website

☕ Pulse on Java – January 2026 Edition

Your AI-generated monthly roundup of Java platform, framework, and community updates.

Visualization

[infoq.com], [spring.io], [infoq.com], [quarkus.io], [jchampionsconf.com], [payara.fish]

January 2026 kicked off the year by building on 2025’s momentum and preparing Java developers for the road ahead. This month saw Java SE 8 and 11 reach their long-anticipated end-of-free-support milestone as Oracle delivered their final public updates, definitively shifting the Java ecosystem to Java 17+ as the standard baseline. Meanwhile, JDK 26 advanced into its last pre-release stages, locking in its feature set and moving to final bug-fixing mode (Rampdown Phase Two) by mid-January. The broader Java world was abuzz with maintenance releases and early previews: enterprise Java vendors and open source projects rolled out their first updates of 2026 – from Payara’s January Platform release to Open Liberty’s 26.0.0.1 – ensuring full support for the latest standards and fixing vulnerabilities. Framework maintainers used the new year to both shore up recent major releases and start the next innovation cycle. The Spring ecosystem issued swift patch releases (e.g. Spring Boot 4.0.2) and unveiled the first milestones of Spring’s next versions, while Red Hat’s Quarkus delivered a feature-packed release (3.31) optimized for Java 25 and emerging standards. Other platforms like Micronaut, Apache Tomcat, Ktor, and more saw steady improvements, keeping pace with modern Java features and developer needs. On the community side, January was far from quiet: the jChampions Conference 2026 gathered experts to discuss Java’s future, and numerous blogs, webinars, and podcasts (from Inside Java to Foojay and InfoQ) offered predictions and technical deep-dives into topics like AI on the JVM, project Amber’s new proposals, and best practices for the year ahead. Below we summarize the key January 2026 events and releases by date and category, followed by detailed highlights across Java SE, enterprise Java, frameworks, tools, community happenings, and security. [infoq.com] [jchampionsconf.com]

Date (Jan 2026)	Category	Key Event / Update
Jan 5–12	Community	Inside Java Newscast #104 outlined Java’s 2026 roadmap (JDK 26, Valhalla, Panama, Loom) [payara.fish]. Inside Java Podcast #44 featured Java experts discussing scripting, collections, and generics with the BeJUG JUG [payara.fish].
Jan 16	Release (Java SE)	JDK 26 enters Rampdown Phase Two (feature set frozen at 10 JEPs; bug-fix phase), on track for March 2026 GA release. All 10 planned features (e.g. Applet API removal, HTTP/3 client, **“final means final” strictness) are confirmed [infoq.com].
Jan 20	Security/Release	Oracle’s Critical Patch Update (CPU) released final public updates for Java 8 and 11 (JDK 8u481 & 11.0.30) [infoq.com], alongside JDK 25.0.2, 21.0.10, 17.0.18 security patches [infoq.com]. These updates address vulnerabilities across all supported Java versions as part of the quarterly CPU [infoq.com].
Jan 22	Release (Framework)	Spring Boot 4.0.2 (first 2026 patch release) shipped with 62 bug fixes and improvements [spring.io], ensuring stability for early adopters of Spring Boot 4. The Spring team also launched the first milestones of Spring Boot 4.1 and related projects (Spring Security, Integration, etc.), kicking off the next development cycle [infoq.com].
Jan 25	Release (Enterprise Java)	Payara Platform January 2026 Edition released, including Payara 7.2026.1 Community (Jakarta EE 11 based) and corresponding Enterprise versions [infoq.com]. These updates focus on bug fixes and address security issues (e.g. a Dojo library prototype pollution CVE) in Payara’s components [infoq.com].
Jan 26	Release (Enterprise Java)	Open Liberty 26.0.0.1 (IBM’s Jakarta EE 11 runtime) GA was announced with features like automatic log throttling to prevent spam and fixes for bugs and an XSS vulnerability (CVE-2025-12635) in the prior version [infoq.com].
Jan 27	Conference	The jChampions Conference 2026 took place online (Jan 22–27) with four days of sessions by Java Champions from around the world [jchampionsconf.com]. Talks spanned topics from AI in Java (RAG techniques for LLMs) to Project Loom, Kubernetes integration, and best practices for modern Java development. Recordings of all sessions were made available for free on YouTube [payara.fish].
Jan 28	Release (Framework)	Quarkus 3.31.0.Final was released, bringing full support for Java 25 (Java 21+ required) and introducing a Quarkus-specific Maven build packaging for faster, optimized builds [quarkus.io], [quarkus.io]. It also debuted “Panache Next”, a revamped data access API for Hibernate with better developer experience and Jakarta Data integration [quarkus.io]. (Quarkus 3.30.x LTS patches, e.g. 3.30.6 on Jan 7, continue for stability.)
Jan 30	Release (Web/Server)	Apache Tomcat (Servlet/Jakarta EE container) received maintenance updates: versions 11.0.18 (Jakarta EE 11/Servlet 6.1), 10.1.52, and 9.0.115 were published with bug fixes and improvements [infoq.com]. Notably, Tomcat 11 now ignores certain TLSv1.3 ciphers by default (to align with JSSE/OpenSSL behavior) and fixes a resource loading regression [infoq.com].

