Menu
▾
▴
pmd-devel — PMD Development
You can subscribe to this list here.
| 2002 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
(768) |
Aug
(543) |
Sep
(364) |
Oct
(326) |
Nov
(182) |
Dec
(148) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2003 |
Jan
(144) |
Feb
(223) |
Mar
(339) |
Apr
(406) |
May
(128) |
Jun
(225) |
Jul
(171) |
Aug
(171) |
Sep
(153) |
Oct
(150) |
Nov
(176) |
Dec
(88) |
| 2004 |
Jan
(71) |
Feb
(28) |
Mar
(91) |
Apr
(184) |
May
(127) |
Jun
(144) |
Jul
(186) |
Aug
(78) |
Sep
(193) |
Oct
(153) |
Nov
(92) |
Dec
(177) |
| 2005 |
Jan
(223) |
Feb
(319) |
Mar
(253) |
Apr
(106) |
May
(215) |
Jun
(299) |
Jul
(341) |
Aug
(286) |
Sep
(270) |
Oct
(212) |
Nov
(283) |
Dec
(345) |
| 2006 |
Jan
(243) |
Feb
(426) |
Mar
(278) |
Apr
(254) |
May
(259) |
Jun
(197) |
Jul
(156) |
Aug
(84) |
Sep
(150) |
Oct
(719) |
Nov
(319) |
Dec
(169) |
| 2007 |
Jan
(484) |
Feb
(222) |
Mar
(61) |
Apr
(51) |
May
(63) |
Jun
(182) |
Jul
(177) |
Aug
(89) |
Sep
(46) |
Oct
(178) |
Nov
(116) |
Dec
(89) |
| 2008 |
Jan
(23) |
Feb
(198) |
Mar
(227) |
Apr
(203) |
May
(174) |
Jun
(215) |
Jul
(55) |
Aug
(152) |
Sep
(129) |
Oct
(177) |
Nov
(79) |
Dec
(84) |
| 2009 |
Jan
(91) |
Feb
(179) |
Mar
(102) |
Apr
(67) |
May
(40) |
Jun
(41) |
Jul
(43) |
Aug
(53) |
Sep
(4) |
Oct
(17) |
Nov
(48) |
Dec
(76) |
| 2010 |
Jan
(28) |
Feb
(17) |
Mar
(27) |
Apr
(9) |
May
(19) |
Jun
(50) |
Jul
(21) |
Aug
(9) |
Sep
(42) |
Oct
(30) |
Nov
(33) |
Dec
(10) |
| 2011 |
Jan
(14) |
Feb
(6) |
Mar
(18) |
Apr
(8) |
May
(4) |
Jun
(18) |
Jul
(21) |
Aug
(19) |
Sep
(298) |
Oct
(82) |
Nov
(102) |
Dec
(241) |
| 2012 |
Jan
(41) |
Feb
(29) |
Mar
(43) |
Apr
(18) |
May
(42) |
Jun
(53) |
Jul
(53) |
Aug
(43) |
Sep
(16) |
Oct
(20) |
Nov
(36) |
Dec
(26) |
| 2013 |
Jan
(15) |
Feb
(14) |
Mar
(36) |
Apr
(38) |
May
(20) |
Jun
(5) |
Jul
(6) |
Aug
(18) |
Sep
(3) |
Oct
(24) |
Nov
(14) |
Dec
(1) |
| 2014 |
Jan
(13) |
Feb
(12) |
Mar
(8) |
Apr
(19) |
May
(4) |
Jun
(4) |
Jul
(27) |
Aug
(18) |
Sep
(11) |
Oct
(15) |
Nov
(32) |
Dec
(13) |
| 2015 |
Jan
(11) |
Feb
(13) |
Mar
(21) |
Apr
(22) |
May
(32) |
Jun
(14) |
Jul
(11) |
Aug
(7) |
Sep
(33) |
Oct
(40) |
Nov
(20) |
Dec
(13) |
| 2016 |
Jan
(24) |
Feb
(16) |
Mar
(11) |
Apr
(25) |
May
(46) |
Jun
(13) |
Jul
(3) |
Aug
(3) |
Sep
(8) |
Oct
(3) |
Nov
(17) |
Dec
(9) |
| 2017 |
Jan
(6) |
Feb
(3) |
Mar
(13) |
Apr
(16) |
May
(7) |
Jun
(5) |
Jul
(30) |
Aug
(3) |
Sep
(3) |
Oct
(10) |
Nov
(2) |
Dec
(3) |
| 2018 |
Jan
(8) |
Feb
(4) |
Mar
(6) |
Apr
(2) |
May
(3) |
Jun
(3) |
Jul
(6) |
Aug
(4) |
Sep
(4) |
Oct
(4) |
Nov
(4) |
Dec
(5) |
| 2019 |
Jan
(3) |
Feb
(2) |
Mar
(3) |
Apr
(2) |
May
(3) |
Jun
(2) |
Jul
(5) |
Aug
(2) |
Sep
(5) |
Oct
(3) |
Nov
(7) |
Dec
(1) |
| 2020 |
Jan
(3) |
Feb
(2) |
Mar
(2) |
Apr
(2) |
May
(3) |
Jun
(2) |
Jul
(2) |
Aug
(2) |
Sep
(2) |
Oct
(3) |
Nov
(3) |
Dec
(2) |
| 2021 |
Jan
(2) |
Feb
(2) |
Mar
(2) |
Apr
(4) |
May
(4) |
Jun
(3) |
Jul
(4) |
Aug
(2) |
Sep
(3) |
Oct
(5) |
Nov
(1) |
Dec
(1) |
| 2022 |
Jan
(3) |
Feb
(2) |
Mar
(4) |
Apr
(2) |
May
(2) |
Jun
(3) |
Jul
(2) |
Aug
(2) |
Sep
(3) |
Oct
(1) |
Nov
(2) |
Dec
(2) |
| 2023 |
Jan
(2) |
Feb
(2) |
Mar
(2) |
Apr
(1) |
May
(2) |
Jun
(1) |
Jul
(1) |
Aug
(1) |
Sep
(1) |
Oct
(1) |
Nov
(1) |
Dec
(1) |
| 2024 |
Jan
(1) |
Feb
(1) |
Mar
(1) |
Apr
(3) |
May
(1) |
Jun
(2) |
Jul
(2) |
Aug
(2) |
Sep
(1) |
Oct
(1) |
Nov
(8) |
Dec
(2) |
| 2025 |
Jan
(1) |
Feb
(2) |
Mar
(1) |
Apr
(2) |
May
(1) |
Jun
(2) |
Jul
(1) |
Aug
(1) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: David D. <dav...@or...> - 2025-08-12 09:22:13
|
Welcome to the latest OpenJDK Quality Outreach update! Everything is on track for the General Availability of Java 25 on September 16 as the JDK 25 Release Candidate builds (RC1 - builds 35) are now available[1]. If you haven't done so yet, please start testing your project(s) using JDK 26 early-access builds and let us know the results. Changing topics, the JVM Language Summit (JVMLS) was held last week in Santa Clara (California). JVMLS is a unique event that brings together Java and JVM architects and OpenJDK developers to discuss the evolution and future directions of the platform. The first JVMLS video has just been published, with more to follow. To stay informed about the latest developments, keep an eye on this JVMLS playlist[2]. [1] https://mail.openjdk.org/pipermail/jdk-dev/2025-August/010296.html [2] https://www.youtube.com/playlist?list=PLX8CzqL3ArzUOgZpIX6GsoRhPbnij-sco # JDK 25 The JDK 25 early-access builds 35 are available[3], and are provided under the GNU General Public License v2, with the Classpath Exception. The Release Notes are available here[4]. For more details on Java 25, please refer to the “Topics of Interest” section below. ## JEPs Integrated into JDK 25: - JEP 470: PEM Encodings of Cryptographic Objects (Preview) - JEP 502: Stable Values (Preview) - JEP 503: Remove the 32-bit x86 Port - JEP 505: Structured Concurrency (5th Preview) - JEP 506: Scoped Values - JEP 507: Primitive Types in Patterns, instanceof, and switch (3rd Preview) - JEP 508: Vector API (1Oth Incubator) - JEP 509: JFR CPU-Time Profiling (Experimental) - JEP 510: Key Derivation Function API - JEP 511: Module Import Declarations - JEP 512: Compact Source Files and Instance Main Methods - JEP 513: Flexible Constructor Bodies - JEP 518: JFR Cooperative Sampling - JEP 514: Ahead-of-Time Command-Line Ergonomics - JEP 515: Ahead-of-Time Method Profiling - JEP 519: Compact Object Headers - JEP 520: JFR Method Timing & Tracing - JEP 521: Generational Shenandoah ## Changes in Recent JDK 25 Builds of Interest: - JDK-8359596: Behavior change when both -Xlint:options and -Xlint:-options flags are given [Reported by Apache Lucene] - JDK-8356698: JFR: @Contextual - JDK-8351594: JFR: Rate-limited sampling of Java events - JDK-8241678: Remove PerfData sampling via StatSampler - JDK-8356870: HotSpotDiagnosticMXBean.dumpThreads and jcmd Thread.dump_to_file updates - JDK-8350689: Turn on timestamp and thread metadata by default for java.security.debug - JDK-8354450: A File should be invalid if an element of its name sequence ends with a space - JDK-8350880: (zipfs) Add support for read-only zip file systems - JDK-8341346: Add support for exporting TLS Keying Material - JDK-8345431: Improve jar --validate to detect duplicate or invalid entries - JDK-8359170: Added 4 New Root Certificates from Sectigo Limited - JDK-8358590: JFR: Include min and max in MethodTiming event - JDK-8228773: URLClassLoader constructors should include API note warning that the parent should not be null - JDK-8356049: Need a simple way to play back a sound clip - JDK-8357955: java.lang.classfile.Signature.ArrayTypeSig.of IAE not thrown for dims > 255 - JDK-8359729: Remove the multiplex protocol from the RMI specification Note: A more exauhstive list of changes can be found here[5]. [3] https://jdk.java.net/25/ [4] https://jdk.java.net/25/release-notes [5] https://github.com/openjdk/jdk/compare/jdk-25+25...jdk-25+35 # JDK 26 The JDK 26 early-access builds 10 are available[6] and are provided under the GNU General Public License v2, with the Classpath Exception. The release notes are available here[7]. ## Changes in Recent JDK 26 Builds of Interest: - JDK-8361380: ARM32: Atomic stubs should be in pre-universe [Reported by JaCoCo] - JDK-8359170: Add 2 TLS and 2 CS Sectigo roots - JDK-8359809: AttributeList, RoleList and UnresolvedRoleList should never accept other types of Object - JDK-8268406: Deallocate jmethodID native memory - JDK-8314180: Disable XPath in XML Signatures - JDK-8330940: Impossible to create a socket backlog greater than 200 on Windows 8+ - JDK-8357653: Inner classes of type parameters emitted as raw types in signatures - JDK-8347114: JMXServiceURL should require an explicit protocol - JDK-8309399: JVMTI spec needs to clarify when OPAQUE_FRAME is thrown for reasons other than a native method - JDK-8361212: Remove AffirmTrust root CAs - JDK-8353925: Remove Sun Microsystems JCE Code Signing Root CA - JDK-8361964: Remove outdated algorithms from requirements and add PBES2 algorithms - JDK-8332623: Remove setTTL()/getTTL() methods from DatagramSocketImpl/MulticastSocket and MulticastSocket.send(DatagramPacket, byte) - JDK-8359760: Remove the jdk.jsobject module - JDK-8356557: Update CodeSource::implies API documentation and deprecate java.net.SocketPermission class for removal - JDK-8310932: [win] Install the JDK in a per-release directory pointed to by a shared junction - JDK-8359956: Support algorithm constraints and certificate checks in SunX509 key manager - JDK-8359395: XML signature generation does not support user provided SecureRandom - JDK-8356645: Javac should utilize new ZIP file system read-only access mode Note: A complete list of changes can be found here[8]. [6] https://jdk.java.net/26/ [7] https://jdk.java.net/26/release-notes [8] https://github.com/openjdk/jdk/compare/jdk-26+1...jdk-26+10 # Topics of Interest - Java 25 Encodes PEM https://inside.java/2025/06/19/newscast-93/ - JDK 25: Just Be Lazy https://inside.java/2025/07/29/just-be-lazy/ - JDK 25: A Sneak Peek at the Stable Values API https://inside.java/2025/07/22/javaone-stablevalues/ - Java 25 is ALSO no LTS Version https://inside.java/2025/07/03/newscast-94/ - JVMLS: The not-so-final word on `final` https://inside.java/2025/08/12/jvmls-final-to-immutable/ - HTTP/3 in Java https://inside.java/2025/07/31/newscast-96/ - Project Leyden's AOT / Shifting Java Startup into High Gear https://inside.java/2025/06/29/javaone-leyden-aot/ - Java Security Evolution - Out with the Old, In with the New https://inside.java/2025/07/20/javaone-security/ - Java GPGPU Enablement: Are We There Yet? https://inside.java/2025/07/14/javaone-hat/ - Podcast “Deprecations & Removals” with Stuart Marks https://inside.java/2025/07/28/podcast-039/ - Podcast “Integrity by Default” with Ron Pressler https://inside.java/2025/06/24/podcast-038/ - A New Model for Java Object Initialization https://inside.java/2025/07/27/javaone-object-initialization/ - ZGC: Paving the GC On-Ramp https://inside.java/2025/07/10/javaone-zgc/ - Marshalling: Data-Oriented Serialization https://inside.java/2025/07/08/javaone-marshalling/ - Interconnecting Java and Native Code with the FFM API https://inside.java/2025/06/14/javaone-ffm/ - FFM vs. Unsafe. Safety (Sometimes) Has a Cost https://inside.java/2025/06/12/ffm-vs-unsafe/ - Java Gets a JSON API https://inside.java/2025/07/17/newscast-95/ ~ That’s it for now. If you run into any issues while testing your projects with the latest JDK 26 early-access builds, don’t hesitate to reach out. The end of summer is going to be exciting and busy with the Java 25 launch coming up, so stay tuned! PS: If you no longer wish to receive OpenJDK Quality Outreach updates, please let me know. --David |
