back to all blogsSee all blog posts

MicroProfile 4.0 support now available in Open Liberty

image of author
Austin Bailey on Mar 19, 2021
Post available in languages:

In, we have a milestone update to the MicroProfile feature with a major version increase to 4.0. This includes updates to all 8 MicroProfile components: Config, Fault Tolerance, Health, JWT RBAC, Metrics, Open API, Open Tracing and Rest Client. To utilize these updated components, run your app with the latest version of Open Liberty.

If you’re feeling curious about what’s coming soon in Open Liberty, take a look at the 'beta status' features in the latest development builds, for example LDAP connection support for Kerberos authentication is now available in the Open Liberty release.

In Open Liberty

Run your apps using

If you’re using Maven, here are the coordinates:


Or for Gradle:

dependencies {
    libertyRuntime group: 'io.openliberty', name: 'openliberty-runtime', version: '[,)'

Or if you’re using Docker:

FROM open-liberty

Or take a look at our Downloads page.

Ask a question on Stack Overflow

MicroProfile 4.0 Support

MicroProfile 4.0 is the first release under the Working Group model and MicroProfile Specification Process and alligns with Jakarta EE 8. This major version update includes updates to the following 8 MicroProfile components:

  • MicroProfile Config 2.0

  • MicroProfile Fault Tolerance 3.0

  • MicroProfile Health 3.0

  • MicroProfile JWT Authentication 1.2

  • MicroProfile Metrics 3.0

  • MicroProfile OpenAPI 2.0

  • MicroProfile OpenTracing 2.0

  • MicroProfile Rest Client 2.0

As this is such a large update, separate blog posts have been written for both MicroProfile 4.0 and a few of the individual components. A deep-dive into MicroProfile 4.0 can be found in the post linked below with further component-specific posts due to release over the coming weeks:

Making use of MicroProfile 4.0

To make use of MicroProfile 4.0 you must add the feature to both pom.xml and server.xml:

Add the following to your server.xml:


And add the following to your pom.xml:


Significant bugs fixed in this release

As well as adding support for MicroProfile 4.0, we’ve also spent some time fixing bugs. The following sections describe just some of the issues resolved in this release. If you’re interested, here’s the full list of bugs fixed in

  • Fix the injection of Optional Lists and Sets (MP Config)

    Previously, a bug in Open Liberty’s mpConfig-1.x features meant it was not possible to inject an Optional<List<String>> or Optional<Set<String>> using @ConfigProperty. This issue has now been fixed and there should be no issues injecting optional Lists and Sets.

  • Read jvm.options file from the intended directory

    According to the Open Liberty documentation the jvm.options file is intended to be read from the ${wlp.user.dir}/shared/jvm.options directory to allow for custom JVM options to be loaded. Prior to Open Liberty, this file was erroneously fetched from the ${WLP_INSTALL_DIR}/usr/shared/jvm.options path. This behaviour has now been corrected.

  • Update Netty to 4.1.59.Final (gRPC Client 1.0)

    Due to a vulnerability discovered in Netty client/server framework a security update has been pushed to Open Liberty, going from version 4.1.52.Final to 4.1.59.Final. The discovered vulnerability (CVE-2021-21290) would not have affected any Open Liberty code but the precautionary measure to update has been taken to maintain high security standards.

  • Update to Apache MyFaces 2.3.8

    The jsf-2.3 feature in Open Liberty makes use of Apache MyFaces JavaServer Faces implementation. With the release of Apache MyFaces 2.3.8 a number of improvements and bug fixes have been made, for more information visit the Apache MyFaces 2.3.8 changelog.

  • Fix memory leak when applications do not close JAXRS Client objects

    Prior to Open Liberty, an issue within JAXRS existed where Client objects would not be properly disopsed of when their use had expired, thus causing a memory leak. The cause of this was JAXRSClientImpl keeping a hard reference to the client so preventing it from being picked up by garbage collection; this behaviour has since been corrected. For more information view the JAX-RS 2.1 documentation.

Get Open Liberty now