datasharingframework · hhund · Oct 2, 2025 · Sep 17, 2025 · Sep 17, 2025 · Sep 17, 2025
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -23,22 +23,26 @@ jobs:
 
     steps:
     - name: Checkout repository
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
 
-    - name: Set up JDK 21
+    - name: Set up JDK 25
       if: ${{ matrix.language == 'java-kotlin' }}
-      uses: actions/setup-java@v3
+      uses: actions/setup-java@v5
       with:
         distribution: 'zulu'
-        java-version: 21
+        java-version: 25
         cache: 'maven'
+        check-latest: true
 
     - name: Initialize CodeQL
       uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         queries: security-extended, security-and-quality
 
+    - name: Display Maven Version
+      run: mvn --version
+
     - name: Compile with Maven
       if: ${{ matrix.language == 'java-kotlin' }}
       run: mvn --batch-mode --fail-at-end --threads 1C -Dimpsort.skip=true -Dformatter.skip=true -Denforcer.skip -Dmaven.buildNumber.skip=true -Dexec.skip=true -DskipTests -DskipShadePlugin=true -P!generate-source-and-javadoc-jars clean package

diff --git a/.github/workflows/maven-build.yml b/.github/workflows/maven-build.yml
@@ -10,12 +10,13 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v4
-    - name: Set up JDK 21
-      uses: actions/setup-java@v3
+    - name: Checkout repository 
+      uses: actions/checkout@v5
+    - name: Set up JDK 25
+      uses: actions/setup-java@v5
       with:
         distribution: 'zulu'
-        java-version: 21
+        java-version: 25
         cache: 'maven'
     - name: Build with Maven
       run: mvn --batch-mode --fail-at-end -DforkCount=2 clean verify
diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
@@ -14,12 +14,13 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
-      - name: Set up JDK 21
-        uses: actions/setup-java@v3
+      - name: Checkout repository
+        uses: actions/checkout@v5
+      - name: Set up JDK 25
+        uses: actions/setup-java@v5
         with:
           distribution: 'zulu'
-          java-version: 21
+          java-version: 25
           cache: 'maven'
           check-latest: true
       - name: Publish with Maven

diff --git a/...pe-process-api-v1-impl/src/main/java/dev/dsf/bpe/v1/service/OrganizationProviderImpl.java b/...pe-process-api-v1-impl/src/main/java/dev/dsf/bpe/v1/service/OrganizationProviderImpl.java
@@ -141,6 +141,6 @@ public List<Organization> getRemoteOrganizations()
 
 		Map<String, List<String>> searchParameters = Map.of("active", List.of("true"), "identifier:not",
 				List.of(toSearchParameter(localOrganizationIdentifier.get())));
-		return search(Organization.class, searchParameters, SearchEntryMode.MATCH, Organization.class, o -> true);
+		return search(Organization.class, searchParameters, SearchEntryMode.MATCH, Organization.class, _ -> true);
 	}
 }
diff --git a/...ocess-api-v1-impl/src/main/java/dev/dsf/fhir/authorization/read/ReadAccessHelperImpl.java b/...ocess-api-v1-impl/src/main/java/dev/dsf/fhir/authorization/read/ReadAccessHelperImpl.java
@@ -284,7 +284,7 @@ public boolean hasAll(Resource resource)
 	@Override
 	public boolean isValid(Resource resource)
 	{
-		return isValid(resource, organizationIdentifier -> true, role -> true);
+		return isValid(resource, _ -> true, _ -> true);
 	}
 
 	@Override

diff --git a/...i-v1/src/main/java/dev/dsf/fhir/authorization/process/ProcessAuthorizationHelperImpl.java b/...i-v1/src/main/java/dev/dsf/fhir/authorization/process/ProcessAuthorizationHelperImpl.java
@@ -322,7 +322,7 @@ public Stream<Requester> getRequesters(ActivityDefinition activityDefinition, St
 							.equals(e.getUrl()))
 					.filter(Extension::hasValue).filter(e -> e.getValue() instanceof Coding)
 					.map(e -> (Coding) e.getValue())
-					.flatMap(coding -> requesterFrom(coding, c -> true, i -> true, c -> true).stream());
+					.flatMap(coding -> requesterFrom(coding, _ -> true, _ -> true, _ -> true).stream());
 	}
 
