Java SE 22 support in 24.0.0.4

Ramkumar K on Apr 23, 2024

announcements , microprofile , java-se , release , jakarta-ee ,

Post available in languages: 日本語 ,

The 24.0.0.4 release introduces support for Java SE 22 and includes CVE fixes. We’ve also updated several Open Liberty guides to use MicroProfile Reactive Messaging 3.0, MicroProfile 6.1, and Jakarta EE 10.

In Open Liberty 24.0.0.4:

Support for Java 22 in Open Liberty
8 guides are updated to use MicroProfile Reactive Messaging 3.0
Security Vulnerability (CVE) Fixes

Check out previous Open Liberty GA release blog posts.

Develop and run your apps using 24.0.0.4

If you’re using Maven, include the following in your pom.xml file:

<plugin>
    <groupId>io.openliberty.tools</groupId>
    <artifactId>liberty-maven-plugin</artifactId>
    <version>3.10.2</version>
</plugin>

Or for Gradle, include the following in your build.gradle file:

buildscript {
    repositories {
        mavenCentral()
    }
    dependencies {
        classpath 'io.openliberty.tools:liberty-gradle-plugin:3.8.2'
    }
}
apply plugin: 'liberty'

Or if you’re using container images:

FROM icr.io/appcafe/open-liberty

Or take a look at our Downloads page.

If you’re using IntelliJ IDEA, Visual Studio Code or Eclipse IDE, you can also take advantage of our open source Liberty developer tools to enable effective development, testing, debugging and application management all from within your IDE.

Support for Java SE 22 in Open Liberty

Java 22 is the latest release of Java SE, released in March 2024. It contains new features and enhancements over previous versions of Java. However, Java 22 is not a long-term support (LTS) release and support for it will be dropped when the next version of Java is supported. It offers some new functions and changes that you are going to want to check out for yourself.

Check out the following feature changes in Java 22:

423: Region Pinning for G1
447: Statements before super(…) (Preview)
454: Foreign Function & Memory API
456: Unnamed Variables & Patterns
457: Class-File API (Preview)
458: Launch Multi-File Source-Code Programs
459: String Templates (Second Preview)
460: Vector API (Seventh Incubator)
461: Stream Gatherers (Preview)
462: Structured Concurrency (Second Preview)
463: Implicitly Declared Classes and Instance Main Methods (Second Preview)
464: Scoped Values (Second Preview)

Take advantage of the new changes in Java 22 in Open Liberty now and get more time to review your applications, microservices, and runtime environments on your favorite server runtime!

To use Java 22 with Open Liberty, just download the latest release of Java 22 and install the 24.0.0.4 version of Open Liberty. Then, edit your Liberty server.env file to point the JAVA_HOME environment variable to your Java 22 installation and start testing today.

For more information about Java 22, see the following resources:

8 guides are updated to use MicroProfile Reactive Messaging 3.0

The following 8 guides are updated to use the MicroProfile Reactive Messaging 3.0, MicroProfile 6.1 and Jakarta EE 10 specifications:

Also, the integration tests in these guides are updated to use Testcontainers. To learn how to test reactive Java microservices in true-to-production environments using Testcontainers, try out the Testing reactive Java microservices guide.

Security vulnerability (CVE) fixes in this release

CVE	CVSS score by X-Force®	Vulnerability assessment	Versions affected	Version fixed	Notes
CVE-2023-51775	7.5	Denial of service	21.0.0.3 - 24.0.0.3	24.0.0.4	Affects the openidConnectClient-1.0, socialLogin-1.0, mpJwt-1.2, mpJwt-2.0, mpJwt-2.1, jwt-1.0 features
CVE-2024-27270	4.7	Cross-site scripting	23.0.0.3 - 24.0.0.3	24.0.0.4	Affects the servlet-6.0 feature

For a list of past security vulnerability fixes, reference the Security vulnerability (CVE) list.

Get Open Liberty 24.0.0.4 now

Available through Maven, Gradle, Docker, and as a downloadable archive.

See all blog posts