Oracle April 2026 Critical Patch Update for JDK
Oracle released its quarterly Critical Patch Update for April 2026, shipping security fixes across all actively supported JDK versions: 25.0.3, 21.0.11, 17.0.19, 11.0.31, and 8u491. These releases address multiple CVEs spanning the Java SE runtime, JSSE, and related components. Downstream distributions from BellSoft (Liberica JDK) and Azul (Zulu) have released corresponding patched builds, making it straightforward for teams to stay current regardless of their JDK vendor.
Applying this update is recommended for all production deployments. For containerized workloads the patch timeline is especially important, since base images pinned to earlier minor versions will need to be rebuilt and redeployed. Teams running older LTS versions such as JDK 17 or 11 should note that each of those releases carries its own set of addressed CVEs that are distinct from those in JDK 21 and 25.
Read more — InfoQ
JEP 532: Primitive Types in Patterns, Fifth Preview Targets JDK 27
JEP 532, Primitive Types in Patterns, instanceof, and switch, has been elevated from Candidate to Proposed to Target for JDK 27 with its fifth preview iteration—this time without changes. The feature extends pattern matching to support all primitive types in instanceof checks and switch expressions, closing a long-standing asymmetry where reference types and boxed primitives enjoyed first-class pattern support while int, long, double, and the rest did not.
The "without change" framing signals that the feature is considered stable from a specification standpoint. The additional preview round exists primarily to gather broader ecosystem feedback before finalization. Tooling vendors, including JetBrains, have already shipped support in IntelliJ IDEA 2026.1, so developers can experiment today without waiting for the JDK 27 GA release in September.
In practical terms this means switch blocks working directly over primitive values can participate in sealed-hierarchy exhaustiveness checks, and libraries that use pattern-based dispatch will be able to eliminate boxing overhead on hot paths. Combined with the Compact Object Headers work (JEP 519, delivered in JDK 25), the JVM continues to close the performance gap that led many teams to use non-JVM runtimes for latency-sensitive code.
Read more — InfoQ
JEP 535: Shenandoah GC Generational Mode Advances
JEP 535, which proposes making Shenandoah's generational garbage collection mode the default, has progressed further through the JEP pipeline. Generational Shenandoah separates short-lived objects (young generation) from long-lived ones (old generation), dramatically reducing pause times and barrier overhead compared to the current single-generation default.
Early benchmarks from production workloads show memory footprint reductions of 15–25% and more predictable pause behavior under allocation-heavy loads such as HTTP servers and stream-processing pipelines. For applications already running on Shenandoah, switching to the generational mode requires only a single JVM flag today; the JEP would make that behaviour the default once finalized, requiring no developer action.
Read more — InfoQ
Open Liberty 26.0.0.4 Adds JDK 26 Support and Enhanced JWT Authentication
The GA release of Open Liberty 26.0.0.4 ships with full support for JDK 26 and delivers enhanced JWT authentication that allows the server to select the JWT signature algorithm directly from the JOSE header. This eliminates a common misconfiguration where the server and token issuer disagree on algorithm selection, a pain point for teams integrating third-party identity providers.
The release also removes the default Lightweight Third Party Authentication (LTPA) keys password requirement—a long-standing security complaint—and patches CVE-2025-14917. For Jakarta EE teams running on OpenShift or other enterprise container platforms, the JDK 26 support means you can align your Liberty runtime with the latest JDK release cadence without waiting for a separate compatibility patch.
Additional ecosystem releases this week include Testcontainers 2.0.5, which adds Apache Artemis support alongside its existing broker integrations, and Multik 0.3.1, a maintenance update for the Kotlin multi-dimensional array library.
Read more — InfoQ
Links & Sources
You May Also Enjoy