 	@Override
@@ -340,7 +340,7 @@ public Stream<Recipient> getRecipients(ActivityDefinition activityDefinition, St
 							.equals(e.getUrl()))
 					.filter(Extension::hasValue).filter(e -> e.getValue() instanceof Coding)
 					.map(e -> (Coding) e.getValue())
-					.flatMap(coding -> recipientFrom(coding, i -> true, c -> true).stream());
+					.flatMap(coding -> recipientFrom(coding, _ -> true, _ -> true).stream());
 	}
 
 	private Optional<Extension> getAuthorizationExtension(ActivityDefinition activityDefinition, String processUrl,

diff --git a/...pe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/service/OrganizationProviderImpl.java b/...pe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/service/OrganizationProviderImpl.java
@@ -142,14 +142,14 @@ public List<Organization> getRemoteOrganizations()
 		Map<String, List<String>> searchParameters = Map.of("active", List.of("true"), "identifier:not",
 				List.of(toSearchParameter(localOrganizationIdentifier.get())), "_profile",
 				List.of("http://dsf.dev/fhir/StructureDefinition/organization"));
-		return search(Organization.class, searchParameters, SearchEntryMode.MATCH, Organization.class, o -> true);
+		return search(Organization.class, searchParameters, SearchEntryMode.MATCH, Organization.class, _ -> true);
 	}
 
 	@Override
 	public List<Organization> getParentOrganizations()
 	{
 		Map<String, List<String>> searchParameters = Map.of("active", List.of("true"), "_profile",
 				List.of("http://dsf.dev/fhir/StructureDefinition/organization-parent"));
-		return search(Organization.class, searchParameters, SearchEntryMode.MATCH, Organization.class, o -> true);
+		return search(Organization.class, searchParameters, SearchEntryMode.MATCH, Organization.class, _ -> true);
 	}
 }
diff --git a/...sf-bpe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/service/ReadAccessHelperImpl.java b/...sf-bpe-process-api-v2-impl/src/main/java/dev/dsf/bpe/v2/service/ReadAccessHelperImpl.java
@@ -298,7 +298,7 @@ public boolean hasAll(Resource resource)
 	@Override
 	public boolean isValid(Resource resource)
 	{
-		return isValid(resource, organizationIdentifier -> true, role -> true);
+		return isValid(resource, _ -> true, _ -> true);
 	}
 
 	@Override

diff --git a/...-v2-impl/src/main/java/dev/dsf/bpe/v2/service/process/ProcessAuthorizationHelperImpl.java b/...-v2-impl/src/main/java/dev/dsf/bpe/v2/service/process/ProcessAuthorizationHelperImpl.java
@@ -437,7 +437,7 @@ public Stream<Requester> getRequesters(ActivityDefinition activityDefinition, St
 					.filter(e -> EXTENSION_PROCESS_AUTHORIZATION_REQUESTER.equals(e.getUrl()))
 					.filter(Extension::hasValue).filter(e -> e.getValue() instanceof Coding)
 					.map(e -> (Coding) e.getValue())
-					.flatMap(coding -> requesterFrom(coding, c -> true, i -> true, c -> true).stream());
+					.flatMap(coding -> requesterFrom(coding, _ -> true, _ -> true, _ -> true).stream());
 	}
 