|
From: David D. <dav...@or...> - 2025-06-06 07:36:10
|
Welcome to the June installment of the OpenJDK Quality Outreach update. JDK 25, scheduled for General Availability on September 16, 2025, has entered Rampdown Phase One (RDP1)[1]. The JDK 25 feature set is now frozen (see JDK 25 details below), and only low-risk enhancements will be considered. Please help us identify potential issues in the coming weeks by testing your projects on JDK 25 EA builds. With enough lead time, we can resolve them before JDK 25 transitions to the Release Candidate phase in early August[2]. Be make sure to review the JDK 25 heads-ups below; two of them pertain to changes in file operations on Windows. Last but certainly not least, you are invited to attend next week’s JCP EC online public meeting, where Alex Buckley will give a presentation on Tip & Tail Development—a topic particularly relevant for open-source project maintainers. See [3] for details, the meeting will be recorded. [1] https://mail.openjdk.org/pipermail/jdk-dev/2025-June/010191.html [2] https://openjdk.org/projects/jdk/25/ [3] https://jcp.org/aboutJava/communityprocess/ec-public/materials/2025-06-10/JCP-EC-Public-Agenda-June-2025.html # Heads-up - JDK 25: java.io.File.delete no longer deletes read-only files on Windows `File.delete` has been changed on Windows so that it now fails and returns `false` for regular files when the DOS read-only attribute is set. Prior to JDK 25, `File.delete` would delete read-only files by first removing the DOS read-only attribute before attempting deletion. However, because removing the attribute and deleting the file are not a single atomic operation, this could result in the file remaining but with modified attributes if the deletion failed. Applications that depend on the previous behavior should be updated to clear the file attributes before deleting files. To ease the transition, a system property has been introduced to restore the previous behavior. Running with `-Djdk.io.File.allowDeleteReadOnlyFiles=true` will cause `File.delete` to remove the DOS read-only attribute before attempting deletion, restoring the legacy behavior. See https://bugs.openjdk.org/browse/JDK-8355954 for more details. # Heads-up - JDK 25: File operations on Windows now always fail if the used name ends with a space File operations on a path with a trailing space in a directory or file name, e.g. "C:\\SomeFolder\\SomeFile ", now fail consistently on Windows. For example. `File::mkdir` will return `false`, or `File::createNewFile` will throw `IOException` if an element in the path has a trailing space. Such pathnames are not legal on Windows. Prior to JDK 25, operations on a `File` created from such an illegal abstract pathname could appear to succeed when in fact they did not. See https://bugs.openjdk.org/browse/JDK-8354450 for more details. # Heads-up - JDK 25: Separate Metaspace and GC Printing Historically the printing of Metaspace and GC logs have been combined; this was a result of permanent generation (PermGen) being a part of the GC Heap. However, Metaspace has replaced PermGen and resides in its own native memory location outside of the GC Heap. With Metaspace no longer a part of the GC Heap, the reason for combining the messaging no longer makes sense and could lead to confusion. Starting with JDK 25, the way logging is tagged in the HotSpot JVM will change: although the content of the logs will remain the same, messages related to Metaspace will now use the existing Metaspace tag. As part of this update, there are also some user-facing changes to `jcmd`. To better clarify that Metaspace is not part of the GC Heap, Metaspace information is no longer displayed with the `GC.heap_info` command. Instead, details about Metaspace memory usage have been moved to the `VM.metaspace` command. See https://bugs.openjdk.org/browse/JDK-8356848 for more details. # JDK 25 The JDK 25 early-access builds 25 are available[4] and are provided under the GNU General Public License v2, with the Classpath Exception. The Release Notes are available here[5]. Please refer to the “Topics of Interest” section at the end of this update for additional information on JDK 25. ## JEPs integrated in JDK 25: - JEP 470: PEM Encodings of Cryptographic Objects (Preview) - JEP 502: Stable Values (Preview) - JEP 503: Remove the 32-bit x86 Port - JEP 505: Structured Concurrency (5th Preview) - JEP 506: Scoped Values - JEP 507: Primitive Types in Patterns, instanceof, and switch (3rd Preview) - JEP 508: Vector API (10th Incubator) - JEP 509: JFR CPU-Time Profiling (Experimental) - JEP 510: Key Derivation Function API - JEP 511: Module Import Declarations - JEP 512: Compact Source Files and Instance Main Methods - JEP 513: Flexible Constructor Bodies - JEP 514: Ahead-of-Time Command-Line Ergonomics - JEP 515: Ahead-of-Time Method Profiling - JEP 518: JFR Cooperative Sampling - JEP 519: Compact Object Headers - JEP 520: JFR Method Timing & Tracing - JEP 521: Generational Shenandoah ## Changes in recent JDK 25 builds that may be of interest: - JDK-8340321: Disable SHA-1 in TLS/DTLS 1.2 handshake signatures - JDK-8354276: Strict HTTP header validation - JDK-8356848: Separate Metaspace and GC printing - JDK-8355954: java.io.File.delete no longer deletes read-only files on Windows - JDK-8353440: Disable FTP fallback for non-local file URLs by default - JDK-8354908: javac mishandles supplementary character in character literal - JDK-8355360: -d option of jwebserver command should accept relative paths - JDK-8354084: Streamline XPath API's extension function control - JDK-8354305: SHAKE128 and SHAKE256 MessageDigest algorithms - JDK-8343110: Add getChars(int, int, char[], int) to CharSequence and CharBuffer - JDK-8356154: Respecify java.net.Socket constructors that allow creating UDP sockets to throw IllegalArgumentException - JDK-8322810: Lambda expression types can't be classes - JDK-8352612: No way to add back lint categories after "none" - JDK-8348732: SunJCE and SunPKCS11 have different PBE key encodings - JDK-8350498: Remove two Camerfirma root CA certificates - JDK-8350441: ZGC: Overhaul Page Allocation - JDK-8347337: ZGC: String dedups short-lived strings - JDK-8350279: HttpClient: Add a new HttpResponse method to identify connections - JDK-8350753: Deprecate UseCompressedClassPointers - JDK-8254622: Hide superclasses from conditionally exported packages - JDK-8346465: Add a check in setData() to restrict the update of Built-In ICC_Profiles - JDK-8347472: Correct Attribute traversal and writing for Code attributes - JDK-8351654: Agent transformer bytecodes should be verified - JDK-8348967: Deprecate security permission classes for removal - JDK-8353642: Deprecate URL::getPermission method and networking permission classes for removal - JDK-8353856: Deprecate FlighRecorderPermission class for removal - JDK-8353614: JFR: jfr print --exact - JDK-8346109: Create JDK taglet for additional preview notes - JDK-8285888: Clarify that java.net.http.HttpClient do NOT support Digest authentication - JDK-8350542: Optional.orElseThrow(Supplier) does not specify behavior when supplier returns null - JDK-8342206: Convenience method to check if a constant pool entry matches nominal descriptors Note: For a more exhaustive list of changes, please see here[6]. [4] https://jdk.java.net/25/ [5] https://jdk.java.net/25/release-notes [6] https://github.com/openjdk/jdk/compare/jdk-25+17...jdk-25+25 # JavaFX 25 Early-Access Builds These are early access builds of the JavaFX 25 Runtime, built from the openjdk/jfx repository. They enable JavaFX application developers to build and test their applications with JavaFX 25 on JDK 25. Although these builds are designed to work with JDK 25 EA, they are also compatible with JDK 22 and later versions. The latest early access builds of JavaFX 25 Builds 18 (2025/5/23) are available[7], under the GNU General Public License, version 2, with the Classpath Exception. JavaFX 25 API Javadocs[8] are available too. [7] https://jdk.java.net/javafx25/ [8] https://download.java.net/java/early_access/javafx25/docs/api/overview-summary.html # JavaFX Direct3D 12 Early-Access Builds These are early access builds of JavaFX from the "direct3d12" branch of the openjdk/jfx-sandbox repository[9], which implement the new Direct3D 12 graphics rendering pipeline for Windows x64. The goal of these EA builds is to solicit feedback as we work toward integrating this functionality into JavaFX. Binaries[10] are provided for convenience, so users do not need to build from source. Feedback can be reported to the openjfx-dev mailing list[11]. These builds are provided under the GNU General Public License, version 2, with the Classpath Exception, and are based on an incomplete version of JavaFX 25. [9] https://github.com/openjdk/jfx-sandbox/tree/direct3d12 [10] https://jdk.java.net/javafxdirect3d12/ [11] https://mail.openjdk.org/pipermail/openjfx-dev/ # Topics of Interest - Java 25 Brings 18 JEPs - Inside Java Newscast https://inside.java/2025/06/05/newscast-92/ - Strings Just Got Faster in JDK 25 https://inside.java/2025/05/01/strings-just-got-faster/ - What's new for JFR in JDK 25 https://egahlin.github.io/2025/05/31/whats-new-in-jdk-25.html - Structured Concurrency Revamp in Java 25 - Inside Java Newscast https://inside.java/2025/05/08/newscast-91/ - Where Is the Java Language Going? https://inside.java/2025/04/20/javaone-future-java/ - Java for AI https://inside.java/2025/05/03/javaone-java-ai/ - Pattern Matching in Java: Better Code, Better APIs https://inside.java/2025/05/24/javaone-pattern-matching/ - Towards a JSON API for the JDK https://mail.openjdk.org/pipermail/core-libs-dev/2025-May/145905.html - Modern Java Development with Tip & Tail https://inside.java/2025/05/17/javaone-tip-tail/ - Java 24, Faster Than Ever https://inside.java/2025/05/17/javaone-faster-jdk24/ - “Ahead of Time Computation” with Dan Heidinga - Inside Java Podcast https://inside.java/2025/05/16/podcast-036/ - “Stream Gatherers” with Viktor Klang - Inside Java Podcast https://inside.java/2025/05/05/podcast-035/ - Garbage Collection in Java: The Performance Benefits of Upgrading https://inside.java/2025/05/14/javaone-garbage-collection/ - JavaFX 24 and Beyond https://inside.java/2025/05/10/javaone-javafx/ - JDK 24 Security Enhancements https://seanjmullan.org/blog/2025/04/07/jdk24 ~ This concludes the update for now. Should you experience any difficulties while testing your projects with the latest JDK early-access builds, just ping me. PS: If you no longer wish to receive OpenJDK Quality Outreach updates, please let me know. --David |
