Java

JetBrains has announced that starting with version 2026.1 EAP, all IntelliJ-based IDEs will transition to running natively on Wayland by default for supported Linux desktop environments. This shift aligns with Wayland becoming the primary display server across modern Linux distributions. While the user interface remains familiar, technical differences in Wayland mean the window manager now controls window positioning, affecting dialog placement and the visibility of the startup splash screen. JetBrains has improved stability, drag-and-drop, and input method support since the initial preview. For environments where Wayland is not supported, X11 remains functional via XWayland. This initiative is part of JetBrains' commitment to the OpenJDK project Wakefield, ensuring Java applications perform natively and efficiently on modern Linux architecture while maintaining an open-source development model.

A contributor named Bingwu Zhang shared a frustrating experience regarding the Oracle Contributor Agreement (OCA) process for OpenJDK. Despite attempting to submit patches since January 2025, the contributor faced a year-long delay without approval or rejection from Oracle. Despite multiple follow-ups, the process remained stalled in a repetitive cycle of apologies without progress. Suspecting geopolitical or export control factors due to being based in Mainland China, the author eventually decided to cease their efforts to upstream the code. Consequently, the contributor released several technical patches related to llvm-config checks and thread stack size adjustments for the zero variant, inviting other developers to rewrite and submit them to bypass the stalled OCA. This case highlights significant bureaucratic hurdles within major open-source ecosystems managed by corporate entities.

Security researchers have identified a sophisticated campaign targeting Ivanti Endpoint Manager Mobile (EPMM) that utilizes dormant 'Sleeper Shells.' Unlike typical rapid-exploitation attacks, this operation involves deploying an in-memory Java class loader at /mifs/403.jsp and then going silent. The loader, identified as base.Info, does not execute commands immediately but acts as a staging mechanism for a secondary payload to be delivered via HTTP parameters. This behavior is highly characteristic of Initial Access Brokers (IABs) who establish a persistent foothold to sell or hand off to other cybercriminals later. The implant resides solely in memory, making it invisible to many traditional antivirus solutions. Defending against such threats requires immediate patching of CVE-2026-1281 and CVE-2026-1340, followed by a full server restart to flush the volatile memory. Organizations are urged to hunt for specific indicators of compromise, such as the k0f53cf964d387 parameter, to ensure their environments are not silently compromised.

Modern Java garbage collectors, like ZGC and G1, decouple pause times from CPU overhead, creating operational blind spots. OpenJDK 26 introduces the MemoryMXBean.getTotalGcCpuTime() API and -Xlog:cpu to quantify explicit GC costs. This allows engineers to measure infrastructure efficiency and make informed decisions regarding the trade-offs between memory allocation and CPU consumption.