 	@Override
@@ -454,7 +454,7 @@ public Stream<Recipient> getRecipients(ActivityDefinition activityDefinition, St
 					.filter(e -> EXTENSION_PROCESS_AUTHORIZATION_RECIPIENT.equals(e.getUrl()))
 					.filter(Extension::hasValue).filter(e -> e.getValue() instanceof Coding)
 					.map(e -> (Coding) e.getValue())
-					.flatMap(coding -> recipientFrom(coding, i -> true, c -> true).stream());
+					.flatMap(coding -> recipientFrom(coding, _ -> true, _ -> true).stream());
 	}
 
 	private Optional<Extension> getAuthorizationExtension(ActivityDefinition activityDefinition, String processUrl,

diff --git a/.../dsf-bpe-process-api-v2/src/main/java/dev/dsf/bpe/v2/activity/task/DefaultTaskSender.java b/.../dsf-bpe-process-api-v2/src/main/java/dev/dsf/bpe/v2/activity/task/DefaultTaskSender.java
@@ -44,7 +44,7 @@ protected static record TaskAndConfig(Task task, String instantiatesCanonical, S
 	public DefaultTaskSender(ProcessPluginApi api, Variables variables, SendTaskValues sendTaskValues,
 			BusinessKeyStrategy businessKeyStrategy)
 	{
-		this(api, variables, sendTaskValues, businessKeyStrategy, t -> List.of());
+		this(api, variables, sendTaskValues, businessKeyStrategy, _ -> List.of());
 	}
 
 	public DefaultTaskSender(ProcessPluginApi api, Variables variables, SendTaskValues sendTaskValues,

diff --git a/dsf-bpe/dsf-bpe-process-api/src/main/java/dev/dsf/bpe/api/plugin/AbstractProcessPlugin.java b/dsf-bpe/dsf-bpe-process-api/src/main/java/dev/dsf/bpe/api/plugin/AbstractProcessPlugin.java
@@ -247,7 +247,7 @@ public boolean initializeAndValidateResources(String localOrganizationIdentifier
 		}
 
 		Map<String, Integer> processCounts = models.stream()
-				.collect(Collectors.toMap(m -> m.toProcessIdAndVersion().getId(), m -> 1, (c1, c2) -> c1 + c2));
+				.collect(Collectors.toMap(m -> m.toProcessIdAndVersion().getId(), _ -> 1, (c1, c2) -> c1 + c2));
 		if (processCounts.values().stream().anyMatch(c -> c > 1))
 		{
 			logger.warn("Ignoring process plugin {}-{} from {}: Processes with duplicate IDs found {}",
@@ -1164,7 +1164,7 @@ private boolean isValidQuestionnaire(String file, Object resource)
 	private Object modifyBaseDefinitionIfTaskProfile(Object resource, String file)
 	{
 		Optional<String> baseDefinition = fhirConfig.getStructureDefinitionBaseDefinition(resource);
-		baseDefinition.filter(d -> STRUCTURE_DEFINITION_BASE_TASK_URL_V1.equals(d)).ifPresent(d ->
+		baseDefinition.filter(d -> STRUCTURE_DEFINITION_BASE_TASK_URL_V1.equals(d)).ifPresent(_ ->
 		{
 			logger.info(
 					"Setting StructureDefinition.baseDefinition to {} for FHIR resource {} from process plugin {}-{}",

diff --git a/dsf-bpe/dsf-bpe-server-jetty/docker/Dockerfile b/dsf-bpe/dsf-bpe-server-jetty/docker/Dockerfile
@@ -8,7 +8,7 @@ RUN chown root:java ./ && \
 	chmod 1775 ./log
 
 
-FROM azul/zulu-openjdk:21-jre-headless
+FROM azul/zulu-openjdk:25-jre-headless
 LABEL org.opencontainers.image.source=https://github.com/datasharingframework/dsf
 LABEL org.opencontainers.image.description="DSF BPE Server"
 LABEL org.opencontainers.image.licenses="Apache License, Version 2.0"

diff --git a/dsf-bpe/dsf-bpe-server/pom.xml b/dsf-bpe/dsf-bpe-server/pom.xml
@@ -211,12 +211,6 @@
 			<artifactId>log4j-slf4j2-impl</artifactId>
 			<scope>test</scope>
 		</dependency>
-		<!-- For async logging with log4j2 -->
-		<dependency>
-			<groupId>com.lmax</groupId>
-			<artifactId>disruptor</artifactId>
-			<scope>test</scope>
-		</dependency>
 
