Hello,

We recently upgraded our application to JDK 25.0.2 and saw a changed behaviour in the Desktop.browse method when opening any non-http URLs on Windows. Previously, those URLs were opened with the default application associated with that URL scheme, now it always opens the URL in the web browser, even though it shouldn't really do that. Even stuff like file:// URLs are opened in the browser.

I saw there were PRs for both the AWT and JavaFX implementation for opening URLs, but the related JBS issues are private. So I'm guessing some kind of security issue?

Is this the expected behaviour now due to security constraints or is this a bug?

Best
Christopher Schnick

Reply via email to