🔬 Java SE & Platform Updates

JDK 26 Nears the Finish Line: As expected, Java Development Kit 26 moved into its final stabilization phase in January. On January 16, OpenJDK leadership announced that JDK 26 entered Rampdown Phase Two – meaning the feature set is officially frozen and only critical bug fixes are now being accepted. This confirms the 10 JDK Enhancement Proposals (JEPs) slated for the March 2026 release, the same set that reached Rampdown Phase One in December. The included improvements cover a broad range, such as the long-awaited removal of the deprecated Applet API (JEP 504), built-in HTTP/3 support in the java.net HTTP Client (JEP 517), stricter immutability via the “Final Means Final” JEP 500 (which will start issuing warnings for attempts to mutate final fields via reflection), throughput optimizations for the G1 GC (JEP 522), and extended preview features like Structured Concurrency (6th preview, JEP 525) and Lazy Static Constants (2nd preview, JEP 526). Also in JDK 26 are an 11th incubator of the Vector API (JEP 529) and a 4th preview of pattern matching for primitive types (JEP 530). Developers can already test these features in the latest JDK 26 early access builds – Build 32 was released by mid-January, and the first Release Candidate build (RC1) was anticipated for early February. With no showstopper bugs remaining, JDK 26’s General Availability is on track for March 17, 2026. [infoq.com] [infoq.com] [infoq.com], [infoq.com]

JDK 27 Early Work & New JEPs: In parallel, the OpenJDK community is laying groundwork for JDK 27, which is due in September 2026. The year began with steady progress on JDK 27’s main line: by late January, JDK 27 Early Access Build 7 was available, incorporating initial bug fixes and minor enhancements as development picks up steam. A notable feature in the pipeline is JEP 527 (Post-Quantum TLS 1.3), which was formally targeted for JDK 27 in January. This JEP updates Java’s TLS 1.3 implementation with hybrid post-quantum key exchange algorithms, combining classical and quantum-resistant cryptography to future-proof Java’s SSL/TLS security. The work builds on earlier efforts like the Quantum-Resistant Key Encapsulation (JEP 496) delivered in JDK 24, reflecting an industry-wide push to prepare for the era of quantum computing. We can expect more JEPs to be confirmed for JDK 27 in the coming months as its scope takes shape, especially with JDK 26’s completion freeing up engineering resources. [infoq.com] [infoq.com]

Final Free Updates for Java 8 & 11: A significant milestone was reached in January’s Oracle Critical Patch Update (CPU) – the last free public security patches for Java 8 and Java 11 were released on January 20, 2026. Oracle JDK 8 Update 481 and JDK 11.0.30 (as well as corresponding OpenJDK 8u** and 11.0.20.2 builds) are the final publicly available fixes for those two long-lived LTS releases, which have now officially exited public support. Going forward, any further fixes for Java 8 and 11 will only be provided through paid support or third-party distributions. This marks the end of an era – Java 8, released in 2014, and Java 11 (2018) were both widely used cornerstone versions. Their retirement from free support underscores the industry’s transition to Java 17 (LTS), Java 21, and the newer releases. In the same January CPU, Oracle also issued routine security updates for Java 17, Java 21, and Java 25 (e.g. JDK 25.0.2 and JDK 21.0.10), addressing various vulnerabilities and keeping all modern JDK lines secure. Other JDK vendors simultaneously released their equivalent updates – for example, BellSoft’s Liberica JDK published patched builds (covering 8u, 11, 17, 21, 25) to eliminate dozens of CVEs, with BellSoft noting more than 1,200 backported fixes across all versions as part of this cycle. The upshot for developers is a clear signal: now is the time to move off Java 8 and 11 and embrace the performance, stability, and security improvements in Java’s newer LTS releases. [infoq.com] [infoq.com], [infoq.com]

Long-Term Support Cadence: Oracle’s current roadmap indicates it will continue a faster LTS cadence, delivering a new LTS JDK every two years (as seen with JDK 17 in 2021, JDK 21 in 2023, and JDK 25 in 2025). Under this cycle, the next LTS would be JDK 29 in 2027, meaning JDK 27 (2026) is expected to be a feature release with short-term support. However, JDK 25’s status initially sparked some discussion – it was the first LTS under the new cadence – and the community is watching how this plays out. Regardless, with JDK 25 now well-established and JDK 26 nearly out the door, many developers are planning when to adopt these versions, especially as enterprise tool support catches up. (Notably, Java 25 is already fully supported by major build tools and platforms, as discussed below.)

Project Amber – Carrier Classes Proposal: On the Java language design front, January brought an interesting peek into the future. Project Amber’s Brian Goetz shared a design note about “Carrier Classes” and “Carrier Interfaces”, a concept to generalize and extend Java’s record functionality to more use cases. The idea is to maintain the concise, data-oriented nature of records but allow certain classes and interfaces to opt into similar auto-generated boilerplate and pattern-matching deconstruction without necessarily being final. This proposal (still in discussion stages) aims to further Java’s journey into data-oriented programming by building on records and pattern matching. The community responded with enthusiasm and questions, and the topic made its way into the Inside Java Newscast #105 in late January. While carrier classes are not part of JDK 26 or 27, they represent the kind of forward-looking enhancements that keep Java developers engaged – and might become a JEP for a future release if the idea proves viable.