 		<dependency>
 			<groupId>dev.dsf</groupId>

diff --git a/...e-server/src/main/java/dev/dsf/bpe/camunda/MultiVersionClassDelegateActivityBehavior.java b/...e-server/src/main/java/dev/dsf/bpe/camunda/MultiVersionClassDelegateActivityBehavior.java
@@ -40,14 +40,14 @@
 
 			JavaDelegate delegate = switch (e.getBpmnModelElementInstance())
 			{
-				case SendTask st ->
+				case SendTask _ ->
 					delegateProvider.getMessageSendTask(processKeyAndVersion, className, fieldDeclarations, execution);
-				case ServiceTask st ->
+				case ServiceTask _ ->
 					delegateProvider.getServiceTask(processKeyAndVersion, className, fieldDeclarations, execution);
-				case EndEvent ee ->
+				case EndEvent _ ->
 					delegateProvider.getMessageEndEvent(processKeyAndVersion, className, fieldDeclarations, execution);
-				case IntermediateThrowEvent ite -> delegateProvider.getMessageIntermediateThrowEvent(
-						processKeyAndVersion, className, fieldDeclarations, execution);
+				case IntermediateThrowEvent _ -> delegateProvider.getMessageIntermediateThrowEvent(processKeyAndVersion,
+						className, fieldDeclarations, execution);
 
 				default -> throw new IllegalArgumentException("Unexpected value: " + e.getBpmnModelElementInstance());
 			};

diff --git a/dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/mail/SmtpMailService.java b/dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/mail/SmtpMailService.java
@@ -156,8 +156,8 @@ private Log4jAppender(Session session, MimeMessage message, String subject, int
 			MailManagerFactory factory = (name, data) -> new SmtpManager(name, session, message, data)
 			{
 			};
-			FactoryData data = new FactoryData(null, null, null, null, null, null, event -> subject, null, null, 0,
-					null, null, false, messageBufferSize, null, null);
+			FactoryData data = new FactoryData(null, null, null, null, null, null, _ -> subject, null, null, 0, null,
+					null, false, messageBufferSize, null, null);
 			manager = AbstractManager.getManager("SmtpMailService.Log4jAppender.Manager", factory, data);
 		}
 

diff --git a/dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/plugin/FhirResourceHandlerImpl.java b/dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/plugin/FhirResourceHandlerImpl.java
@@ -96,7 +96,7 @@ public void applyStateChangesAndStoreNewResourcesInDb(Map<ProcessIdAndVersion, L
 
 			currentOrOldProcessResources.forEach(res ->
 			{
-				resources.computeIfPresent(res.getResourceInfo(), (processInfo, processResource) ->
+				resources.computeIfPresent(res.getResourceInfo(), (_, processResource) ->
 				{
 					processResource.addAll(res.getProcesses());
 

diff --git a/dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/spring/config/AuthenticationConfig.java b/dsf-bpe/dsf-bpe-server/src/main/java/dev/dsf/bpe/spring/config/AuthenticationConfig.java
@@ -44,7 +44,7 @@ public IdentityProvider identityProvider()
 	public RoleConfig roleConfig()
 	{
 		RoleConfig config = new RoleConfigReader().read(propertiesConfig.getRoleConfig(),
-				role -> BpeServerRole.isValid(role) ? BpeServerRole.valueOf(role) : null, s -> null);
+				role -> BpeServerRole.isValid(role) ? BpeServerRole.valueOf(role) : null, _ -> null);
 
 		logger.info("Role config: {}", config.toString());
 		return config;

diff --git a/...e-server/src/main/java/dev/dsf/bpe/subscription/ConcurrentSubscriptionHandlerFactory.java b/...e-server/src/main/java/dev/dsf/bpe/subscription/ConcurrentSubscriptionHandlerFactory.java
@@ -35,7 +35,7 @@ public ConcurrentSubscriptionHandlerFactory(int corePoolSize, SubscriptionHandle
 			throw new IllegalArgumentException("corePoolSize <= 0");
 
