffic, OpenAI being the worst with 1 referral for 1600 crawls:

 

Cloudflare is now preparing a service to install a payment wall for crawling. 

Not only are the AI bots not paying for the content they are sucking from the content providers. Again according to Cloadflare, they represent 30% of the traffic going to these websites. And who is paying for the consumed bandwidth?Indeed, the content providers themselves are paying for the bandwidth their servers need.

The real cost of AI

Last year OpenAI lost $8 billion and Anthrophic lost $3 billion.

Cursor and Claude code have multplied the cost of their monthly subscriptions by 10, now at about $200.

Even wit this price tag, the increased productivity is still worth it in most cases, but it is not a free ride anymore.

Companies might have to do a thorough cost benefit analysis on their AI expenses. 

Some researchers even think we have reached the limits of the current AI techniques, while the AI industry claims Artificial General Intelligence (AI at or surpassing the level of human intelligence) is nigh. 

AI and copyright

AI generated content can infringe copyrights, but what about copyrighting content that you generated with AI?

AI generated content (text, images...) cannot be copyrighted as there is no human to give the credit to. It can be trademarked though.

 

more... 

 

 1 (4/\/"7 |_|/\/[)3|2574/\/[) '/0|_||2 \/\/|2171/\/9. 17’5 (0/\/|=|_|51/\/9.

 

 

I  CAN'T UNDERSTAND YOUR WRITING. IT'S CONFUSING

Compose mulmtiplatform now stable on IOS

With release 1.8 compose multiplatform is now moving IOS from beta to stable. Web support is moving from alpha to beta.

Stable platforms now include  

• mobile
• Android
• iOS
• desktop
• OS
• windows
• MacOs
• Linux
• processor: 64bit
• x86
• arm
• web (beta)

IntelliJ IDEA 2025.1 release highlights

Most remarkable features for me in this release:

• kotlin notebook
• you can now partially display intellij's classic main menu, which is otherwise hidden under the hambnurger button. This will certainly help people find some feartures. But I've gotten used to the hidden menu by now, and I like my main options like projects drop down to be at the same place all the time, so I don't think I will use this.
• Uses OS default file browser, rahter than IntelliJ's. It is annoying however that it is always opening in my home diretory, rather than remembering the same location as IntelliJ's. Also, in IntelliJ's browser, it was easier to go to the map of another project bu selecting that project and navigating from there.
  I switched back to IntelliJ's file browser using: Settings | Advanced Settings | Use native file chooser dialog in Windows/macOS. It just started to refresh a bit faster these last relases, so this is the best option for me.
•  Automatic creation of Sring Data repositories
• Better WSL support
•  Gradle
• Easier setting of JDK for Gradle, hopefully getting rid of daemon warnings that it is using a different JVM
• Automatic download of library sources upon source code access 
• Preconfiguration of Qodana security analysis

Using AI to write hacking code from CVE exploit publication

AI can help hackers to quickly write exploit code from published security problems.

Here's an interesting report of the journey to generate hacking code using AI. 

The engineer generated the initial code using chapGpt. The code did not work, then he fixed it with Cursor and Claude Sonnet.

The impleciation is that security administrators now even have a shorter time to install patches, as the hackers can generate the attacks in no time.

 

JetBrains new user license removes perpetual license

When installing a 2025 upgrade to a JetBrains product you have to accept a new user agreement.

 Biggest change I see is the removal of the right to use an old product indefinitely. 

This is effectively moving the products from a buy and use to a subscription model. Quite a big change to force without any explanation.

more...

AI hallucinated dependencies security risk

Some of AI generated code is wrong (hallucinations).

When AI generate dependencies attackers could create packages with commonly hallucinated names.

When the developer loads the dependencies, running the code is a security risk.

more...

Trump lifts Nvidea export limitations after the company paid for a $1M lunch at his resort

 more...

Android dessert names

 With version 10 Google stopped referring to Android versions using dessert names. Internally these names do still exist however. With version 13 I'm seeing external references to the desserts again.

10. Quince Tart
11. Red Velvet Cake
12. Snow Cone
13. Tiramisu
14. Upside Down Cake
15. Vanilla Ice Cream
16. Baklava (!?)

New features since Java 21 LTS

 Java 22

_  name for variables that are declared but not used

 Java 23

/// Markdown comments 

Java 24

• Intermediate stream operation: gather()
• security manager removed