🏢 Jakarta EE & Enterprise Java

Jakarta EE 12 Timeline Adjustments: In the enterprise Java arena, the focus is shifting towards Jakarta EE 12, but the community is careful not to rush this major update. In January, Eclipse Foundation Jakarta EE representatives indicated that Jakarta EE 12’s release will likely be delayed to late 2026 (around Q4) rather than mid-2026. This is a compromise given that many vendors are still heavily occupied finalizing their Jakarta EE 11 product implementations (Jakarta EE 11 itself had been delayed by about a year). By catching up the schedule with Java’s 2-year LTS cadence (Java 25 in 2025), the goal is to align Jakarta EE 12 roughly 6–9 months after Java 25 becomes widely adopted. Despite the adjusted timing, work on EE 12 continues: Milestone 2 drafts of several key specifications (including CDI 5.0, JPA 4.0, Bean Validation 4.0, JAX-RS 5.0, Jakarta Query 1.0, Jakarta Data 1.1, Jakarta NoSQL 1.1, etc.) were published by January. These draft specs signal incremental progress on features like a new Jakarta Query API (to standardize criteria queries) and refinements to experimental specs from EE 11 (e.g. Jakarta Data and NoSQL). The Jakarta EE community has also decided on a theme for EE 12: “Robust and Flexible,” highlighting its aim to improve resilience and adaptability in enterprise Java apps. Overall, Jakarta EE 11 continues to gain industry adoption and provides a stable foundation while the work on “Robust and Flexible” Jakarta EE 12 proceeds at a measured pace. [infoq.com] [infoq.com]

App Server & Platform Releases: Several enterprise Java platform implementations issued their first updates of the year:

IBM Open Liberty 23.0.0.12 – The January 2026 refresh of Open Liberty (the open-source Java EE/Jakarta EE server) shipped as version 26.0.0.1 (following a new year-based version scheme). This release introduced a log output throttling mechanism to automatically prevent spammy, repetitive logs from flooding the console by default. It also fixed bugs like a tricky NullPointerException in Liberty’s NIO selector logic, and addressed a security issue (CVE-2025-12635, a potential XSS vulnerability in earlier Liberty versions). With these improvements, Open Liberty continues to be a modern, lightweight Jakarta EE 11 runtime with production-ready features (including full Java 21/25 support and even early compatibility flags for upcoming Jakarta EE 12 APIs). [infoq.com]
Payara Platform 7.2026.1 (Community Edition) – Payara kicked off its new quarterly release cycle by delivering the January 2026 Payara Platform update. This release is based on Jakarta EE 11 (as Payara 7 Community aligns with EE 11), and it focuses on stability and security. Notably, the update patched known security vulnerabilities: for instance, it resolved an old Dojo JavaScript library issue (CVE-2020-5258, a prototype pollution flaw) and closed a potential hole that could allow a malicious URL to hijack the Payara Admin console credentials. Alongside Community 7.2026.1, Payara also released Enterprise 6.34.0 and 5.83.0 patches for customers on earlier Jakarta EE versions. These ensure that even organizations still on Jakarta EE 10 (Payara 5) or EE 11 (Payara 6) receive the security fixes. The Payara team continues to experiment with next-gen features like CRaC (Coordinated Restore at Checkpoint) for ultra-fast startup, which debuted experimentally in 2025’s releases and remains available for users to trial in the 7.x series. The Payara blog also offered guidance on using CRaC to cut Java EE startup times from seconds to milliseconds – reflecting the ongoing push to make Java more cloud-friendly. [infoq.com] [payara.fish]
GlassFish Grizzly 5.0 – The Grizzly NIO framework (integral to Eclipse GlassFish, the Jakarta EE reference implementation) reached a 5.0.0 GA release in January. Grizzly 5 raises its baseline to JDK 21 and introduces support for virtual threads via a new VirtualThreadExecutorService for its thread pools. It also implements the Jakarta Servlet 6.1 specification (part of Jakarta EE 11) to align with the latest web container requirements. These changes prepare GlassFish’s networking layer for modern Java capabilities – e.g., virtual threads can simplify thread management and improve scalability for I/O-intensive workloads. While GlassFish is primarily a test/reference platform for Jakarta EE (few run it in production), Grizzly’s advancements benefit other projects (like Apache Tomcat and Payara, which use or draw inspiration from Grizzly’s I/O handling). Speaking of Tomcat – Apache Tomcat (the popular servlet container) delivered versions 11.0.18, 10.1.52, and 9.0.115 in late January, all containing routine bug fixes and dependency updates. Tomcat 11 (still in development, targeting Jakarta EE 11) made a subtle but important change to improve consistency: it now ignores certain TLSv1.3 cipher suites by default in its SSL configuration (bringing its behavior in line with OpenSSL and JSSE expectations). It also resolved a regression that had caused resource lookup failures in specific scenarios. These updates ensure that Java web containers remain robust and secure as the underlying Java platform evolves. [infoq.com] [infoq.com]

Other Enterprise News: Elsewhere in the enterprise Java landscape, Apache TomEE (a lightweight Jakarta EE web profile server) saw community activity as it works toward Jakarta EE 11 support, but no new release was announced in January. The Eclipse MicroProfile project is preparing a MicroProfile 6.1 release for 2026, aiming to complement Jakarta EE 11 with updates to its cloud-native Java APIs (Config, Health, Metrics, etc.), but the final release hadn’t occurred by January. We anticipate more on that front in coming months. In the meantime, multiple Eclipse Vert.x 4.4.x and Helidon 4.3.x maintenance releases in January addressed minor bugs and ensured their continued compatibility with Java 21 and 25 — part of a general trend across enterprise Java solutions to solidify support for the latest LTS JDKs and new features like virtual threads.