 		executor = new ThreadPoolExecutor(corePoolSize, corePoolSize, 30, TimeUnit.MINUTES, queue,
-				(r, executor) -> logger.error("Unable to handle Task - execution rejected"));
+				(_, _) -> logger.error("Unable to handle Task - execution rejected"));
 		executor.allowCoreThreadTimeOut(true);
 
 		this.delegate = delegate;

diff --git a/dsf-bpe/dsf-bpe-server/src/test/resources/log4j2-maven-surefire-config.xml b/dsf-bpe/dsf-bpe-server/src/test/resources/log4j2-maven-surefire-config.xml
@@ -14,12 +14,12 @@
 			<AppenderRef ref="DATA"/>
 		</Logger>
 
-		<AsyncLogger name="dev.dsf" level="INFO"/>
-		<AsyncLogger name="org.eclipse.jetty" level="INFO"/>
+		<Logger name="dev.dsf" level="INFO"/>
+		<Logger name="org.eclipse.jetty" level="INFO"/>
 		<Logger name="ca.uhn.fhir.parser.LenientErrorHandler" level="ERROR"/>
 
-		<AsyncRoot level="WARN">
+		<Root level="WARN">
 			<AppenderRef ref="CONSOLE"/>
-		</AsyncRoot>
+		</Root>
 	</Loggers>
 </Configuration>
diff --git a/...pe-test-plugin-v2/src/main/java/dev/dsf/bpe/test/service/ErrorBoundaryEventTestThrow.java b/...pe-test-plugin-v2/src/main/java/dev/dsf/bpe/test/service/ErrorBoundaryEventTestThrow.java
@@ -21,6 +21,6 @@ public void execute(ProcessPluginApi api, Variables variables) throws ErrorBound
 	@Override
 	public ServiceTaskErrorHandler getErrorHandler()
 	{
-		return new ExceptionToErrorBoundaryEventTranslationErrorHandler(e -> TEST_ERROR_CODE);
+		return new ExceptionToErrorBoundaryEventTranslationErrorHandler(_ -> TEST_ERROR_CODE);
 	}
 }
diff --git a/dsf-common/dsf-common-auth/src/test/java/dev/dsf/common/auth/RoleConfigReaderTest.java b/dsf-common/dsf-common-auth/src/test/java/dev/dsf/common/auth/RoleConfigReaderTest.java
@@ -12,24 +12,24 @@ public class RoleConfigReaderTest
 	@Test(expected = NullPointerException.class)
 	public void testReadNullString() throws Exception
 	{
-		new RoleConfigReader().read((String) null, s -> null, s -> null);
+		new RoleConfigReader().read((String) null, _ -> null, _ -> null);
 	}
 
 	@Test
 	public void testReadEmptyString() throws Exception
 	{
-		new RoleConfigReader().read("", s -> null, s -> null);
+		new RoleConfigReader().read("", _ -> null, _ -> null);
 	}
 
 	@Test(expected = NullPointerException.class)
 	public void testReadNullInputStream() throws Exception
 	{
-		new RoleConfigReader().read((InputStream) null, s -> null, s -> null);
+		new RoleConfigReader().read((InputStream) null, _ -> null, _ -> null);
 	}
 
 	@Test
 	public void testReadEmptyInputStream() throws Exception
 	{
-		new RoleConfigReader().read(new ByteArrayInputStream(new byte[0]), s -> null, s -> null);
+		new RoleConfigReader().read(new ByteArrayInputStream(new byte[0]), _ -> null, _ -> null);
 	}
 }
diff --git a/dsf-common/dsf-common-jetty/src/main/java/dev/dsf/common/logging/Log4jInitializer.java b/dsf-common/dsf-common-jetty/src/main/java/dev/dsf/common/logging/Log4jInitializer.java
@@ -180,11 +180,11 @@ else if (SPECIAL_JSON_LOGSTASH.equalsIgnoreCase(value))
 			return configuration -> JsonTemplateLayout.newBuilder().setConfiguration(configuration)
 					.setEventTemplateUri(TemplateUri.LOGSTASH.getUri()).build();
 		else if (SPECIAL_TEXT.equalsIgnoreCase(value))
-			return configuration -> PatternLayout.newBuilder().withPattern("%d %m%n").build();
+			return _ -> PatternLayout.newBuilder().withPattern("%d %m%n").build();
 		else if (SPECIAL_TEXT_MDC.equalsIgnoreCase(value))
-			return configuration -> PatternLayout.newBuilder().withPattern("%d%notEmpty{ %X} %m%n").build();
+			return _ -> PatternLayout.newBuilder().withPattern("%d%notEmpty{ %X} %m%n").build();
 		else if (SPECIAL_OFF.equalsIgnoreCase(value))
-			return configuration -> null;
+			return _ -> null;
 		else
 			throw new IllegalArgumentException("Value '" + value + "' for " + parameter + " not supported");
 	}