|
From: David D. <dav...@or...> - 2025-04-07 16:33:47
|
Greetings and welcome to the latest OpenJDK Quality Outreach update! JDK 24 was officially released (General Availability) on March 18th during JavaOne. You can rewatch the Java 24 launch and the J1 keynote here [1]. Be sure to also check out the Quality Outreach section here [2]. JavaOne was amazing, and if you couldn't attend, make sure to watch the JavaOne 2025 playlist [3] regularly as sessions are gradually being added. With the release of JDK 24, the focus now moves to JDK 25 testing. On that note, be sure to check out the heads-up below, with more to follow. And as always, if you experience any issues with your project running on a JDK 25 early-access builds, please don't hesitate to reach out. [1] https://www.youtube.com/watch?v=mk_2MIWxLI0&t=12s [2] https://www.youtube.com/live/GwR7Gvi80Xo?si=gxdqAhVbnNV0JZGt&t=2795 [3] https://www.youtube.com/playlist?list=PLX8CzqL3ArzVV1xRJkRbcM2tOgVwytJAi # Heads-up - JDK 25: New Null Checks in Inner Class Constructors The Java Language Specification prescribes that various use sites of inner class constructors should include null checks of the immediately enclosing instance and from then on assumes that the reference is non-null. However, it does not mandate such checks of the incoming instance at the declaration site of these constructors and so core reflection, method handles, and direct bytecode invocation can pass null as enclosing instance, which can lead to NullPointerExceptions down the road. Since a null enclosing instance is outside of the JLS and the future evolution of inner classes may lead to unexpected NPEs, Java 25 will start ensuring that references to the immediately enclosing instance are always non-null. Starting with JDK 25, when javac is targeting release 25 or higher, it will emit null checks for the enclosing instances in inner class constructors. This behavioral change will lead to new NPEs in code that uses core reflection, method handles, or direct bytecode invocation to pass null as enclosing instance. Such code is rare and usually found in libraries or frameworks (as opposed to in applications). It should be changed to no longer pass a null reference. In case these additional checks lead to issues, their emission can be prevented with a flag: `-XDnullCheckOuterThis=(true|false)`. This should be seen as a temporary workaround and no guarantees are made for how long this flag will be available. For more details, check JDK-8351274 [4]. [4] https://bugs.openjdk.org/browse/JDK-8351274 # JDK 25 The JDK 25 early-access builds 17 are available [5] and are provided under the GNU General Public License v2, with the Classpath Exception. The Release Notes are available here [6]. The following JEPs have been targeted to JDK 25, so far: - JEP 502: Stable Values (Preview) - JEP 503: Remove the 32-bit x86 Port ## Changes in recent JDK 25 builds that may be of interest: - JDK-8353118: Deprecate the use of `java.locale.useOldISOCodes` system property - JDK-8351435: Change the default Console implementation back to the built-in one in `java.base` module - JDK-8350459: MontgomeryIntegerPolynomialP256 multiply intrinsic with AVX2 on x86_64 - JDK-8349583: Add mechanism to disable signature schemes based on their TLS scope - JDK-8338675: javac shouldn't silently change .jar files on the classpath - JDK-8319447: Improve performance of delayed task handling - JDK-8341775: Duplicate manifest files are removed by jarsigner after signing - JDK-8303770: Remove Baltimore root certificate expiring in May 2025 - JDK-8346948: Update CLDR to Version 47.0 - JDK-8348829: Remove ObjectMonitor perf counters - JDK-8164714: Constructor.newInstance creates instance of inner class with null outer class - JDK-8352716: (tz) Update Timezone Data to 2025b - JDK-8347946: Add API note that caller should validate/trust signers to the getCertificates and getCodeSigners methods of JarEntry and JarURLConnection - JDK-8345213: JVM Prefers /etc/timezone Over /etc/localtime on Debian 12 - JDK-8350646: Calendar.Builder.build() Throws ArrayIndexOutOfBoundsException - JDK-8347433: Deprecate XML interchange in java.management/javax/management/modelmbean/DescriptorSupport for removal - JDK-8328119: Support HKDF in SunPKCS11 (Preview) - JDK-8327378: XMLStreamReader throws EOFException instead of XMLStreamException - JDK-8024695: new File("").exists() returns false whereas it is the current working directory - JDK-8351224: Deprecate com.sun.tools.attach.AttachPermission for removal - JDK-8351310: Deprecate com.sun.jdi.JDIPermission for removal - JDK-8348561: Add aarch64 intrinsics for ML-DSA - JDK-8351266: JFR: -XX:StartFlightRecording:report-on-exit - JDK-8350638: Make keyboard navigation more usable in API docs - JDK-8350464: The flags to set the native priority for the VMThread and Java threads need a broader range - JDK-8349860: Make Class.isArray(), Class.isInterface() and Class.isPrimitive() non-native - JDK-8347335: ZGC: Use limitless mark stack memory - JDK-8348596: Update FreeType to 2.13.3 Note: A more exhaustive list of changes can be found here [7]. [5] https://jdk.java.net/25/ [6] https://jdk.java.net/25/release-notes [7] https://github.com/openjdk/jdk/compare/jdk-25+10...jdk-25+17 # JavaFX 25 Early-Access Builds These are early access builds of the JavaFX 25 Runtime built from openjdk/jfx [8]. These builds enable JavaFX application developers to build and test their applications with JavaFX 25 on JDK 25. Although these builds are designed to work with JDK 25-EA builds, they are also known to work with JDK 22 and later versions. The latest early access builds of JavaFX 25 Builds 11 (2025/4/4) are now available [9], under the GNU General Public License, version 2, with the Classpath Exception. JavaFX 25 API Javadocs [10] are available too. [8] https://github.com/openjdk/jfx [9] https://jdk.java.net/javafx25/ [10] https://download.java.net/java/early_access/javafx25/docs/api/overview-summary.html # Topics of Interest - The Arrival of Java 24 https://blogs.oracle.com/java/post/the-arrival-of-java-24 - Performance Improvements in JDK 24 https://inside.java/2025/03/19/performance-improvements-in-jdk24/ - Java 24 - Better Language, Better APIs, Better Runtime https://inside.java/2025/03/01/jfokus-better-jdk24/ - JDK 24 Release Notes Overview - Security Update https://inside.java/2025/04/05/java-24-security-notes/ - JDK 24 Release Notes Review for Developers https://inside.java/2025/03/13/newscast-87/ - JDK 24 Release Notes Overview for Operations https://inside.java/2025/03/29/java-24-for-ops/ - JDK 24 G1/Parallel/Serial GC Changes https://tschatzl.github.io/2025/04/01/jdk24-g1-serial-parallel-gc-changes.html - Scoped Values in Java 24 https://inside.java/2025/02/27/newscast-86/ - Stable Values in Java 25 https://inside.java/2025/03/27/newscast-88/ - New Write Barriers for G1 http://tschatzl.github.io/2025/02/21/new-write-barriers.html - SuperWord (Auto-Vectorization) - Scheduling https://eme64.github.io/blog/2023/05/16/SuperWord-Scheduling.html ~ That's it for this time. Feel free to reach out if you encounter any issues while testing your project(s) with the latest JDK early-access builds. --David |
|
From: David D. <dav...@or...> - 2025-02-11 16:00:22
|
Welcome to the first OpenJDK Quality Outreach update of 2025! The first Release Candidate builds of JDK 24 are now available [1] and tt this stage, only P1 issues will be evaluated. With the JDK 24 General Availability set for March 18th, the attention is now turning to JDK 25. JDK 24 will officially launch at JavaOne in Redwood Shores, CA [2]. If you're attending or planning to attend JavaOne, please reach out as I’m planning a Quality Outreach gathering. To conclude, make sure to take a look at the heads-up below. [1] https://jdk.java.net/24/ [2] https://javaone.com/ # Heads-up - JDK 24: Remote Debugging with `jstat` and `jhsdb` is Deprecated for Removal Java's Remote Method Invocation (RMI), introduced in 1997, enables remote procedure calls between different JVMs. RMI relies on serialization to encode objects into byte streams when sending them as arguments and return values between JVMs. Both technologies have long-term security issues and configuration challenges, and they haven't withstood the test of time. Today, the broader ecosystem has moved away from RMI in favor of more web-friendly protocols, and as a result, Java is also gradually reducing and eliminating its dependencies on it where possilbe. Among other tools, Java offers these two tools to connect to a local HotSpot JVM and observe or debug it as well as the program it executes: - `jstat` reads performance counters - `jhsdb` provides snapshot debugging and analysis features Both `jstat` and `jhsdb` offer remote capabilities, which are implemented using RMI. Due to the aforementioned effort to reduce dependencies on RMI, the remote capabilities of `jstat` and `jhsdb` are deprecated for removal in JDK 24: - JDK-8327793 [3]: `jstatd` allows remote connections with jstat - JDK-8338894 [4]: `jhsdb debugd` (allows remote connections with `jhsdb`) as well as the `--connect` option of the `jhsdb` subcommands `hsdb` and `clhsdb` Please note that `jstat` and `jhsdb`'s capabilities for local use remain available and there are no plans to change that. It should also be mentionned that JFR (JDK Flight Recorder) offers a modern alternative for getting remote insights into a running HotSpot JVM. Questions or feedback on these deprecations can be directed at the serviceability-dev mailing list [5] (subscription required). [3] https://bugs.openjdk.org/browse/JDK-8327793 [4] https://bugs.openjdk.org/browse/JDK-8338894 [5] https://mail.openjdk.org/mailman/listinfo/serviceability-dev # Heads-up - JDK 25: Proposal to Deprecate for Removal `-UseCompressedClassPointers` ## Reducing Code and Test Complexity Shortly after the adoption of 64-bit architectures the `-XX:[-|+]UseCompressedClassPointers` and `-XX:[-|+]UseCompressedOops` arguments were added to provide Java users the ability to enable using 32-bit references even when on a 64-bit architecture. This reduces memory overhead and helps reduce cache misses. You can read more about this here [6]. Removing the `-UseCompressedClassPointers` option would make `+UseCompressedClassPointers` the default case and reduce the number of configurations that would need to be supported from three to two (`+UseCompressedClassPointers` and `+UseCompactObjectHeaders`). This would also significantly reduce code complexity as well as testing effort. Along with this, `-UseCompressedClassPointers` does not work well in a 64-bit architecture as can be seen here [7], it’s suspected there are many more examples. ## Minimal Benefit The `-UseCompressedClassPointers` use rarely provides any tangible benefit to Java users. Any historical connection with the `-UseCompresseedOops`flag has long since been removed, and the net result of using `-UseCompressedClassPointers` is simply increased memory overhead. ## Reasons to Keep `-UseCompressedClassPointers` There are currently two reasons to continue supporting `-UseCompressedClassPointers`: - `-UseCompressedClassPointers` works well in 32-bit operating systems. However support for 32-bit operating systems is on its way out with JEP 479: 'Remove the Windows 32-bit x86 Port' [8] and JEP 501: 'Deprecate the 32-bit x86 Port for Removal' [9] which are both in forthcoming JDK 24. - In cases where more than 5 million classes are loaded. However such cases are rare, likely the result of programmer error, and would also mean loading likely tens of GBs of non-class data into metaspace as well. For more on this topic, check this thread [10] on the hotspot-dev mailing list. The engineers working on this are considering marking `-UseCompressedClassPointers` as deprecated for removal in JDK 25 and are looking for feedback on the impact this could have. Please direct questions and feedback to the lilliput-dev [11] mailing list (registration required). [6] https://stuefe.de/posts/metaspace/what-is-compressed-class-space/ [7] https://github.com/openjdk/jdk/pull/23053 [8] https://openjdk.org/jeps/479 [9] https://openjdk.org/jeps/501 [10] https://mail.openjdk.org/pipermail/hotspot-dev/2025-February/101023.html [11] https://mail.openjdk.org/pipermail/lilliput-dev/ # Heads-Up - Distrust New TLS Server Certificates Issued by Camerfirma Root Certificates The Java Cryptographic Roadmap has been updated to reflect how the JDK will stop trusting new TLS server certificates issued by Camerfirma, aligning with similar actions taken by Apple, Google, Microsoft, and Mozilla. In short, TLS Server certificates issued on or before April 15, 2025 will continue to be trusted until they expire while new certificates issued after that date will be rejected. JDK 24 will be one of the many versions affected by this change. For more details, please check the latest Java Cryptographic Roadmap [12]. [12] https://www.java.com/en/jre-jdk-cryptoroadmap.html # Heads-Up - JavaFX Metal Early-Access builds Early access builds of JavaFX that implement the new macOS Metal graphics rendering pipeline are now available [13]. These EA builds are provided as a convenience, so users don't have to build from the "metal" branch of the openjdk/jfx-sandbox repository [14]. The goal of these early access builds is to gather feedback as the team works on incorporating this feature into JavaFX. Feedback can be reported to the openjfx-dev mailing list [15] (subscription required). These builds are based on an incomplete version of JavaFX 25. Moreover, the initial JavaFX 25 early-access builds are now also available [16]. [13] https://jdk.java.net/javafxmetal/ [14] https://github.com/openjdk/jfx-sandbox/tree/metal [15] https://mail.openjdk.org/pipermail/openjfx-dev/ [16] https://jdk.java.net/javafx25/ # JDK 24 Release Candidates The JDK 24 Release Candidate builds (builds 36) are available [17] and are provided under the GNU General Public License v2, with the Classpath Exception. The Release Notes are available here [18], and the javadocs here [19]. [17] https://jdk.java.net/24/ [18] https://jdk.java.net/24/release-notes [19] https://download.java.net/java/early_access/jdk24/docs/api/ # JDK 25 Early-Access Builds The JDK 25 early-access builds 9 are now available [20] and are provided under the GNU General Public License v2, with the Classpath Exception. The initial Release Notes are available here [21]. ## Changes in recent JDK 25 builds that may be of interest: - JDK-8347949: Currency method to stream available Currencies - JDK-8344168: Change Unsafe base offset from int to long - JDK-8347506: Compatible OCSP readtimeout property with OCSP timeout - JDK-8346587: Distrust TLS server certificates anchored by Camerfirma Root CAs - JDK-8345045: Remove the jmx.remote.x.buffer.size JMX notification property - JDK-8345049: Remove the jmx.tabular.data.hash.map compatibility property - JDK-8344976: Remove the jmx.invoke.getters compatibility property - JDK-8345048: Remove the jmx.extend.open.types compatibility property - JDK-8328919: Add BodyHandlers / BodySubscribers methods to handle excessive server input - JDK-8344966: Remove the allowNonPublic MBean compatibility property - JDK-8347596: Update HSS/LMS public key encoding - JDK-8283795: Add TLSv1.3 and CNSA 1.0 algorithms to implementation requirements - JDK-8225763: Inflater and Deflater should implement AutoCloseable - JDK-8345432: (ch, fs) Replace anonymous Thread with InnocuousThread - JDK-8345259: Disallow ALL-MODULE-PATH without explicit --module-path - JDK-8344137: Update XML Security for Java to 3.0.5 - JDK-8334581: Remove no-arg constructor BasicSliderUI() - JDK-8335428: `ProcessBuilder` on Windows Quotes Argument Strings Containing Any Space Character - JDK-8287788: Implement a better allocator for downcalls - JDK-8347965: (tz) Update Timezone Data to 2025a Note: A complete list of changes can be found here [22]. [20] https://jdk.java.net/25/ [21] https://jdk.java.net/25/release-notes [22] https://github.com/openjdk/jdk/compare/jdk-25+1...jdk-25+9 # Topics of Interest Java Language Evolution in 2025 https://inside.java/2025/01/30/newscast-84/ Java's Plans for 2025 https://inside.java/2025/01/16/newscast-83/ A Deep Dive into JVM Start-up https://inside.java/2025/01/28/jvm-start-up/ Modern Java Deep Dive https://inside.java/2025/02/09/devoxxbelgium-modern-java-deepdive/ Java Performance Update https://inside.java/2025/01/26/devoxxbelgium-java-perfromance-update/ Podcast - “Doc, JavaDoc and Markdown” with Jonathan Gibbons https://inside.java/2025/01/21/podcast-034/ Evolution of Java Ecosystem for Integrating AI https://inside.java/2025/01/29/evolution-of-java-ecosystem-for-integrating-ai/ Peaceful and Bright Future of Integrity by Default in Java https://inside.java/2025/01/03/evolving-default-integrity/ James Gosling on Java - Historical Oddities & Persistent Itches #JVMLS https://inside.java/2024/12/28/jvmls-jamesgosling/ ~ I’d like to thank everyone who has already provided feedback on the JDK 25 builds. Your input is incredibly valuable, especially when received early in the development cycle. And if you encounter any issues, please ping me. Hope to see some of you at JavaOne! --David |
|
From: Andreas D. <and...@pm...> - 2025-01-31 10:32:34
|
* Downloads: https://github.com/pmd/pmd/releases/tag/pmd_releases%2F7.10.0 * Documentation: https://docs.pmd-code.org/pmd-doc-7.10.0/ 31-January-2025 - 7.10.0 The PMD team is pleased to announce PMD 7.10.0. This is a minor release. Table Of Contents * 🚀 New and noteworthy <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#new-and-noteworthy> o 🚀 New: Java 24 Support <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#new-java-24-support> o New GPG Release Signing Key <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#new-gpg-release-signing-key> o Updated PMD Designer <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#updated-pmd-designer> * 🌟 New and changed rules <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#new-and-changed-rules> o New Rules <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#new-rules> * 🐛 Fixed Issues <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#fixed-issues> * 🚨 API Changes <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#api-changes> o Removed Experimental API <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#removed-experimental-api> * ✨ Merged pull requests <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#merged-pull-requests> * 📦 Dependency updates <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#dependency-updates> * 📈 Stats <https://sourceforge.net/p/pmd/news/2025/01/pmd-7100-31-january-2025-released/#stats> 🚀 New and noteworthy 🚀 New: Java 24 Support This release of PMD brings support for Java 24. There are no new standard language features, but a couple of preview language features: * JEP 488: Primitive Types in Patterns, instanceof, and switch (Second Preview) <https://openjdk.org/jeps/488> * JEP 492: Flexible Constructor Bodies (Third Preview) <https://openjdk.org/jeps/492> * JEP 494: Module Import Declarations (Second Preview) <https://openjdk.org/jeps/494> * JEP 495: Simple Source Files and Instance Main Methods (Fourth Preview) <https://openjdk.org/jeps/495> In order to analyze a project with PMD that uses these preview language features, you'll need to enable it via the environment variable |PMD_JAVA_OPTS| and select the new language version |24-preview|: |exportPMD_JAVA_OPTS=--enable-preview pmdcheck--use-versionjava-24-preview... | Note: Support for Java 22 preview language features have been removed. The version "22-preview" is no longer available. New GPG Release Signing Key Since January 2025, we switched the GPG Key we use for signing releases in Maven Central to be A0B5CA1A4E086838 <https://keyserver.ubuntu.com/pks/lookup?search=0x2EFA55D0785C31F956F2F87EA0B5CA1A4E086838&fingerprint=on&op=index>. The full fingerprint is |2EFA 55D0 785C 31F9 56F2 F87E A0B5 CA1A 4E08 6838|. This step was necessary, as the passphrase of the old key has been compromised and therefore the key is not safe to use anymore. While the key itself is not compromised as far as we know, we still decided to generate a new key, just to be safe. As until now (January 2025) we are not aware, that the key actually has been misused. The previous releases of PMD in Maven Central can still be considered untampered, as Maven Central is read-only. This unexpected issue was discovered while checking Reproducible Builds <https://reproducible-builds.org/> by a third party. The security advisory about the compromised passphrase is tracked as GHSA-88m4-h43f-wx84 <https://github.com/pmd/pmd/security/advisories/GHSA-88m4-h43f-wx84> and CVE-2025-23215 <https://www.cve.org/CVERecord?id=CVE-2025-23215>. Updated PMD Designer This PMD release ships a new version of the pmd-designer. For the changes, see PMD Designer Changelog (7.10.0) <https://github.com/pmd/pmd-designer/releases/tag/7.10.0>. 