🚀 Major Framework Releases & Ecosystem News

While the turn of the year is sometimes a quiet period, January 2026 delivered a steady stream of releases and announcements across Java frameworks and libraries. Many projects are building on the big updates from late 2025 (e.g. Spring Framework 7, Spring Boot 4, Micronaut 4, Quarkus 3.0+) with rapid follow-up improvements and the start of new feature cycles. Here’s a breakdown of the key moves in the Java ecosystem this month:

Spring Ecosystem: Maintenance Releases and New Milestones

After the landmark Spring Framework 7.0 / Spring Boot 4.0 launch in Q4 2025, the Spring team wasted no time in polishing the new platform and pushing ahead. On January 22, they released Spring Boot 4.0.2 – the first Spring Boot update of the year – fixing 62 issues ranging from bug fixes to documentation updates. This rapid patch (coming just about a month after 4.0.1 in December) addresses early feedback and edge cases in the Spring Boot 4 line, further solidifying its readiness for production use. The corresponding Spring Framework 7.0.3 (and 7.0.4 by early February) delivered minor tweaks and performance improvements in the core framework, which will be bundled in the next Boot release. [spring.io]

In parallel, the Spring portfolio began unveiling new features on the horizon. A number of projects published milestone (pre-release) versions in January as part of the next minor release train. For example, the first milestone of Spring Boot 4.1 was announced, signaling upcoming features and integration of recently externalized modules (some auto-configurations that had been decoupled in Boot 4.0 are expected to return in 4.1). The Spring Security 7.1.0-M1 milestone also went live, as well as milestones for Spring Integration 6.2, Spring Modulith 1.1, Spring for GraphQL 1.2, Spring AMQP 3.1, and a second milestone of Spring AI 1.2. These early releases indicate that Spring’s 2026 roadmap will continue to push into areas like modular monolith architectures (Spring Modulith) and AI integration (Spring AI), while refining the developer experience in security and messaging. It’s clear the Spring team is embracing an accelerated release cadence: rather than resting after the big 4.0/7.0 launch, they are iterating quickly to add features and keep Spring closely aligned with the cutting edge of Java (for instance, we may see Spring Boot 4.1 officially support JDK 26 once it’s out). [infoq.com]

Other parts of the Spring ecosystem also saw activity:

Spring Shell 4.0.1 was released as a maintenance update to the revamped Spring Shell 4 (which had gone GA in late 2025). This command-line app framework now fully targets Spring Boot 4 / Spring 7, and v4.0.1 brought improvements like a more flexible CLI parser (booleans no longer require explicit true/false flags) and a new default CompletionProvider to simplify auto-complete logic for command options. These enhancements make it easier to build interactive CLI tools on the latest Spring platform. [infoq.com]
Spring Cloud: While no major GA releases occurred in January, the Spring Cloud team is working on aligning the various Spring Cloud sub-projects with Spring Boot 4.0+. Expect to see Spring Cloud 2026.x releases later in the year once Spring Boot 4 adoption grows. (For example, Spring Cloud 2025.0 “Kilburn” still targets Boot 3.x; a new 2026.0 train will target Boot 4.)
Spring’s “AI everywhere” vision continues to unfold. Following the late-2025 introduction of Spring AI 1.1, January’s Spring AI 1.2.0-M2 suggests further enhancements are coming for integrating LLMs and AI services into Spring applications. Combined with third-party efforts like LangChain4j (which hit a stable 1.10.0 in December), Java developers now have multiple options for building AI-driven features. This month, thought leaders in the Spring community shared blog posts on how to effectively leverage these tools (e.g., SonarSource’s Jonathan Vila outlined best practices for using LLMs in Java without compromising code quality). [payara.fish]

Other Frameworks & Libraries: Quarkus, Micronaut, and More

Beyond the Spring universe, other major Java frameworks also rang in 2026 with important updates:

Quarkus 3.31.0 Final: Red Hat released Quarkus 3.31 on January 28, a significant feature release that underscores Quarkus’s commitment to staying at the forefront of Java innovation. This version brings full support for JDK 25 (the current LTS) – Quarkus 3.31 now officially supports Java 25 for both running applications and compiling GraalVM native images. In fact, Quarkus 3.31+ requires Java 17 or higher (with Java 21+ recommended), reflecting the broader move to modern Java baselines. A headline addition in 3.31 is a new Quarkus-specific Maven packaging and build lifecycle. By introducing a custom quarkus packaging type in Maven, Quarkus can streamline the build process and skip unnecessary steps, resulting in faster builds especially for larger projects. This innovation is part of Quarkus’s ongoing effort to optimize developer productivity (an earlier Quarkus blog post detailed how the new build system shaves time off compilation and testing). Quarkus 3.31 also debuts “Hibernate with Panache Next” (an experimental next-gen version of its active-record pattern library) to provide a more intuitive and unified API for database access across both Hibernate ORM and Hibernate Reactive, with integration to the Jakarta Data API. Other updates include upgrades to Hibernate ORM 7.2 and Hibernate Search 8.2, initial Hibernate Spatial support (for geospatial data types), and moving to JUnit 6 and Testcontainers 2 for testing out-of-the-box. Quarkus’s previous minor branch also remains supported – a Quarkus 3.30.6 maintenance release came out on January 7, being the first patch of 2026, which fixed bugs and set the stage for 3.31’s transition. Looking ahead, the forthcoming Quarkus 4 (expected later in 2026) will likely build on these improvements, exclusively target Jakarta EE 11 and Java 21+, and continue Quarkus’s push into cloud-native Java and even better performance. [quarkus.io] [quarkus.io], [quarkus.io]
Micronaut 4.10.x Updates: The Micronaut framework (known for its ahead-of-time compilation and lightweight DI model) issued a series of small updates: Micronaut 4.10.7 and 4.10.8 were released in late January/early February, building on December’s 4.10.6. These releases contained minor bug fixes and dependency updates across various Micronaut modules (Web, SQL, Logging, etc.). More interestingly, the Micronaut team has been actively discussing plans for Micronaut 5, with a proposal to raise the baseline to JDK 25 and adopt newer language features like Scoped Values (from JDK 21) for internal optimizations. Early community feedback has been supportive of requiring Java 25+ for Micronaut 5, which suggests that in 2026 we may see Micronaut join the club of frameworks embracing Java’s most recent capabilities. For now, Micronaut 4.x remains compatible with Java 17–21 (and tested on 25), ensuring that users can run Micronaut services on the latest LTS JDK and even compile to native images (via GraalVM) without issues. [infoq.com]
Apache Tomcat & Web Profile Runtimes: As noted above, Apache Tomcat delivered multiple version updates (11.0.18, 10.1.52, 9.0.115) with stability fixes in January. These updates are part of Tomcat’s ongoing maintenance of three active branches: Tomcat 9 (still supporting Servlet 4.0 for legacy Java EE 8 apps), Tomcat 10.1 (Jakarta EE 10/Servlet 5.0), and Tomcat 11 (upcoming Jakarta EE 11/Servlet 6.1). The January releases didn’t contain any critical security fixes but did include adjustments for better compatibility (as mentioned, ignoring some TLS cipher suites and fixing resource loading logic). Similarly, the Apache TomEE community (TomEE is Tomcat plus Jakarta EE APIs) has been working towards a Jakarta EE 11-compatible TomEE 10.2, but no official release materialized in January. We anticipate more news on TomEE once Jakarta EE 12 Milestones progress further. [infoq.com]
JHipster 9 Beta: The popular JHipster project (which provides a Yeoman-based generator for Spring Boot + Angular/React applications) released its second beta of JHipster 9.0.0 during January. This beta adds support for Spring Boot 4.0 and makes significant internal upgrades, such as switching to Spring Security’s new annotations for WebSocket security (replacing deprecated classes). The first beta had some stability issues, which the second beta addressed, making the JHipster 9 generator more reliable. JHipster 9 is a major modernization: it’s being rewritten in TypeScript, targets Java 25 and the latest front-end tooling, and embraces Spring Boot 4’s new features. Developers using JHipster can start experimenting with the beta to generate projects on the cutting-edge tech stack (Java 25, Spring Boot 4, Jakarta EE 11, etc.) and provide feedback before the final release. [infoq.com]
Testing & Critical Libraries: A few widely-used libraries had notable versions in January. The JUnit 5 testing framework is on track for a 5.12 release (expected soon) with minor features and bug fixes, following the 5.11.0 release in late 2025. Spock 2.4, the Groovy-based testing specification framework, saw increased adoption in early 2026 after its GA release in December – it enables full Groovy 5 support and richer testing DSL features. On the logging front, Log4j 2.20.0 was released (mid-January) with fixes and an updated Async Loggers implementation to better handle virtual threads, ensuring high-throughput logging in Java 21+ environments (this aligns with many organizations moving to virtual threads in production). Netty (the asynchronous networking toolkit underlying many frameworks) had no major version in January, but its maintainers are now focusing on a new 4.2 branch with better HTTP/3 support – likely to come once JDK 26 is out with official user-space UDP (QUIC) APIs for HTTP/3. In summary, even outside the headline-grabbing frameworks, the Java open-source ecosystem is incrementally refining its libraries to harness new Java platform features, while keeping things stable for developers. [manorrock.com]

Build Tools and JVM Languages

In the build tools arena, both Gradle and Maven continued their evolution:

Gradle 9.3 Released: The Gradle team finalized Gradle 9.3 in early January (after a couple of release candidates in Dec), followed by a quick Gradle 9.3.1 patch to address minor issues. Gradle 9.3’s headline improvements include more user-friendly test result reports (cleaner HTML reports that better organize parameterized test output) and enhancements to error reporting during builds. Under the hood, Gradle has also been optimizing its configuration cache and parallel task execution, laying groundwork for significant speedups in large multi-project builds. Gradle 9.3 is fully compatible with Java 25 and can compile and run tests using JDK 25 without any extra configuration (Gradle itself requires Java 17+ to run, which is standard now). By month’s end, Gradle had already moved on to testing Gradle 9.4 (with a first release candidate available in February) aiming to further streamline build times and add support for the upcoming JDK 26. [infoq.com] [infoq.com]
Maven 4.0 Approaches GA: The long-awaited Apache Maven 4.0 release did not quite reach General Availability in January, but it’s extremely close. As of January 2026, the latest preview was Maven 4.0.0-RC5 (released in late 2025), and the Maven team spent January collecting feedback and ensuring plugin compatibility. Maven 4 represents the first major version bump for Maven in over a decade. It requires Java 17+ to run and introduces a host of improvements: a new BOM/POM model that separates build vs. consumer POM information, a faster resolver, better error messages, and numerous cleanups of deprecated features. Community anticipation remains high – educational sites like Baeldung published comprehensive “What’s New in Maven 4” guides to help teams prepare. By early February, final checks were underway (with industry players like JetBrains giving a green light for GA readiness), so we expect to see Maven 4.0.0 go GA very soon. For now, Maven users are advised to test their projects on RC5 to catch any last-minute issues, and to update critical build plugins (many popular plugins released Maven 4-compatible versions in advance).