diff --git a/dsf-common/dsf-common-oidc/src/main/java/dev/dsf/common/oidc/Jwks.java b/dsf-common/dsf-common-oidc/src/main/java/dev/dsf/common/oidc/Jwks.java
@@ -66,39 +66,42 @@ public Algorithm toAlgorithm() throws JwksException
 		{
 			return switch (kty)
 			{
-				case "RSA" -> {
+				case "RSA" -> toRsaAlgorithm();
+				case "EC" -> toEcdsaAlgorithm();
 
-					RSAPublicKey key = toRsaPublicKey(n, e);
-					RSAKeyProvider keyProvider = toRsaKeyProvider(key, kid);
-
-					yield switch (alg)
-					{
-						case "RS256" -> Algorithm.RSA256(keyProvider);
-						case "RS384" -> Algorithm.RSA384(keyProvider);
-						case "RS512" -> Algorithm.RSA512(keyProvider);
+				default -> throw new JwksException("JWKS kty property value '" + kty + "' not one of 'RSA' or 'EC'");
+			};
+		}
 
-						default -> throw new JwksException(
-								"JWKS alg property value '" + alg + "' not one of 'RSA256', 'RSA384' or 'RSA512'");
-					};
-				}
+		private Algorithm toRsaAlgorithm()
+		{
+			RSAPublicKey key = toRsaPublicKey(n, e);
+			RSAKeyProvider keyProvider = toRsaKeyProvider(key, kid);
 
-				case "EC" -> {
+			return switch (alg)
+			{
+				case "RS256" -> Algorithm.RSA256(keyProvider);
+				case "RS384" -> Algorithm.RSA384(keyProvider);
+				case "RS512" -> Algorithm.RSA512(keyProvider);
 
-					ECPublicKey key = toEcPublicKey(x, y, crv);
-					ECDSAKeyProvider keyProvider = toEcKeyProvider(key, kid);
+				default -> throw new JwksException(
+						"JWKS alg property value '" + alg + "' not one of 'RSA256', 'RSA384' or 'RSA512'");
+			};
+		}
 
-					yield switch (alg)
-					{
-						case "ES256" -> Algorithm.ECDSA256(keyProvider);
-						case "ES384" -> Algorithm.ECDSA384(keyProvider);
-						case "ES512" -> Algorithm.ECDSA512(keyProvider);
+		private Algorithm toEcdsaAlgorithm()
+		{
+			ECPublicKey key = toEcPublicKey(x, y, crv);
+			ECDSAKeyProvider keyProvider = toEcKeyProvider(key, kid);
 
-						default -> throw new JwksException(
-								"JWKS crv property value '" + alg + "' not one of 'ES256', 'ES384' or 'ES512'");
-					};
-				}
+			return switch (alg)
+			{
+				case "ES256" -> Algorithm.ECDSA256(keyProvider);
+				case "ES384" -> Algorithm.ECDSA384(keyProvider);
+				case "ES512" -> Algorithm.ECDSA512(keyProvider);
 
-				default -> throw new JwksException("JWKS kty property value '" + kty + "' not one of 'RSA' or 'EC'");
+				default -> throw new JwksException(
+						"JWKS crv property value '" + alg + "' not one of 'ES256', 'ES384' or 'ES512'");
 			};
 		}