🌟 New and changed rules New Rules * The new Java rule |ExhaustiveSwitchHasDefault| <https://docs.pmd-code.org/pmd-doc-7.10.0/pmd_rules_java_bestpractices.html#exhaustiveswitchhasdefault> finds switch statements and expressions, that cover already all cases but still have a default case. This default case is unnecessary and prevents getting compiler errors when e.g. new enum constants are added without extending the switch. 🐛 Fixed Issues * apex * #5388 <https://github.com/pmd/pmd/issues/5388>: [apex] Parse error with time literal in SOQL query * #5456 <https://github.com/pmd/pmd/issues/5456>: [apex] Issue with java dependency apex-parser-4.3.1 but apex-parser-4.3.0 works * apex-security * #3158 <https://github.com/pmd/pmd/issues/3158>: [apex] ApexSuggestUsingNamedCred false positive with Named Credential merge fields * documentation * #2492 <https://github.com/pmd/pmd/issues/2492>: [doc] Promote wiki pages to standard doc pages * java * #5154 <https://github.com/pmd/pmd/issues/5154>: [java] Support Java 24 * java-performance * #5311 <https://github.com/pmd/pmd/issues/5311>: [java] TooFewBranchesForSwitch false positive for exhaustive switches over enums without default case 🚨 API Changes Removed Experimental API * pmd-java * |net.sourceforge.pmd.lang.java.ast.ASTTemplate|, |net.sourceforge.pmd.lang.java.ast.ASTTemplateExpression|, |net.sourceforge.pmd.lang.java.ast.ASTTemplateFragment|: These nodes were introduced with Java 21 and 22 Preview to support String Templates. However, the String Template preview feature was not finalized and has been removed from Java for now. We now cleaned up the PMD implementation of it. ✨ Merged pull requests * #5327 <https://github.com/pmd/pmd/pull/5327>: [apex] Update apex-parser and summit-ast - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #5412 <https://github.com/pmd/pmd/pull/5412>: [java] Support exhaustive switches - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #5449 <https://github.com/pmd/pmd/pull/5449>: Use new gpg key (A0B5CA1A4E086838) - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #5458 <https://github.com/pmd/pmd/pull/5458>: [doc] Move Wiki pages into main documentation, cleanups - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #5471 <https://github.com/pmd/pmd/pull/5471>: [java] Support Java 24 - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #5488 <https://github.com/pmd/pmd/pull/5488>: [apex] Fix #3158: Recognize Named Credentials merge fields in ApexSuggestUsingNamedCredRule - William Brockhus <https://github.com/YodaDaCoda> (@YodaDaCoda) 📦 Dependency updates * #5423 <https://github.com/pmd/pmd/pull/5423>: Bump PMD from 7.8.0 to 7.9.0 * #5433 <https://github.com/pmd/pmd/pull/5433>: Bump org.codehaus.mojo:exec-maven-plugin from 3.2.0 to 3.5.0 * #5434 <https://github.com/pmd/pmd/pull/5434>: Bump commons-logging:commons-logging from 1.3.0 to 1.3.4 * #5435 <https://github.com/pmd/pmd/pull/5435>: Bump org.apache.maven.plugins:maven-enforcer-plugin from 3.4.1 to 3.5.0 * #5436 <https://github.com/pmd/pmd/pull/5436>: Bump the all-gems group across 2 directories with 1 update * #5445 <https://github.com/pmd/pmd/pull/5445>: Bump org.junit.platform:junit-platform-commons from 1.11.2 to 1.11.4 * #5446 <https://github.com/pmd/pmd/pull/5446>: Bump org.sonarsource.scanner.maven:sonar-maven-plugin from 3.10.0.2594 to 5.0.0.4389 * #5459 <https://github.com/pmd/pmd/pull/5459>: Bump org.apache.maven.plugins:maven-gpg-plugin from 3.1.0 to 3.2.7 * #5460 <https://github.com/pmd/pmd/pull/5460>: Bump org.apache.commons:commons-text from 1.12.0 to 1.13.0 * #5461 <https://github.com/pmd/pmd/pull/5461>: Bump com.google.protobuf:protobuf-java from 4.29.1 to 4.29.3 * #5472 <https://github.com/pmd/pmd/pull/5472>: Bump net.bytebuddy:byte-buddy-agent from 1.15.11 to 1.16.1 * #5473 <https://github.com/pmd/pmd/pull/5473>: Bump org.sonatype.plugins:nexus-staging-maven-plugin from 1.6.13 to 1.7.0 * #5474 <https://github.com/pmd/pmd/pull/5474>: Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.23.0 to 0.23.1 * #5475 <https://github.com/pmd/pmd/pull/5475>: Bump liquid from 5.6.0 to 5.7.0 in the all-gems group across 1 directory * #5479 <https://github.com/pmd/pmd/pull/5479>: Bump pmd-designer from 7.2.0 to 7.10.0 * #5480 <https://github.com/pmd/pmd/pull/5480>: Bump scalameta.version from 4.9.1 to 4.12.7 * #5481 <https://github.com/pmd/pmd/pull/5481>: Bump liquid from 5.7.0 to 5.7.1 in the all-gems group across 1 directory * #5482 <https://github.com/pmd/pmd/pull/5482>: Bump org.codehaus.mojo:versions-maven-plugin from 2.17.1 to 2.18.0 * #5483 <https://github.com/pmd/pmd/pull/5483>: Bump org.jetbrains.dokka:dokka-maven-plugin from 1.9.20 to 2.0.0 * #5484 <https://github.com/pmd/pmd/pull/5484>: Bump com.github.hazendaz.maven:coveralls-maven-plugin from 4.5.0-M5 to 4.5.0-M6 * #5485 <https://github.com/pmd/pmd/pull/5485>: Bump com.puppycrawl.tools:checkstyle from 10.20.2 to 10.21.2 📈 Stats * 70 commits * 13 closed tickets & PRs * Days since last release: 34 |
|
From: David D. <dav...@or...> - 2024-12-13 15:45:02
|
Welcome to the final OpenJDK Quality Outreach update of 2024! JDK 24, scheduled for General Availability on March 18, 2025 [1], is now in Rampdown Phase One (RDP1) [2]. At this point, the overall JDK 24 feature set is frozen and only low-risk enhancements might still be considered. You will find below the final list of the 24 JEPs that were integrated into JDK 24 as well as JDK 24 technical materials in the last section. This QO update also covers 3 important heads-ups related to security, integrity and JDK 24. The next key milestone is early February with the first JDK 24 Release Candidate builds. That means that we have a few weeks, modulo the end of year break, to find and hopefully address any issue that your projects might encounter. So, please let us know if you encounter any issue with the JDK early-access builds. [1] https://openjdk.org/projects/jdk/24/ [2] https://mail.openjdk.org/pipermail/jdk-dev/2024-December/009672.html # Heads-up - JDK 24: Permanently Disabling the Security Manager Introduced to enforce the principle of the least privilege, the Security Manager was designed to prevent unauthorized code from accessing sensitive resources (ex. files, network connections, etc.). While effective in theory, it has fallen short in practice for multiple reasons: complexity, limited adoption, maintenance overhead and evolving threat landscape. In Java 17, the Security Manager was deprecated for removal under JEP 411 [3]. In JDK 24, its functionality will be effectively disabled via JEP 486 [4]. Key changes include: - Disabling the Security Manager - it will no longer be possible to enable the SM at startup using command-line options, nor will it be possible to install a custom SM during runtime. - Rendering the Security Manager API non-functional - the SM API will remain present for compatibility but will no longer have any operational effect. - Improving maintainability - thousands of lines of code dedicated to supporting the Security Manager will be removed, freeing OpenJDK contributors to implement modern security features. Developers and enterprises using older Java versions or legacy applications relying on the Security Manager will retain access until JDK 24. Beyond that, they are encouraged to transition to alternative sandboxing and API interception mechanisms. ## Call to Action The deprecation of the Security Manager in JDK 17 had little to no impact on most Java developers. Warnings issued in JDK 17–23 generated minimal discussion in the Java ecosystem, highlighting its limited relevance. Furthermore, major frameworks and tools (ex. Jakarta EE, Ant, Tomcat, etc.) have already removed support for the Security Manager, reinforcing the trend. For applications still dependent on the Security Manager, the JDK offers options to identify and address its usage: - jdeprscan [5] scans a JAR file for the usage of deprecated API elements, and it helps find code using these methods. - Messages on the console warnings highlight Security Manager usage during runtime. - Check how you launch your Java application - with the Security Manager allowed or enabled via command line options, or policy files that require it to be installed and configured. These tools give code maintainers the necessary insights to transition away from the Security Manager before its complete removal in future JDK releases. By taking these steps, you will ensure a smooth transition from the Security Manager while adopting more effective security practices. This is a summary; for more details, make sure to read JEP 486 [4]. [3] https://openjdk.org/jeps/411 [4] https://openjdk.org/jeps/486 [5] https://dev.java/learn/jvm/tools/core/jdeprscan/ # Heads-up - JDK 24: Prepares Restricted Native Access Any interaction between Java code and native code, be it via the Java Native Interface (JNI) API or the Foreign Function & Memory (FFM) API, is risky in the sense that it can compromise the integrity of applications and of the Java Platform itself, for example by causing JVM crashes, even after the native code completed execution. According to the policy of integrity by default, all JDK features that are capable of breaking integrity must obtain explicit approval from the application’s developer. JDK 24, by means of JEP 472 [6], prepares that by aligning the