Thanks for the heads-up, David. Derby builds and tests cleanly with Open
JDK build 23+37-2369.
On 8/23/24 5:10 AM, David Delabassee wrote:
Welcome to the latest OpenJDK Quality Outreach update!
Everything is on track for the General Availability of Java 23 on September
17th [1] as the JDK 23 Release Candidate builds (RC2 - builds 37) are now
available [2]. And before shifting your attention to JDK 24, make sure to check
the Heads-Up below as it is related to an important JAXP update in JDK 23.
The JVM Language Summit took place earlier this month in Santa Clara
(California). During this unique conference, key updates around the Java
platforms were presented and discussed. So, make sure to watch the JVMLS 2024
playlist [3] as videos are added regularly. And it's not really a surprise but
Valhalla was a highly discussed topic. In his session [4], Brian Goetz (Java
Language Architect) explained the proposed solution: value classes,
null-restricted types, improved definite assignment analysis, and strict
initialization. Around the same time-frame, Valhalla Early-Access builds
implementing Value Classes and Objects were also made available [5], see the
Release Notes [6] for the details. As usual, feedback should be reported to the
proper mailing list [7].
[1] https://openjdk.org/projects/jdk/23/
[2] https://jdk.java.net/23/
[3] https://www.youtube.com/playlist?list=PLX8CzqL3ArzUEYnTa6KYORRbP3nhsK0L1
[4] https://www.youtube.com/watch?v=IF9l8fYfSnI
[5] https://jdk.java.net/valhalla/
[6] https://openjdk.org/projects/valhalla/early-access
[7] https://mail.openjdk.org/mailman/listinfo/valhalla-dev
## Heads-up - JDK 23: Prepare for a More Restrictive JAXP Configuration
The Java platform supports XML processing with JAXP (Java APIs for XML
Processing) that are based on a wide range of XML technologies and standards,
which can make them challenging to secure. To mitigate risks, JAXP offers
comprehensive security features [8], but the default settings of some security
features are not strict, making them opt-in. To improve out-of-the-box
security, future JDK releases will make XML processing more restrictive by
default and JDKs 21 to 23 help developers prepare for these changes.
### JDK 21: JAXP Configuration File
JDK 21 added `$JAVA_HOME/conf/jaxp.properties` as the default JAXP
configuration file, property settings in this file reflect the current,
built-in defaults for the JDK. JDK 21 also added the system property
`java.xml.config.file` for specifying the location of a custom configuration
file. For details, refer to JDK-8303530 [9] or the `java.xml` documentation
[10].
### JDK 23: Restrictive JAXP Configuration File Template
JDK 23 adds `$JAVA_HOME/conf/jaxp-strict.properties.template`, a JAXP
configuration file template that specifies more restrictive XML processing
settings. It is recommended to test applications on these more restrictive
settings to prepare them for a future JDK release that has them as default.
The following steps should be used to test an application with that template:
* copy the template file to a location outside of `$JAVA_HOME/conf`, e.g.
`/<my_path>/jaxp-strict.properties`
* run the application with the system property `java.xml.config.file` set to the
file's path, e.g. `java
-Djava.xml.config.file=/<my_path>/jaxp-strict.properties myApp`
For details, please refer to JDK-8330542 [11].
[8]
https://docs.oracle.com/en/java/javase/22/security/java-api-xml-processing-jaxp-security-guide.html#GUID-6E76FE41-A8C5-4F56-AB46-83A89B1E904A
[9] https://bugs.openjdk.org/browse/JDK-8303530
[10]
https://docs.oracle.com/en/java/javase/21/docs/api/java.xml/module-summary.html#Conf
[11] https://bugs.openjdk.org/browse/JDK-8330542
## JDK 24 Early-Access Builds
The JDK 24 early-access builds 12 are available [12], and are provided under
the GNU General Public License v2, with the Classpath Exception. The Release
Notes are available here [13].
