This week’s Java roundup for August 18th, 2025, features news highlighting: the second release candidate of JDK 25; a point release of Apache Camel; maintenance releases of Eclipse JNoSQL, Quarkus and Apache TomEE; and the Quarkus team implementing the resolution to CVE-2025-55163.
JDK 25
Build 36 remains the current build in the JDK 25 early-access builds. Further details on this release may be found in the release notes.
As per the JDK 25 release schedule, Mark Reinhold, Chief Architect, Java Platform Group at Oracle, formally declared that JDK 25 has entered its second release candidate having resolved a conformance issue in Build 36. The GA release, scheduled for September 16, 2025, will include a final set of 18 features:
JDK 25 is designated to be the next long-term support (LTS) release following JDK 21, JDK 17, JDK 11 and JDK 8.
JDK 26
Build 12 of the JDK 26 early-access builds was made available this past week featuring updates from Build 11 that include fixes for various issues. More details on this release may be found in the release notes.
Spring Framework
It was a busy week over at Spring as the various teams have delivered second milestone releases of Spring Boot, Spring Security, Spring Authorization Server, Spring for GraphQL, Spring Session, Spring Integration, Spring REST Docs, Spring Batch and Spring for Apache Pulsar. More details may be found in this InfoQ news story.
Eclipse JNoSQL
The release of Eclipse JNoSQL 1.1.10, the compatible implementation of the Jakarta NoSQL and Jakarta Data specifications, provides notable changes such as: improved performance in Jakarta Data; support for named query parameters in the Jakarta Data Query Language (JDQL); and the addition of restriction keywords – CONTAINS, ENDS_WITH, STARTS_WITH and IGNORE_CASE – in the Jakarta Persistence driver.
Ondro Mihályi, Director at OmniFish, described the significance of this latest release, writing:
JNoSQL 1.1.10 will become a new Jakarta Data implementation for JPA entities, that passes the standalone Jakarta Data 1.0 TCK. It’s the first standalone implementation of Jakarta Data over JPA entities that works with any JPA provider.
Further details on this release may be found in the release notes.
Quarkus
The Quarkus team has disclosed emergency fixes that were implemented in Quarkus 3.15.6.1 and 3.20.2.1, the two LTS releases, to address CVE-2025-55163, a vulnerability in Netty versions prior to 4.1.124.Final and 4.2.4.Final, that allows an attacker to use malformed HTTP/2 control frames to break the maximum concurrent streams limit resulting in resource exhaustion and a MadeYouRest distributed denial of service (DDoS).
Quarkus 3.24.4, the fourth maintenance release, ships with bug fixes, dependency upgrades and notable changes such as: a resolution to the aforementioned CVE-2025-55163; and refinements to the HibernateValidatorProcessor class that moves the bean generator feature to the JfrProcessor class, removal of any circular dependencies and cleanup of unused parameters. More details on this release may be found in the release notes.
Apache Software Foundation
The release of Apache TomEE 10.1.1 features bug fixes and many dependency upgrades. This release ensures that TomEE runs on Java 21+ to prepare for the upcoming release of JDK 25. However, security checks via the Jakarta Authorization specification do not work on Java 21+ at this time due to the removal of the Java SecurityManager. Further details on this release may be found in the release notes.
The release of Apache Camel 4.14.0 delivers bug fixes, dependency upgrades and improvements such as: support for the upcoming release of JDK 25; the ability to include a custom authorization header in the outbound OAUTH2 token call; and improved RabbitMQ producer performance. More details on this release may be found in the release notes.