behaviors of JNI and FFM by: - Printing warnings for all restricted operations (with the goal to turn these into exceptions in a future release). - Expanding the command-line options `--enable-native-access` and `--illegal-native-access` to govern restricted operations of both APIs. Note that this is a change for JNI, which used to not trigger such warnings, as well as for FFM, which used to forbid restricted operations by default. Starting with JDK 24, both APIs behave uniformly by printing warnings. In the future, both APIs will throw exceptions instead. The intent is neither to discourage the use of, deprecate, or even remove JNI nor to restrict the behavior of native code called via JNI or FFM. The goal is to ensure that applications and the Java Platform have integrity by default while giving application operators the tools they need to selectively opt-out where needed. This is a summary; for more details, please read the full Heads-Up [7] and JEP 472 [6]. [6] https://openjdk.org/jeps/472 [7] https://inside.java/2024/12/09/quality-heads-up/ # Heads-up - JDK 24: Security Properties Files Inclusion Managing security properties across multiple JDK releases can be a challenge, particularly in environments requiring centralized control and distinct security profiles. To address this and starting with JDK 24, the Java Platform now allows the main security properties file (`${java.home}/conf/security/java.security`) or any file specified via the `java.security.properties` system property to include additional files. This inclusion is recursive, allowing for nested configurations, provided no cycles occur. The `include` keyword is reserved and cannot be used to define security properties, as any attempt to do so results in an unchecked `IllegalArgumentException`. The inclusion mechanism enhances security by explicitly listing files in the main configuration file, preventing misconfigurations by throwing a fatal error if a file is missing or inaccessible. It also forbids including directories or URLs, ensuring strict control over which files are included. Users must ensure proper permissions for included files to avoid tampering, such as enforcing secure file permissions. The system supports a clear priority for security property overrides based on the order of inclusion, and updates to a single file automatically propagate across all configurations. This enhancement offers better control and adaptability over Java security properties for developers, system administrators and infrastructure engineers. This is a summary; for more details, please read the full Heads-Up [8] and the JDK 24 release notes [9]. [8] https://inside.java/2024/12/10/quality-heads-up/ [9] https://jdk.java.net/24/release-notes#JDK-8319332 # JDK 24 Early-Access Builds The JDK 24 early-access builds 28 are available [10] and are provided under the GNU General Public License v2, with the Classpath Exception. The Release Notes are available here [11]. ## JEPs integrated into JDK 24: - JEP 404: Generational Shenandoah (Experimental) - JEP 450: Compact Object Headers (Experimental) - JEP 472: Prepare to Restrict the Use of JNI - JEP 475: Late Barrier Expansion for G1 - JEP 478: Key Derivation Function API (Preview) - JEP 479: Remove the Windows 32-bit x86 Port - JEP 483: Ahead-of-Time Class Loading & Linking - JEP 484: Class-File API - JEP 485: Stream Gatherers - JEP 486: Permanently Disable the Security Manager - JEP 487: Scoped Values (4th Preview) - JEP 488: Primitive Types in Patterns, instanceof, and switch (2nd Preview) - JEP 489: Vector API (9th Incubator) - JEP 490: ZGC: Remove the Non-Generational Mode - JEP 491: Synchronize Virtual Threads without Pinning - JEP 492: Flexible Constructor Bodies (3rd Preview) - JEP 493: Linking Run-Time Images without JMODs - JEP 494: Module Import Declarations (2nd Preview) - JEP 495: Simple Source Files and Instance Main Methods (4th Preview) - JEP 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism - JEP 497: Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm - JEP 498: Warn upon Use of Memory-Access Methods in sun.misc.Unsafe - JEP 499: Structured Concurrency (4th Preview) - JEP 501: Deprecate the 32-bit x86 Port for Removal ## Changes in recent JDK 24 builds that may be of interest: - JDK-8345015: Remove unused method lookup_time_t_function [Reported by JaCoCo] - JDK-8344352: 32-bit builds crash after JDK-8305895 [Reported by JaCoCo] - JDK-8344299: SM cleanup in javax.naming modules - JDK-8343791: Socket.connect API should document whether the socket will be closed… - JDK-8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation - JDK-8341964: Add mechanism to disable different parts of TLS cipher suite - JDK-8341553: Remove UseCompactObjectHeaders extra CDS archives - JDK-8333582: Update CLDR to Version 46.0 - JDK-8343001: Adjust XSLT and XPath Extension Function Property - JDK-8341551: Revisit jdk.internal.loader.URLClassPath.JarLoader after JEP 486 - JDK-8340359: Remove javax.naming.Context.APPLET - JDK-8337199: Add jcmd Thread.vthread_scheduler and Thread.vthread_pollers diagnostic commands - JDK-8341975: Unable to set encoding for IO.println, IO.print and IO.readln - JDK-8342075: HttpClient: improve HTTP/2 flow control checks - JDK-8338536: Permanently disable remote code downloading in JNDI - JDK-8343004: Adjust JAXP limits - JDK-8343020: (fs) Add support for SecureDirectoryStream on macOS - JDK-8344882: (bf) Temporary direct buffers should not count against the upper limit on direct buffer memory - JDK-8326949: Authorization header is removed when a proxy Authenticator is set on HttpClient - JDK-8245545: Disable TLS_RSA cipher suites - JDK-8319993: Update Unicode Data Files to 16.0.0 - JDK-8341566: Add Reader.of(CharSequence) - JDK-8335912: Add an operation mode to the jar command when extracting to not overwriting existing files - JDK-8343881: java.lang.classfile.Attribute attributeName() method should return Utf8Entry - JDK-8338021: Support new unsigned and saturating vector operators in VectorAPI - JDK-8343150: Change URLClassLoader.getPermissions to return empty PermissionCollection Note: A complete list of changes can be found here [12]. [10] https://jdk.java.net/24/ [11] https://jdk.java.net/24/release-notes [12] https://github.com/openjdk/jdk/compare/jdk-24+21...jdk-24+28 # Topics of Interest - Java 24 Performance Improvements & Deprecations https://www.youtube.com/watch?v=oTc16DAMTqg - Java 24 Language & API Changes https://inside.java/2024/12/05/newscast-81/ - Java 24 Stops Pinning Virtual Threads (Almost) https://inside.java/2024/11/21/newscast-80/ - Detoxifying the JDK Source Code https://stuartmarks.wordpress.com/2024/12/12/detoxifying-the-jdk-source-code/ - Better Java Streams with Gatherers - JEP Cafe https://inside.java/2024/11/26/jepcafe23/ - Java Language Futures - Fall 2024 Edition https://inside.java/2024/10/30/devoxxbelgium-java-language-futures/ - Ask the Java Architects https://inside.java/2024/11/14/devoxxbelgium-ask-architects/ - Pattern Matching in Java - Past, Present, Future https://inside.java/2024/11/11/devoxxbelgium-pattern-matching/ - Monitoring Java Application Security with JDK tools and JFR Events https://inside.java/2024/11/17/devoxxbelgium-security/ - ZGC Automatic Heap Sizing #JVMLS https://inside.java/2024/11/09/jvmls-zgc/ - Postcards from the Peak of Complexity https://inside.java/2024/11/03/devoxxbelgium-complexity-peak/ - Release Your (Java) Projects Like OpenJDK https://inside.java/2024/10/31/newscast-79/ - Are Virtual Threads Going to Make Reactive Programming Irrelevant? https://inside.java/2024/10/28/javazone-virtual-threads/ - A Sneak Peek at StableValue and SegmentMapper https://inside.java/2024/10/24/devoxxbelgium-stablevalues/ - Advancing AI by Accelerating Java on Parallel Architectures https://inside.java/2024/10/23/java-and-ai/ ~ As always, ping me if you find any issues while testing your project(s) with the latest JDK early-access builds. And as the year-end is fast approaching, let me wish you all the best for the upcoming holidays. See you in 2025 with Java 24, JavaOne and Java 25! PS: Please let me know if you don't want to receive these OpenJDK Quality Outreach updates anymore. --David |
|
From: <gds...@gm...> - 2024-11-20 20:01:26
|
<!DOCTYPE html>
<html lang="en">
<head>
<title>Partnership Opportunity for Winter of Code 4.0</title>
<style>
body {
font-family: 'Google Sans', sans-serif;
color: rgb(32, 33, 36);
margin: 0;
padding: 0;
width: 100%;
overflow-x: hidden;
}
a {
color: #1a73e8;
text-decoration: none;
}
.container {
width: 100%;
max-width: 620px;
margin: 0 auto;
padding: 20px;
box-sizing: border-box;
}
.header-img {
width: 100%;
height: auto;
display: block;
margin-bottom: 2px;
}
.content {
background-color: rgb(250, 250, 250);
padding: 36px;
text-align: left;
word-wrap: break-word;
line-height: 1.5;
}
.footer {
background-color: rgb(66, 133, 244);
padding: 18px;
text-align: center;
}
.footer img {
width: 94px;
height: auto;
display: block;
margin: 0 auto;
}
h1, h2, h3, h4, h5, h6 {
margin: 0;
}
p {
margin: 10px 0;
}
ul {
margin: 10px 0;
padding-left: 20px;
}
ul li {
margin: 5px 0;
}
</style>
</head>
<body>
<div class="container">
<!-- Header Image -->
<img src="https://lh7-rt.googleusercontent.com/docsz/AD_4nXeGMXFIOlwtqgTHQIlgb436SxvEAcKKU4wUZbFmCwiGze-uAyJm9t-Bq81hB16V5C1wyGIKnu1zMILpkd0TpVuVtdWgSXb3pw2nq1ACpCvfKxhiRuiuE01k5MHspsR7nEEPC9Zqk2i8S3ERdKj32zCMN48VzYFaBzPpYFrtdw?key=wOT9cdkFRwm6KFiO_bWFhw" alt="Winter of Code Header" class="header-img">
<!-- Content Section -->
<div class="content">
<p><strong>Greetings from GDG on Campus, IIIT Kalyani!</strong></p>
<p>Dear PMD,</p>
<p>I hope this email finds you well.</p>
<p>We are excited to invite your organization to join <strong>Winter of Code 4.0</strong>, an open-source program by GDG on Campus IIIT Kalyani, cheduled to take place from December to January. This year’s event is expected to attract over 3000 participants, with almost 1000 already registered, driven by the collaborative efforts of 30+ Google Developer Groups and our valued community partners.</p>
