Java News Roundup: Spring Tools, Helidon, Open Liberty, TomEE, JobRunr, Hibernate, Commonhaus

2026-06-22 · Source: InfoQ · Field: Technology & Digital — Software Development & Engineering, Artificial Intelligence & Machine Learning, Cybersecurity & Data Privacy · Depth: Intermediate, medium

Summary

The Java News Roundup for June 15th, 2026, details significant updates across the Java ecosystem. OpenJDK's jtreg 8.3.0 was released, supporting JEP 512 and enhanced driver mode. Early-access builds for JDK 27 (Build 27) and JDK 28 (Build 3) also became available with various fixes. Spring Tools 5.2.0 introduced a Claude Code Plugin, Spring AI support, and type-safe property references. Helidon 4.5.0 enhanced security with hardened value encryption and HPACK rejection. Open Liberty 26.0.0.6 addressed CVE-2026-4410 and CVE-2026-5516. Apache TomEE 11.0.0-M1 added Jakarta EE 11 and MicroProfile 7.1 support. JobRunr 8.7.0 featured lazy server initialization and dashboard improvements. Hibernate ORM 8.0.0 Beta1 implemented Jakarta Persistence 4.0-M5 and introduced graph-based flush coordination and row-level security. Quarkus issued emergency releases (3.20, 3.27, 3.33, 3.36, 3.37) for CVE-2026-50559. Finally, OkHttp, Okio, Retrofit, and SQLDelight joined the Commonhaus Foundation, and Gradle 9.6.0 improved its Configuration Cache.

Key takeaway

For Java developers and architects managing enterprise applications, regularly updating your dependencies is crucial. The numerous security patches in Open Liberty and Quarkus, alongside new features in Spring Tools and Hibernate, highlight the continuous need for vigilance. You should prioritize applying security updates to mitigate vulnerabilities like CVE-2026-50559 and CVE-2026-4410. Additionally, explore new capabilities in Spring Tools 5.2.0 or Hibernate ORM 8.0.0 Beta1 to enhance your development workflows and application security.

Key insights

The Java ecosystem continues rapid evolution with security patches, new features, and foundation shifts.

Principles

• Continuous security patching is vital for platform stability.
• Open-source project governance models are evolving.
• Early access builds drive rapid JDK development.

In practice

• Update Quarkus to versions 3.20, 3.27, 3.33, 3.36, or 3.37 for CVE fixes.
• Explore Spring Tools 5.2.0's Claude Code Plugin for AI assistance.
• Consider Hibernate ORM 8.0.0 Beta1 for row-level security.

Topics

• Java Ecosystem
• OpenJDK
• Spring Framework
• Hibernate ORM
• Application Security
• Open-Source Governance
• Gradle

Code references

• openjdk/jtreg
• openjdk/jdk
• spring-projects/spring-tools
• helidon-io/helidon
• jobrunr/jobrunr

Best for: CTO, VP of Engineering/Data, Machine Learning Engineer, Software Engineer, AI Engineer, Security Engineer

Related on AIssential

• Java News Roundup: GraalVM, Spring AI, JobRunr, GlassFish, Grails, Groovy, Quarkus Agent MCP — Java ecosystem components are rapidly evolving, with significant updates in concurrency, AI integration, and security.
• Java News Roundup: OpenJDK JEPs, Hazelcast, Quarkus, Hibernate, Koog, JHipster, Introducing Endive — The Java ecosystem is rapidly evolving with new JDK features, AI integration, and improved developer tooling.
• Announcing ADK for Java 1.0.0: Building the Future of AI Agents in Java — ADK for Java 1.0.0 enhances AI agent development with advanced tools, control, and interoperability.
• OpenClaw 2026.2.21 After OpenAI: 50+ Survival Tips for Security, Memory & Runaway Costs — OpenClaw's acquisition by OpenAI followed severe security vulnerabilities and functional shortcomings.
• The State of the SBOM Tool Ecosystems: A Comparative Analysis of SPDX and CycloneDX — SPDX and CycloneDX SBOM tool ecosystems exhibit distinct, complementary strengths in maturity, engagement, and use case support.
• Measuring LLMs' Impact on N-day Exploits — LLMs, particularly Claude Mythos Preview, drastically accelerate N-day exploit creation, making patch gaps critically dangerous.

Open in AIssential →

Editorial summary, takeaway, and curation by AIssential. Original article published by InfoQ.