Web3

Web3j Upgrades to Gradle 8.7 with Vulnerability Fixes

marcel.mihalic@gmail.com
By marcel.mihalic@gmail.com 5 Min Read

We are thrilled to inform you that all Web3j repositories have been upgraded to the latest Gradle version 8.7. Additionally, we have refreshed the dependency libraries to their most recent versions to remedy vulnerabilities and deprecated code. This update includes critical libraries such as BouncyCastle, Jackson Core, JavaPoet, KotlinPoet, OkHttp, RxJava, SLF4J, Java-WebSocket, PicoCLI, KZG4844, Logback, and more.

Key Updates in Web3j

Gradle Updated to 8.7

We have upgraded Gradle from version 7.6 to 8.7 within Web3j. This enhancement yields numerous advantages, including new capabilities, performance upgrades, and improved compatibility with newer dependency and tool versions. Here are some significant benefits you can look forward to:

1. Performance Enhancements

  • Build Speed: Gradle 8.x introduces multiple performance improvements that can accelerate build times, with enhancements in incremental builds, caching, and parallel execution.
  • Configuration Time: Boosted performance during the configuration phase helps reduce the total build time, especially for larger projects.

2. New Features and Improvements

  • Dependency Management: Enhanced dependency management capabilities, featuring better support for version catalogs and dependency constraints.
  • Improved Tooling: Gradle 8.x provides upgrades to the Gradle tooling API, enhancing integration with IDEs and other tools.

3. Better Compatibility and Support

  • Java Compatibility: Enhanced support for newer Java versions, ensuring compatibility with the latest language features and JVM improvements.
  • Library and Plugin Updates: Access to updated versions of Gradle plugins and libraries that might require Gradle 8.x for optimal compatibility.

4. Security and Bug Fixes

  • Security Patches: Upgrading to a newer version ensures the latest security patches are applied, protecting against vulnerabilities in your build process.
  • Bug Fixes: Gradle 8.x incorporates numerous bug fixes addressing issues found in 7.x versions.

Updated Dependency Libraries

As part of this upgrade, we have updated several key dependency libraries:

  1. BouncyCastle: The latest version v1.78.1 resolves various security vulnerabilities – CVE-2024-34447, CVE-2024-30172, CVE-2024-30171, CVE-2024-29857, CVE-2023-33201 that were present in the older v1.73 and deprecations. Keeping BouncyCastle current is crucial for cryptographic operations and maintaining application security.
  2. Jackson Core: Updating Jackson Core ensures enhanced JSON processing with better performance and security.
  3. JavaPoet and KotlinPoet: These essential libraries for generating Java and Kotlin source files have been updated to improve code generation capabilities and maintain compatibility with the latest language features.
  4. KZG4844: Thanks to the ConsenSys team, the KZG4844 library is now available on Maven Central, eliminating the need for users to depend on the ConsenSys repository while using Web3j.
  5. OkHttp: The recent update to OkHttp enhances HTTP client functionalities, delivering improved performance and security.
  6. RxJava, SLF4J, Java-WebSocket, PicoCLI, Logback, among others
  7. Other Dependencies: Besides the libraries mentioned above, we have updated various other dependencies to their latest versions to ensure stability and compatibility.

Elimination of Dependency on ConsenSys Repository for KZG Library

We are also pleased to report that we have removed the dependency on the ConsenSys repository for the KZG library. A big thank you to the ConsenSys team for making their library, jc-kzg-4844, available on Maven Central. This change simplifies our build process, increases reliability, and encourages users to utilize public repositories.

Kotlin Upgrade

Kotlin has been updated from 1.8.10 to 1.9.4 in Web3j projects, leading to enhanced performance and more efficient code through improved language features and compiler optimizations. This update also fosters better integration with modern development tools and libraries, ensuring a smoother and more productive development experience.

JUnit 4 Upgraded to JUnit 5

All remaining JUnit 4 tests have been updated to JUnit 5, resulting in more efficient, readable, and maintainable test code.

Latest Web3j Version: v4.12.0

With these updates, we are delighted to announce that the latest main version of Web3j is v4.12.0. This release encompasses all the above enhancements, offering a more secure, efficient, and stable foundation for your blockchain applications.

We encourage all developers to update to the latest versions to take full advantage of these improvements. As always, we value your support and contributions to the Web3j ecosystem. Should you have any questions or require assistance with the upgrade, please contact our Discord Channel – (Note: You will need to join the Hyperledger Server to access our Channel) or visit the Hyperledger Web3j GitHub repository.

Contents
Key Updates in Web3jGradle Updated to 8.7Updated Dependency LibrariesElimination of Dependency on ConsenSys Repository for KZG LibraryKotlin UpgradeJUnit 4 Upgraded to JUnit 5Latest Web3j Version: v4.12.0

You Might Also Like

Checksum Verification in Web3j: Protecting Against Attacks

Linea ENS Integration in Hyperledger Web3j for Developers

Run an RPC Node on Base with Moralis: A Step-by-Step Guide[embed]https://www.youtube.com/watch?v=G3sNXEls0HA[/embed]

Moralis Expands with Full Support for Linea Layer-2 Solution

Moralis Unveils Enhanced Wallet API with New DeFi Positions

Share This Article
Previous Article Stacks’ Smart Contract Hits ATH as Nakamoto Upgrade Window Opens
Next Article Coinbase CFO: Harris Campaign Now Accepts Crypto Donations
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Stay Connected

- Advertisement -

Latest News

4 Cryptos to Challenge Solana: Potential Growth for Investors
Defi
Bitcoin ETF Inflows Exceed $3B, Demand Reaches 6-Month Peak
ETFs
Japan’s Push for Bitcoin and Ethereum ETFs Gains Momentum
Institutions
Ripple Appeals Court Ruling on XRP’s Institutional Sales
Meme