<p>Modeled after the structure of Google Summer of Code (GSoC), the program will span two months. During this time, student applicants will send proposals to partner organizations to work on open-source projects. Organizations will receive high-quality contributions that are meaningful and relevant to their codebase. Additionally, mentors will have the opportunity to review contribution proposals and can choose to accept or reject them based on alignment with project goals. As part of this event, we are reaching out to your organization to invite you to participate and contribute to the program. We would love to have your organization onboard.</p>
<p>To partner, could you please provide the following:</p>
<ul>
<li>Number of projects you’d like to propose, along with project names</li>
<li>Links to the project repositories</li>
<li>Number of mentors/Points of Contact (PoCs) and their contact details</li>
<li>Any proposal ideas or specific issues for students to focus on</li>
</ul>
<p>More details, including the event timeline, are available on our website at <a href="http://winterofcode.tech/" target="_blank">winterofcode.tech</a>. Please let us know how to proceed to initiate the partnership. Our program brochure and structure are attached for reference.</p>
<p><a href="https://drive.google.com/file/d/1lzozKgXBw1Czn2MCxXGHrig61oM6Hlc_/view" target="_blank">Sponsorship Brochure</a></p>
<p><a href="https://drive.google.com/file/d/1n3CBIyKuriTmm3xk4Z4aJkUefQc4Rr5y/view" target="_blank">Organisation Brochure</a></p>
<p>Thank you for considering this opportunity to contribute to the open-source community. We look forward to the possibility of partnering with you.</p>
<p><strong>Best regards,</strong></p>
<p><strong>Arpan Mandal</strong><br>
<strong>Lead Organiser</strong><br>
<strong>GDG On Campus, IIIT Kalyani</strong></p>
</div>
<!-- Footer Section with Logo -->
<div class="footer">
<img src="https://lh4.googleusercontent.com/rk0E5GsGUHjZPiFLnEWoxFlnWm8DI61gmfvmGI_gg4Ju4SyHmbS3j84P67zVAsv-EQYTkfqsyU2NDMsZ-ZtfsX0GJZQSDtQhShzTiTwoepIQGlMVEjw5wYY1FxTpzU13LCcM4OflJegAaFCgMft6QwBHLEDEB96A6w9sgJGx3PqPdnXo-ttkjtjLRel8-HitBLrrIcgr9991iHJQ1MIOD8639umZbTxCIuPjuw" alt="GDG On Campus Logo">
</div>
</div>
</body>
</html>
|
|
From: Juan M. S. D. <jua...@gm...> - 2024-11-11 14:44:01
|
Ok, so, first things first. I’d suggest you check out the documentation on writing a ruleset: https://docs.pmd-code.org/latest/pmd_userdocs_making_rulesets.html#referencing-a-single-rule To reference existing rulesets, it suffices to do just: <rule ref="category/apex/design.xml/ExcessiveClassLength" /> You don’t need to include the message nor any property unless you want to *override* the default values for any of these. In your example, you are just copying the defaults, so none of that is needed. Even if you were overriding a value, you just need to include the one you want to override, not all of them. The rule’s doc shows the difference between just referencing / customizing it (and neither includes the message attribute). https://docs.pmd-code.org/latest/pmd_rules_apex_design.html#excessiveclasslength As for the cc_* attributes in general, *just remove them*. They referenced CodeClimate <https://codeclimate.com/>. They do not affect the rule itself, but how it renders data *iff* using the code climate renderer. As this is a renderer-specific thing, it didn’t make sense to have it as part of each rule, and hence, was deprecated and eventually removed. If you are not using Code Climate, you won’t see a difference. If you are, you will simply stop having category / remediation points info. Regards On Mon, Nov 11, 2024 at 1:55 AM Abhinav kumar <abh...@gm...> wrote: > Hello Juan, > > What will be the impact when we remove these properties " cc_categories > , cc_remediation_points_multiplier, cc_block_highlighting " in our PMD > analysis? > Is there any alternative to these properties which we can include in our > ruleset file. > Please find the rule snippet below for your reference. This is how we have > defined our custom ruleset. > <rule ref="category/apex/design.xml/ExcessiveClassLength" message= > "Avoid really long classes (lines of code)"> > <priority>3</priority> > <properties> > <property name="minimum" value="1000" /> > <!-- relevant for Code Climate output only --> > <property name="cc_categories" value="Complexity" /> > <property name="cc_remediation_points_multiplier" value="150" /> > <property name="cc_block_highlighting" value="false" /> > </properties> > </rule> > > So, how do we rewrite this rule as we will need to remove all the 3 > properties mentioned in the snippet. So how are we going to rewrite the > rule and also any other property which we need to replace in place of these > properties?. > > > *NOTE:- These are the properties we are using for all our rulesets, you > can go through the custom rule set file once which is attached with this > email, so could you please guide as to how we are rewriting this without > these properties.* > Regards, > Abhinav > > On Sun, Nov 10, 2024 at 10:06 AM Juan Martín Sotuyo Dodero < > jua...@gm...> wrote: > >> Yes, simply remove them >> >> On Sun, Nov 10, 2024, 1:19 AM Abhinav kumar <abh...@gm...> >> wrote: >> >>> Hello Juan, >>> >>> Thank you so much for the response, so what should be the next step? >>> In Place of these properties " cc_categories, >>> cc_remediation_points_multiplier, cc_block_highlighting " what should >>> be used because these are all custom defined rule sets we are using in our >>> project. >>> >>> Should we remove these properties from our file, will that work? >>> >>> Awaiting your response. >>> >>> Regards, >>> Abhinav >>> >>> On Thu, Nov 7, 2024 at 6:59 PM Juan Martín Sotuyo Dodero < >>> jua...@gm...> wrote: >>> >>>> Abhinav, >>>> >>>> PMD 7 is a major release, and as such, introduces breaking changes. >>>> As per our own policy, we never introduce a breaking change unless the >>>> relevant feature has already been deprecated in the previous release, and >>>> ensuring appropriate warnings are emitted with it’s usage, even if still >>>> supported, with the intention of giving people time to accommodate and >>>> prepare. Aditionally, with any release, the release notes >>>> <https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html> >>>> comprehensively cover these changes. >>>> >>>> As per the error’s self description >>>> >>>> 2024-11-04T07:40:49.3666791Z 11| <property name="cc_categories" value="Complexity" /> >>>> 2024-11-04T07:40:49.3667364Z ^^^^^^^^^ Cannot set non-existent property 'cc_categories' on rule ExcessiveClassLength >>>> >>>> In this particular case, this is the relevant piece >>>> <https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html#changed-rules:~:text=Apex%20General%20changes> >>>> : >>>> >>>> *Apex General changes* >>>> >>>> - The properties cc_categories, cc_remediation_points_multiplier, >>>> cc_block_highlighting have been removed from all rules. These >>>> properties have been deprecated since PMD 6.13.0. See issue #1648 >>>> <https://github.com/pmd/pmd/issues/1648> for more details. >>>> >>>> Hope that helps. Checking the logs for deprecation warnings can >>>> hopefully help you stay prepared for major changes without affecting your >>>> workflows. >>>> >>>> Regards >>>> >>>> On Thu, Nov 7, 2024 at 6:24 AM Abhinav kumar <abh...@gm...> >>>> wrote: >>>> >>>>> Hello Team, >>>>> >>>>> I am using sfdx-scanner for my project and custom PMD rule set for the >>>>> static code analysis. >>>>> When I upgraded the scanner to 4.0.0, PMD was upgraded to 7.0.0 but >>>>> then I started getting errors in my pipeline. The same rule set is working >>>>> fine with the sfdx-scanner 3.25 version. I have attached the error log file. >>>>> >>>>> Also, I am attaching the custom ruleset file for your reference. >>>>> >>>>> >>>>> _______________________________________________ >>>>> Pmd-devel mailing list >>>>> Pmd...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/pmd-devel >>>>> >>>> |
|
From: Abhinav k. <abh...@gm...> - 2024-11-11 04:55:28
|
Hello Juan,
What will be the impact when we remove these properties " cc_categories,
cc_remediation_points_multiplier, cc_block_highlighting " in our PMD
analysis?
Is there any alternative to these properties which we can include in our
ruleset file.
Please find the rule snippet below for your reference. This is how we have
defined our custom ruleset.
<rule ref="category/apex/design.xml/ExcessiveClassLength" message=
"Avoid really long classes (lines of code)">
<priority>3</priority>
<properties>
<property name="minimum" value="1000" />
<!-- relevant for Code Climate output only -->
<property name="cc_categories" value="Complexity" />
<property name="cc_remediation_points_multiplier" value="150" />
<property name="cc_block_highlighting" value="false" />
</properties>
</rule>
So, how do we rewrite this rule as we will need to remove all the 3
properties mentioned in the snippet. So how are we going to rewrite the
rule and also any other property which we need to replace in place of these
properties?.
*NOTE:- These are the properties we are using for all our rulesets, you can
go through the custom rule set file once which is attached with this email,
so could you please guide as to how we are rewriting this without these
properties.*
Regards,
Abhinav
On Sun, Nov 10, 2024 at 10:06 AM Juan Martín Sotuyo Dodero <
jua...@gm...> wrote:
> Yes, simply remove them
>
> On Sun, Nov 10, 2024, 1:19 AM Abhinav kumar <abh...@gm...>
> wrote:
>
>> Hello Juan,
>>
>> Thank you so much for the response, so what should be the next step?
>> In Place of these properties " cc_categories,
>> cc_remediation_points_multiplier, cc_block_highlighting " what should
>> be used because these are all custom defined rule sets we are using in our
>> project.
>>
>> Should we remove these properties from our file, will that work?
>>
>> Awaiting your response.
>>
>> Regards,
>> Abhinav
>>
>> On Thu, Nov 7, 2024 at 6:59 PM Juan Martín Sotuyo Dodero <
>> jua...@gm...> wrote:
>>
>>> Abhinav,
>>>
>>> PMD 7 is a major release, and as such, introduces breaking changes.
>>> As per our own policy, we never introduce a breaking change unless the
>>> relevant feature has already been deprecated in the previous release, and
>>> ensuring appropriate warnings are emitted with it’s usage, even if still
>>> supported, with the intention of giving people time to accommodate and
>>> prepare. Aditionally, with any release, the release notes
>>> <https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html>
>>> comprehensively cover these changes.