In the world of alternate JVM languages and runtimes:

GraalVM 25.0.2 was released in conjunction with the January JDK updates. As GraalVM’s first 2026 update, this version aligns with JDK 25.0.2 and includes bug fixes such as plugging a memory leak in Java Flight Recorder’s handling of TLB miss events, and correcting a loop vectorization bug in the Graal just-in-time compiler. GraalVM 25.0.2 also drops support for macOS on x86_64 (Mac users must now use Apple Silicon builds), reflecting a broader industry trend of focusing on ARM64 for Mac due to Apple’s hardware transition. GraalVM continues to be an important technology for those building native images and polyglot applications on the JVM, and it’s expected to converge more with the OpenJDK’s Project Leyden in coming years. [infoq.com]
Kotlin and Ktor: JetBrains released Ktor 3.4.0, its Kotlin-based web/application framework, toward the end of January. This release added a new describe API for auto-generating OpenAPI documentation from route definitions, a compiler plugin for that feature, and a new module supporting Zstd compression for HTTP responses. The addition of Zstandard compression can improve performance for serving text/binary data. Kotlin itself had no major version in January, but the community is looking forward to Kotlin 2.0 changes (particularly around Kotlin’s memory model and K2 compiler) in 2026, which will eventually influence libraries like Ktor and others in the Kotlin/Java ecosystem. [infoq.com]

🛠️ Developer Tools & Infrastructure

Tool vendors and open-source projects ensured that Java developers have full support for the latest technologies as they embark on 2026. Here are some highlights in the IDE, build, and cloud tooling space:

IDE Updates: January didn’t bring a major IDE release (as both IntelliJ IDEA 2025.3 and Eclipse 2025-12 were delivered in December), but early-access versions of upcoming releases are already available. JetBrains opened the IntelliJ IDEA 2026.1 EAP (Early Access Program) in late January, teasing new features like improved code insights for JDK 26 (e.g. recognizing the new primitive pattern matching syntax) and deeper integration of AI-assisted coding (building on the AI features introduced in 2025.3). On the Eclipse side, developers can install the new Spring Tools 5.0 into the Eclipse 2025-12 release to get full support for Spring Framework 7 and Boot 4 projects (with features like live Spring Boot actuator integration and AI code completion support). Microsoft’s Visual Studio Code (Java Extension Pack) also received behind-the-scenes updates: the January update focused on performance—speeding up the Language Server startup—and improved support for popular Java add-ons like Project Lombok and Testcontainers. These iterative improvements, while not labeled as a single “major version,” collectively ensure that VS Code remains a viable lightweight alternative for Java development, keeping pace with new JDK features and frameworks. [manorrock.com], [manorrock.com]

Build and CI/CD Tools: Build systems were already covered above (Gradle and Maven). It’s worth noting that Apache Ant – the venerable build tool predating Maven – quietly released version 1.10.14 in January, mainly to fix compatibility issues with Java 17+ (ensuring that tasks like javac and javadoc work with new language features). While Ant is less common nowadays, it’s still used in some legacy projects, and these updates help those projects move to newer JDKs without overhauling their build process.

For Continuous Integration/Delivery (CI/CD), popular tools like Apache Maven Surefire/Failsafe (for running tests) and JaCoCo (for code coverage) published minor updates in January to accommodate Java 21/25 language features (e.g., handling of sealed classes and record patterns in coverage analysis). Docker Official Images for Java were refreshed to include JDK 25.0.2 and 21.0.10 as soon as they were released, so containerized Java applications can be based on the latest patch levels. Also of note, the JUnit Platform team released JUnit Platform 1.10 which deprecates the old ConsoleLauncher in favor of the newer JUnit Platform Console Standalone—a minor change, but relevant for CI environments running tests outside of IDEs.

Cloud and PaaS Support: Cloud providers continue to update their managed Java services:

AWS Lambda put the Java 21 runtime for Lambda into general availability in January, allowing serverless functions to leverage new Java features (with Java 25 support expected later in 2026).
Azure Functions similarly announced a public preview of a Java 21 runtime.
Google Cloud confirmed that its Cloud Run and App Engine fully support JDK 21 and JDK 25 in their Java runtimes. In fact, all major cloud vendors now make latest LTS Java versions available very shortly after release. This close alignment means developers adopting new Java versions in 2026 can confidently deploy to cloud environments, whether using containers, serverless, or managed Java platforms, with minimal delay.

🌐 Community & Industry Highlights

Virtual Events and Conferences: January is traditionally light on large in-person conferences (after the late-year holiday lull), but the Java community came together online:

The jChampions Conference 2026 (an online conference organized by Java Champions) took place across four days: January 22–23 and 26–27. This event featured dozens of sessions from Java Champions – respected leaders in the Java community – sharing their insights on a wide array of topics. Highlights included talks on project Panama (the evolving Foreign Function & Memory API for interfacing Java with native libraries), strategies for using Virtual Threads (Loom) in large-scale services, discussions on how to incorporate machine learning and LLMs into Java applications, and a retrospective on Java’s journey as it enters its fourth decade. The multi-day virtual format, with sessions spread out and available free on YouTube, allowed global participation. The organizers reported strong attendance and engagement, indicating that even in the absence of physical events, the Java community is eager to connect and learn. (For those who missed it, all JChampions Conf 2026 sessions are recorded and available on the conference’s YouTube channel.) [jchampionsconf.com] [payara.fish]
Jakarta Tech Talks continued in webinar form: two notable sessions in January were a talk on Jakarta Data & NoSQL (led by Werner Keil, discussing how Jakarta EE plans to standardize NoSQL database access), and a debate on REST vs. GraphQL for modern Java applications (with participants weighing the pros and cons of traditional RESTful APIs versus GraphQL in a Jakarta EE context). These were part of the ongoing Jakarta Tech Talks series and drew interest from enterprise Java developers looking to adopt the right API strategies. [payara.fish]
Within companies and local JUGs, January often marks planning for the year’s tech roadmaps. For instance, the Chicago JUG and London Java Community held meetups in January focusing on “What’s new in Java 21/25” and initial explorations of JDK 26’s early-access features. These community-driven events help disseminate knowledge on new Java features like string templates and structured concurrency, so that a broader base of developers can start using them when ready.

