| [jetty-dev] JDK 23 Release Candidates | Restrictive JAXP Configuration Heads-up |
|
Welcome to the latest OpenJDK Quality Outreach update! Everything is on track for the General Availability of Java 23 on September 17th [1] as the JDK 23 Release Candidate builds (RC2 - builds 37) are now available [2]. And before
shifting your attention to JDK 24, make sure to check the Heads-Up below as it is related to an important JAXP update in JDK 23. The JVM Language Summit took place earlier this month in Santa Clara (California). During this unique conference, key updates around the Java platforms were presented and discussed.
So, make sure to watch the JVMLS 2024 playlist [3] as videos are added regularly. And it's not really a surprise but Valhalla was a highly discussed topic. In his session [4], Brian Goetz (Java Language Architect) explained the proposed solution: value classes,
null-restricted types, improved definite assignment analysis, and strict initialization. Around the same time-frame, Valhalla Early-Access builds implementing Value Classes and Objects were also made available [5], see the Release Notes [6] for the details.
As usual, feedback should be reported to the proper mailing list [7]. [1]
https://openjdk.org/projects/jdk/23/ [3]
https://www.youtube.com/playlist?list=PLX8CzqL3ArzUEYnTa6KYORRbP3nhsK0L1 [4]
https://www.youtube.com/watch?v=IF9l8fYfSnI [5]
https://jdk.java.net/valhalla/ [6]
https://openjdk.org/projects/valhalla/early-access [7]
https://mail.openjdk.org/mailman/listinfo/valhalla-dev ## Heads-up - JDK 23: Prepare for a More Restrictive JAXP Configuration The Java platform supports XML processing with JAXP (Java APIs for XML Processing) that are based on a wide range of XML technologies and standards, which can make them challenging
to secure. To mitigate risks, JAXP offers comprehensive security features [8], but the default settings of some security features are not strict, making them opt-in. To improve out-of-the-box security, future JDK releases will make XML processing more restrictive
by default and JDKs 21 to 23 help developers prepare for these changes. ### JDK 21: JAXP Configuration File JDK 21 added `$JAVA_HOME/conf/jaxp.properties` as the default JAXP configuration file, property settings in this file reflect the current, built-in defaults for the JDK. JDK 21
also added the system property `java.xml.config.file` for specifying the location of a custom configuration file. For details, refer to JDK-8303530 [9] or the `java.xml` documentation [10]. ### JDK 23: Restrictive JAXP Configuration File Template JDK 23 adds `$JAVA_HOME/conf/jaxp-strict.properties.template`, a JAXP configuration file template that specifies more restrictive XML processing settings. It is recommended to
test applications on these more restrictive settings to prepare them for a future JDK release that has them as default. The following steps should be used to test an application with that template: * copy the template file to a location outside of `$JAVA_HOME/conf`, e.g. `/<my_path>/jaxp-strict.properties` * run the application with the system property `java.xml.config.file` set to the file's path, e.g. `java -Djava.xml.config.file=/<my_path>/jaxp-strict.properties myApp` For details, please refer to JDK-8330542 [11]. [9]
https://bugs.openjdk.org/browse/JDK-8303530 [10]
https://docs.oracle.com/en/java/javase/21/docs/api/java.xml/module-summary.html#Conf [11]
https://bugs.openjdk.org/browse/JDK-8330542 ## JDK 24 Early-Access Builds The JDK 24 early-access builds 12 are available [12], and are provided under the GNU General Public License v2, with the Classpath Exception. The Release Notes are available here
[13]. ### Changes in recent JDK 24 builds that may be of interest: - JDK-8335638: Calling VarHandle.{access-mode} methods reflectively throws wrong exception - JDK-8329471: Remove GTK2 - JDK-8333772: Incorrect Kerberos behavior when udp_preference_limit = 0 - JDK-8304929: MethodTypeDesc throws an unchecked exception than ReflectiveOperationException … - JDK-4966250: SSLSessionContext.setSessionTimeout() documentation could be updated - JDK-8337506: Disable "best-fit" mapping on Windows command line - JDK-8336479: Provide Process.waitFor(Duration) - JDK-8336999: Verification for resource area allocated data structures in C2 - JDK-8335480: Only deoptimize threads if needed when closing shared arena - JDK-8335939: Hide element writing across the ClassFile API - JDK-8336489: Track scoped accesses in JVMCI compiled code - JDK-8334492: DiagnosticCommands (jcmd) should accept %p in output filenames and substitute PID - JDK-8334495: Use FFM instead of jdk.internal.misc.Unsafe in java.desktop font implementation - JDK-8333396: Use StringBuilder internally for java.text.Format.* formatting - JDK-8336815: Several methods in java.net.Socket and ServerSocket do not s… Note: A more exhaustive list of changes can be found here [14]. [13]
https://jdk.java.net/24/release-notes [14]
https://github.com/openjdk/jdk/compare/jdk-24+7...jdk-24+12 # Project Loom New Early-Access Builds The latest Loom early access builds (Builds 24-loom+3-33 -2024/7/27) are now available [15]. These builds, based on an incomplete version of JDK 24, improve the implementation
of Java monitors (synchronized methods) to work better with virtual threads. These builds are intended for developers looking to "kick the tires" and provide feedback or bug reports. Feedback should be reported to the Loom mailing list [16] (subscription
required). [15]
https://jdk.java.net/loom/ [16]
http://mail.openjdk.org/mailman/listinfo/loom-dev # JavaFX Early-Access Builds These are early access builds of the JavaFX 23 and 24 Runtime built from openjdk/jfx [17]. These builds enable JavaFX application developers to build and test their applications
with JavaFX 23 and 24 on JDK 23 and 24 respectively. And although these builds are designed to work with JDK 23 EA, they are also known to work with JDK 21 and later versions. The latest early access builds of JavaFX 23 (Builds 27) are available [18], under the GNU General Public License, version 2, with the Classpath Exception. And similarly, the latest
early access builds of JavaFX 24 (Builds 4) are available here [19]. [17]
https://github.com/openjdk/jfx [18]
https://jdk.java.net/javafx23/ [19]
https://jdk.java.net/javafx24/ ## Topics of Interest - JDK 23 G1/Parallel/Serial GC changes https://tschatzl.github.io/2024/07/22/jdk23-g1-serial-parallel-gc-changes.html - How to Read a JDK Enhancement Proposal https://inside.java/2024/08/01/newscast-74/ - JFR Event to Detect Invocations of Deprecated Methods https://egahlin.github.io/2024/05/31/deprecated-event.html - JVMLS: Valhalla - Where Are We? https://www.youtube.com/watch?v=IF9l8fYfSnI - JVMLS: An Opinionated Overview on Static Analysis for Java https://inside.java/2024/08/20/jvmls-static-analysis/ - JVMLS: Rethinking Java String Concatenation https://inside.java/2024/08/19/jvmls-string-concatention/ - JVMLS: Project Babylon - Code Reflection https://inside.java/2024/08/14/jvmls-code-reflection/ - JVMLS: A Code Reflection Example - Translating Java to SPIR-V https://inside.java/2024/08/16/jvmls-spir-v/ - JVMLS: Java in 2024 Keynote https://inside.java/2024/08/12/jvmls-keynote/ ~ As always, please ping me if you encounter issues with an early-access build. And see you next month for the Java 23 launch! --David |