### Changes in recent JDK 24 builds that may be of interest:
- JDK-8335638: Calling VarHandle.{access-mode} methods reflectively throws
wrong exception
- JDK-8329471: Remove GTK2
- JDK-8333772: Incorrect Kerberos behavior when udp_preference_limit = 0
- JDK-8304929: MethodTypeDesc throws an unchecked exception than
ReflectiveOperationException …
- JDK-4966250: SSLSessionContext.setSessionTimeout() documentation could be
updated
- JDK-8337506: Disable "best-fit" mapping on Windows command line
- JDK-8336479: Provide Process.waitFor(Duration)
- JDK-8336999: Verification for resource area allocated data structures in C2
- JDK-8335480: Only deoptimize threads if needed when closing shared arena
- JDK-8335939: Hide element writing across the ClassFile API
- JDK-8336489: Track scoped accesses in JVMCI compiled code
- JDK-8334492: DiagnosticCommands (jcmd) should accept %p in output filenames
and substitute PID
- JDK-8334495: Use FFM instead of jdk.internal.misc.Unsafe in java.desktop font
implementation
- JDK-8333396: Use StringBuilder internally for java.text.Format.* formatting
- JDK-8336815: Several methods in java.net.Socket and ServerSocket do not s…
Note: A more exhaustive list of changes can be found here [14].
[12] https://jdk.java.net/24/
[13] https://jdk.java.net/24/release-notes
[14] https://github.com/openjdk/jdk/compare/jdk-24+7...jdk-24+12
# Project Loom New Early-Access Builds
The latest Loom early access builds (Builds 24-loom+3-33 -2024/7/27) are now available
[15]. These builds, based on an incomplete version of JDK 24, improve the implementation
of Java monitors (synchronized methods) to work better with virtual threads. These builds
are intended for developers looking to "kick the tires" and provide feedback or
bug reports. Feedback should be reported to the Loom mailing list [16] (subscription
required).
[15] https://jdk.java.net/loom/
[16] http://mail.openjdk.org/mailman/listinfo/loom-dev
# JavaFX Early-Access Builds
These are early access builds of the JavaFX 23 and 24 Runtime built from
openjdk/jfx [17]. These builds enable JavaFX application developers to build
and test their applications with JavaFX 23 and 24 on JDK 23 and 24
respectively. And although these builds are designed to work with JDK 23 EA,
they are also known to work with JDK 21 and later versions.
The latest early access builds of JavaFX 23 (Builds 27) are available [18],
under the GNU General Public License, version 2, with the Classpath Exception.
And similarly, the latest early access builds of JavaFX 24 (Builds 4) are
available here [19].
[17] https://github.com/openjdk/jfx
[18] https://jdk.java.net/javafx23/
[19] https://jdk.java.net/javafx24/
## Topics of Interest
- JDK 23 G1/Parallel/Serial GC changes
https://tschatzl.github.io/2024/07/22/jdk23-g1-serial-parallel-gc-changes.html
- How to Read a JDK Enhancement Proposal
https://inside.java/2024/08/01/newscast-74/
- JFR Event to Detect Invocations of Deprecated Methods
https://egahlin.github.io/2024/05/31/deprecated-event.html
- JVMLS: Valhalla - Where Are We?
https://www.youtube.com/watch?v=IF9l8fYfSnI
- JVMLS: An Opinionated Overview on Static Analysis for Java
https://inside.java/2024/08/20/jvmls-static-analysis/
- JVMLS: Rethinking Java String Concatenation
https://inside.java/2024/08/19/jvmls-string-concatention/
- JVMLS: Project Babylon - Code Reflection
https://inside.java/2024/08/14/jvmls-code-reflection/
- JVMLS: A Code Reflection Example - Translating Java to SPIR-V
https://inside.java/2024/08/16/jvmls-spir-v/
- JVMLS: Java in 2024 Keynote
https://inside.java/2024/08/12/jvmls-keynote/
~
As always, please ping me if you encounter issues with an early-access build.
And see you next month for the Java 23 launch!
--David
