Here's a roundup of recent news and product announcements around Java and Java-related technologies:
A recent spike in Java-based remote access Trojan variants, lovingly known a jRATs, caught the attention of Zscaler, a cloud-based security-as-a-service provider based in San Jose, Calif. The company's ThreatLabZ team noticed the increase of these varmints -- which give attackers a backdoor into a victim's system and allow the attacker to take control of the system remotely -- and posted a warning on its blog.
Zscale security researchers Sameer Patil and Jithin Nair authored the post, which includes a thorough description of the threat, along with illustrations and code samples.
"Malware authors are using numerous tactics to entice unsuspecting users to open infected attachments," the researchers wrote, "which arrive as malicious JAR files. Most recently, we've seen filenames such as 'IRS Updates.jar' and 'Important_PDF.jar,' claiming to contain important tax deadline information from the IRS. We've also identified JAR files claiming to be purchase orders or other important documents. When a user opens the file thinking it is an actual communication from the IRS, or said party, the jRAT payload gets installed on the user's machine."
The warning came just before the annual tax filing deadline.
Amazon's Simple Queue Service (SQS) now allows users to send messages to, and receive messages from, SQS first-in-first-out (FIFO) queues with applications that use the service. SQS is Java Message Service (JMS) interface for the SQS, which is a fully managed message queuing service designed to enable communication between distributed software components and microservices at any scale. Amazon's SQS FIFO queues, which are the newest queue type, are designed to ensure that the order in which messages are sent and received is strictly preserved, and that each message is processed exactly once.
SQS is an open-source client that supports the JMS 1.1 specification for message queues. It supports sending text, byte or object messages synchronously to SQS queues. It also supports receiving objects synchronously or asynchronously.
The public review period for the Java Servlet 4 specification (JSR 369) started on April 20 and will end on May 20. This is the final step before balloting, which starts on May 23 and concludes on June 5.
The goal of this JSR, according to its JCP Web page is "to expose support for the upcoming IETF standard HTTP/2 to users of the Servlet API." There's also a secondary goal: "to refresh the Servlet API to achieve compliance with new features in HTTP 1.1, as well as responding to community input."
A Java EE community survey, conducted late last year by Oracle, asked respondents to rank 21 component technologies in the company's enterprise Java roadmap. Servlet 4.0 was considered one of the most important technologies, along with JAX-RS, OAuth and OpenID, Configuration, Evening, and JSON-B.
"Servlet 4 is easily one of the most critical components of Java EE 8," wrote Reza Rahman, longtime Java evangelist and co-founder of the Java EE Guardians, in a recent blog post. "The primary aim of Servlet 4 is to bring first-class, core standards based HTTP/2 support to the server-side Java ecosystem. Most of the changes in Servlet 4 (with the exception of things like the server push API) should be transparent to developers and are enforced in terms of requirements for Servlet 4 implementations to fully support HTTP/2."
Rahman also published a useful slide deck for those want to learn more, entitled "HTTP/2 and What It Means for the Java EE Ecosystem."
The Java Servlet 4 spec can be downloaded from the Java Community Process Web site.
John has been covering the high-tech beat from Silicon Valley and the San Francisco Bay Area for nearly two decades. He serves as Editor-at-Large for Application Development Trends (www.ADTMag.com) and contributes regularly to Redmond Magazine, The Technology Horizons in Education Journal, and Campus Technology. He is the author of more than a dozen books, including The Everything Guide to Social Media; The Everything Computer Book; Blobitecture: Waveform Architecture and Digital Design; John Chambers and the Cisco Way; and Diablo: The Official Strategy Guide.