Thought Leadership & Notable Content: As 2026 dawned, many Java experts and organizations published their reflections and advice:

“Java’s Plans for 2026” (Inside Java Newscast #104): The official Oracle Inside Java video series launched the year with an episode outlining what’s on the horizon for Java. Key themes included the upcoming JDK 26 release, progress in Project Valhalla (value classes), Project Amber (language features like pattern matching and string templates), and Project Loom (virtual threads and structured concurrency entering mainstream use). This newscast, featuring members of the Java Platform Group, reinforced that performance and productivity improvements remain a top priority. [payara.fish]
Annual “State of Java” Reports: Various groups took stock of Java’s trajectory. Notably, an unofficial “State of Java 2026” report circulated in early January, highlighting how Java 25 (the 2025 LTS) has become the de-facto baseline for modern development, with most frameworks moving to require Java 17 or later. It also pointed out industry stats showing Java 8’s steep decline and Java 21’s rapid rise, and explored how AI and cloud-native trends are influencing Java. For example, it cited data that a large majority of developers (70%+) use AI coding assistants in some capacity and discussed the emergence of AI-focused Java libraries (Spring AI, LangChain4j) and the adoption of CRaC and AOT compilation to improve startup time for cloud workloads. Such analysis provides valuable context for technical decision-makers analyzing whether to invest in upgrading legacy systems or experimenting with new Java technologies. [devnewsletter.com] [devnewsletter.com], [devnewsletter.com]
Deep Dives on Hot Topics: Community bloggers and technical writers produced some noteworthy guides:
- On Foojay.io, Frank Delporte provided a detailed breakdown of the OpenJDK January 2026 CPU and Patch Set Update, explaining which vulnerabilities were fixed and urging developers to promptly upgrade their JDKs to these versions (especially for those still on Java 8/11). His article also clarified the differences between CPU (Critical Patch Update) vs. PSU (Patch Set Update) releases, and listed links to vendor patches (e.g., Adoptium’s Temurin binaries) to help readers apply the updates. [payara.fish]
- Also on Foojay, Alexius Diakogiannis published “The Ultimate 10 Years Java Garbage Collection Guide (2016–2026)”, an extensive retrospective of how garbage collector technology evolved over the past decade. It covers the rise of G1 GC as the default, the introduction of ZGC and Shenandoah for low-latency GC, and tuning advice for each. This guide is timely because many Java 8/11-era systems (which often stuck to CMS or Parallel GC) are now jumping to Java 17+ and reevaluating which GC to use for optimal performance. The article serves as both a history lesson and a decision framework for teams planning GC strategy in 2026. [payara.fish]
- The SonarSource blog featured an insightful piece by Jonathan Vila on how to integrate large language models into Java applications responsibly. Titled “How to Choose Your LLM Without Ruining Your Java Code,” it cautions developers on common pitfalls (like making your application too dependent on a specific AI vendor’s API) and recommends best practices for maintaining code quality when using AI services. As more Java teams experiment with AI (e.g., implementing chatbots or using AI for code generation), these guidelines are valuable for avoiding anti-patterns. [payara.fish]
- JetBrains continued their tradition of knowledge sharing through the Java Annotated Monthly newsletter and YouTube content. Developer Advocate Marit van Dijk released a short but handy video tutorial on using IDE features for command completion in IntelliJ IDEA to speed up coding without memorizing obscure shortcuts. Additionally, JetBrains shared tips on leveraging new IntelliJ inspections for Java 25 and Spring Boot 4 projects, helping developers take advantage of new features (like detecting misuse of @Nullable annotations with JSpecify, or guiding migrations to the jakarta.* namespace). [payara.fish]
Industry moves: The Java world saw some corporate developments. Oracle’s announced changes to GraalVM’s licensing and strategy (late last year) continued to be debated; in January some blogs assessed the early impact of Oracle’s decision to focus GraalVM on Java-based features and spin off support for other languages (like JavaScript and Ruby) to the community. Also, Azul Systems and Perforce released reports shedding light on Java adoption trends. For instance, Azul’s “State of Java 2025” (published in late 2025, but widely discussed in January) noted that Java 8 usage in production had fallen to ~23% of deployments, down from 40% just two years prior, while Java 21 usage climbed to 45% (showing that many organizations moved straight from 8/11 to 21). This data, combined with the final end-of-free support for 8/11, produced a strong talking point in the community: the era of Java 8 is finally ending, and the era of Java 17+ is fully here. Expect these trends to be a recurring theme in 2026. [devnewsletter.com]

Overall, the Java community’s thought leaders appear optimistic and focused on making the most of the new capabilities in Java and related frameworks, while also cautioning peers to keep software up-to-date and secure. The conversation around topics like AI, performance tuning, and modernization hints that Java’s evolution in 2026 will be about translating last year’s big new ideas (Loom, AI integration, new GCs, etc.) into real-world practice.

🔒 Security Updates and Vulnerabilities

January 2026 Security Roundup: Fortunately, no zero-day Java exploits or major new CVEs made headlines in January – a relief after some tumultuous winters in years past. The main security event was the scheduled Q1 2026 Critical Patch Update (CPU) from Oracle, released on January 20 as noted. This CPU addressed vulnerabilities in the JDK and Java SE components across all supported versions. In total, Oracle’s January CPU advisory listed fixes for 158 CVEs across various Oracle products, including several in the Java SE realm. Most of these were moderate-severity issues or found in non-Java components. The Java-specific fixes (in JDK 25.0.2, 21.0.10, etc.) patched vulnerabilities such as information leaks and denial-of-service vectors – none were known to be exploited in the wild. The CPU also incorporated all the security fixes from late 2025 (e.g., the October 2025 CPU) into the new JDK update versions. Developers are strongly advised to upgrade to the latest patch level for whichever Java version they use, especially now that running older unpatched Java 8/11 has become a significant security risk going forward.

Ecosystem Security Maintenance: Various framework maintainers took proactive measures to keep their projects secure:

The Payara Platform release (as mentioned) focused on resolving security bugs, including a high-severity issue where a crafted URL could potentially allow admin console takeover. The Payara team also backported fixes to their supported Enterprise versions to cover customers not yet on the latest version. [infoq.com]
Open Liberty’s update addressed an XSS vulnerability (in its admin UI) and included updated third-party libraries with their own security fixes. [infoq.com]
Spring Boot and Spring Framework updates in late 2025 (3.1.4 and 7.0.2, respectively) had already patched known issues such as a critical Spring Security method security vulnerability (CVE-2025-41248) that was disclosed in November. With the move to Spring Boot 4 / Spring 7, many older dependencies (like Jackson 2.x and older crypto libraries) have been upgraded to their latest, more secure versions by default. As a result, early adopters of Spring’s new generation start 2026 with a cleaner security slate. [devnewsletter.com] [manorrock.com]
Apache Log4j 2 (still remembered for the Log4Shell incident) had no new CVEs in January. The project recently put out v2.20.0 with minor improvements; it continues to undergo extensive security audits by the community.
Apache Tomcat’s January releases did not include any new CVE fixes, and the Tomcat community confirmed that no new security issues were discovered over the holiday period. The same goes for Jetty and Netty – maintenance updates with no major vulnerabilities reported. [manorrock.com], [manorrock.com]

Finally, it’s worth highlighting a forward-looking security change: as part of JDK 26’s tightening of final field immutability (JEP 500), the JDK will start emitting warnings when deep reflection is used to modify final fields. This isn’t a vulnerability fix per se, but it’s a preventative measure to encourage library developers to move away from unsafe reflective tricks (which could be exploited or break under future Java versions). It serves as an early warning that in a future Java release, such reflective access may be disallowed entirely (enforcing “integrity by default”). Security experts in the Java community have applauded this step, since locking down internal object state and encapsulation will make the platform more secure against certain attack vectors (e.g., code that uses reflection to bypass access controls). [manorrock.com], [manorrock.com]

On the whole, Java’s security posture in January 2026 remains strong. With all known major issues patched and platform maintainers proactively hardening their code, Java developers can head into 2026 focusing on new features and improvements rather than putting out security fires. The end-of-life of Java 8 and 11 should further encourage organizations to upgrade to supported versions where they can benefit from ongoing security updates.

Bottom Line & Outlook

January 2026 set a confident tone for the Java ecosystem’s year ahead. We saw the platform’s legacy era close (with Java 8 and 11 finally stepping out of the limelight) at the same time as the next Java release, JDK 26, moved within sight of the finish line. The month’s flurry of framework releases and ecosystem updates – spanning everything from microservices runtimes to testing tools – demonstrates that the community is keeping pace with Java’s evolution. There’s a clear focus on leveraging Java’s latest capabilities (for instance, frameworks embracing Java 25 and virtual threads, or new build tools for efficiency) while also ensuring stability (as evidenced by many patch releases and security fixes). The theme emerging is one of transition: 2026 will be about making cutting-edge Java tech (like Loom, CRaC, Panama’s foreign APIs, and AI integration libraries) more accessible and routine for development teams.

Looking forward, February 2026 and beyond promise even more significant milestones. By March, we will have Java 26 GA in hand, bringing its modest but meaningful set of enhancements to production. The Spring team is likely to launch Spring Boot 4.1 in the coming months, integrating the early milestones we saw in January and possibly adding official support for JDK 26. On the enterprise side, the anticipated Jakarta EE 12 Milestone 2 (originally planned for late January) should arrive soon, giving a clearer picture of new features in store for enterprise Java by year’s end. We’re also watching for the final Apache Maven 4.0 GA, which will modernize Java’s most entrenched build tool and could be a game-changer for large Maven-based projects. Additionally, community interest around project Valhalla (value objects) and Amber (pattern matching and data classes) is growing – discussions from January’s JUG meetups and blog posts suggest that once JDK 26 is out, attention will turn to these bigger future changes (likely for JDK 27 or 28).

If January is any indication, 2026 will be a year of both consolidation and innovation for Java. Developers can expect a smoother, faster experience on new JDKs and frameworks as the kinks are ironed out, all while experimenting with new tools in AI, cloud, and high-performance computing within the Java ecosystem. With a vibrant community actively sharing knowledge (from conferences like jChampions to newsletters and tech talks), everyone from enterprise architects to hobbyist coders can stay in the loop. The bottom line: Java enters 2026 with a solid foundation and an energized community – the platform’s evolution continues unabated, and there’s never been a better time to be a Java developer. Happy coding in 2026! [manorrock.com], [manorrock.com]