>>>
>>> As per the error’s self description
>>>
>>> 2024-11-04T07:40:49.3666791Z 11| <property name="cc_categories" value="Complexity" />
>>> 2024-11-04T07:40:49.3667364Z ^^^^^^^^^ Cannot set non-existent property 'cc_categories' on rule ExcessiveClassLength
>>>
>>> In this particular case, this is the relevant piece
>>> <https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html#changed-rules:~:text=Apex%20General%20changes>
>>> :
>>>
>>> *Apex General changes*
>>>
>>> - The properties cc_categories, cc_remediation_points_multiplier,
>>> cc_block_highlighting have been removed from all rules. These
>>> properties have been deprecated since PMD 6.13.0. See issue #1648
>>> <https://github.com/pmd/pmd/issues/1648> for more details.
>>>
>>> Hope that helps. Checking the logs for deprecation warnings can
>>> hopefully help you stay prepared for major changes without affecting your
>>> workflows.
>>>
>>> Regards
>>>
>>> On Thu, Nov 7, 2024 at 6:24 AM Abhinav kumar <abh...@gm...>
>>> wrote:
>>>
>>>> Hello Team,
>>>>
>>>> I am using sfdx-scanner for my project and custom PMD rule set for the
>>>> static code analysis.
>>>> When I upgraded the scanner to 4.0.0, PMD was upgraded to 7.0.0 but
>>>> then I started getting errors in my pipeline. The same rule set is working
>>>> fine with the sfdx-scanner 3.25 version. I have attached the error log file.
>>>>
>>>> Also, I am attaching the custom ruleset file for your reference.
>>>>
>>>>
>>>> _______________________________________________
>>>> Pmd-devel mailing list
>>>> Pmd...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/pmd-devel
>>>>
>>>
|
|
From: Juan M. S. D. <jua...@gm...> - 2024-11-10 04:36:36
|
Yes, simply remove them On Sun, Nov 10, 2024, 1:19 AM Abhinav kumar <abh...@gm...> wrote: > Hello Juan, > > Thank you so much for the response, so what should be the next step? > In Place of these properties " cc_categories, > cc_remediation_points_multiplier, cc_block_highlighting " what should > be used because these are all custom defined rule sets we are using in our > project. > > Should we remove these properties from our file, will that work? > > Awaiting your response. > > Regards, > Abhinav > > On Thu, Nov 7, 2024 at 6:59 PM Juan Martín Sotuyo Dodero < > jua...@gm...> wrote: > >> Abhinav, >> >> PMD 7 is a major release, and as such, introduces breaking changes. >> As per our own policy, we never introduce a breaking change unless the >> relevant feature has already been deprecated in the previous release, and >> ensuring appropriate warnings are emitted with it’s usage, even if still >> supported, with the intention of giving people time to accommodate and >> prepare. Aditionally, with any release, the release notes >> <https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html> >> comprehensively cover these changes. >> >> As per the error’s self description >> >> 2024-11-04T07:40:49.3666791Z 11| <property name="cc_categories" value="Complexity" /> >> 2024-11-04T07:40:49.3667364Z ^^^^^^^^^ Cannot set non-existent property 'cc_categories' on rule ExcessiveClassLength >> >> In this particular case, this is the relevant piece >> <https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html#changed-rules:~:text=Apex%20General%20changes> >> : >> >> *Apex General changes* >> >> - The properties cc_categories, cc_remediation_points_multiplier, >> cc_block_highlighting have been removed from all rules. These >> properties have been deprecated since PMD 6.13.0. See issue #1648 >> <https://github.com/pmd/pmd/issues/1648> for more details. >> >> Hope that helps. Checking the logs for deprecation warnings can hopefully >> help you stay prepared for major changes without affecting your workflows. >> >> Regards >> >> On Thu, Nov 7, 2024 at 6:24 AM Abhinav kumar <abh...@gm...> >> wrote: >> >>> Hello Team, >>> >>> I am using sfdx-scanner for my project and custom PMD rule set for the >>> static code analysis. >>> When I upgraded the scanner to 4.0.0, PMD was upgraded to 7.0.0 but then >>> I started getting errors in my pipeline. The same rule set is working fine >>> with the sfdx-scanner 3.25 version. I have attached the error log file. >>> >>> Also, I am attaching the custom ruleset file for your reference. >>> >>> >>> _______________________________________________ >>> Pmd-devel mailing list >>> Pmd...@li... >>> https://lists.sourceforge.net/lists/listinfo/pmd-devel >>> >> |
|
From: Abhinav k. <abh...@gm...> - 2024-11-10 04:19:57
|
Hello Juan, Thank you so much for the response, so what should be the next step? In Place of these properties " cc_categories, cc_remediation_points_multiplier, cc_block_highlighting " what should be used because these are all custom defined rule sets we are using in our project. Should we remove these properties from our file, will that work? Awaiting your response. Regards, Abhinav On Thu, Nov 7, 2024 at 6:59 PM Juan Martín Sotuyo Dodero < jua...@gm...> wrote: > Abhinav, > > PMD 7 is a major release, and as such, introduces breaking changes. > As per our own policy, we never introduce a breaking change unless the > relevant feature has already been deprecated in the previous release, and > ensuring appropriate warnings are emitted with it’s usage, even if still > supported, with the intention of giving people time to accommodate and > prepare. Aditionally, with any release, the release notes > <https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html> > comprehensively cover these changes. > > As per the error’s self description > > 2024-11-04T07:40:49.3666791Z 11| <property name="cc_categories" value="Complexity" /> > 2024-11-04T07:40:49.3667364Z ^^^^^^^^^ Cannot set non-existent property 'cc_categories' on rule ExcessiveClassLength > > In this particular case, this is the relevant piece > <https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html#changed-rules:~:text=Apex%20General%20changes> > : > > *Apex General changes* > > - The properties cc_categories, cc_remediation_points_multiplier, > cc_block_highlighting have been removed from all rules. These > properties have been deprecated since PMD 6.13.0. See issue #1648 > <https://github.com/pmd/pmd/issues/1648> for more details. > > Hope that helps. Checking the logs for deprecation warnings can hopefully > help you stay prepared for major changes without affecting your workflows. > > Regards > > On Thu, Nov 7, 2024 at 6:24 AM Abhinav kumar <abh...@gm...> > wrote: > >> Hello Team, >> >> I am using sfdx-scanner for my project and custom PMD rule set for the >> static code analysis. >> When I upgraded the scanner to 4.0.0, PMD was upgraded to 7.0.0 but then >> I started getting errors in my pipeline. The same rule set is working fine >> with the sfdx-scanner 3.25 version. I have attached the error log file. >> >> Also, I am attaching the custom ruleset file for your reference. >> >> >> _______________________________________________ >> Pmd-devel mailing list >> Pmd...@li... >> https://lists.sourceforge.net/lists/listinfo/pmd-devel >> > |
|
From: Juan M. S. D. <jua...@gm...> - 2024-11-07 13:29:41
|
Abhinav, PMD 7 is a major release, and as such, introduces breaking changes. As per our own policy, we never introduce a breaking change unless the relevant feature has already been deprecated in the previous release, and ensuring appropriate warnings are emitted with it’s usage, even if still supported, with the intention of giving people time to accommodate and prepare. Aditionally, with any release, the release notes <https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html> comprehensively cover these changes. As per the error’s self description 2024-11-04T07:40:49.3666791Z 11| <property name="cc_categories" value="Complexity" /> 2024-11-04T07:40:49.3667364Z ^^^^^^^^^ Cannot set non-existent property 'cc_categories' on rule ExcessiveClassLength In this particular case, this is the relevant piece <https://docs.pmd-code.org/latest/pmd_release_notes_pmd7.html#changed-rules:~:text=Apex%20General%20changes> : *Apex General changes* - The properties cc_categories, cc_remediation_points_multiplier, cc_block_highlighting have been removed from all rules. These properties have been deprecated since PMD 6.13.0. See issue #1648 <https://github.com/pmd/pmd/issues/1648> for more details. Hope that helps. Checking the logs for deprecation warnings can hopefully help you stay prepared for major changes without affecting your workflows. Regards On Thu, Nov 7, 2024 at 6:24 AM Abhinav kumar <abh...@gm...> wrote: > Hello Team, > > I am using sfdx-scanner for my project and custom PMD rule set for the > static code analysis. > When I upgraded the scanner to 4.0.0, PMD was upgraded to 7.0.0 but then I > started getting errors in my pipeline. The same rule set is working fine > with the sfdx-scanner 3.25 version. I have attached the error log file. > > Also, I am attaching the custom ruleset file for your reference. > > > _______________________________________________ > Pmd-devel mailing list > Pmd...@li... > https://lists.sourceforge.net/lists/listinfo/pmd-devel > |
|
From: Abhinav k. <abh...@gm...> - 2024-11-07 06:02:25
|
Hello Team, I am using sfdx-scanner for my project and custom PMD rule set for the static code analysis. When I upgraded the scanner to 4.0.0, PMD was upgraded to 7.0.0 but then I started getting errors in my pipeline. The same rule set is working fine with the sfdx-scanner 3.25 version. I have attached the error log file. Also, I am attaching the custom ruleset file for your reference. |
|
From: Andreas D. <and...@pm...> - 2024-09-27 10:22:46
|
* Downloads: https://github.com/pmd/pmd/releases/tag/pmd_releases%2F7.6.0 * Documentation: https://docs.pmd-code.org/pmd-doc-7.6.0/ 27-September-2024 - 7.6.0 The PMD team is pleased to announce PMD 7.6.0. This is a minor release. Table Of Contents * 🚀 New and noteworthy <https://sourceforge.net/p/pmd/news/2024/09/pmd-760-27-september-2024-released/#new-and-noteworthy> o New Git default branch - "main" <https://sourceforge.net/p/pmd/news/2024/09/pmd-760-27-september-2024-released/#new-git-default-branch---main> * 🐛 Fixed Issues <https://sourceforge.net/p/pmd/news/2024/09/pmd-760-27-september-2024-released/#fixed-issues> * 🚨 API Changes <https://sourceforge.net/p/pmd/news/2024/09/pmd-760-27-september-2024-released/#api-changes> * ✨ Merged pull requests <https://sourceforge.net/p/pmd/news/2024/09/pmd-760-27-september-2024-released/#merged-pull-requests> * 📦 Dependency updates <https://sourceforge.net/p/pmd/news/2024/09/pmd-760-27-september-2024-released/#dependency-updates> * 📈 Stats <https://sourceforge.net/p/pmd/news/2024/09/pmd-760-27-september-2024-released/#stats> 🚀 New and noteworthy New Git default branch - "main" We are joining the Git community and updating "master" to "main". Using the term "master" for the main development branch can be offensive to some people. Existing versions of Git have been always capable of working with any branch name and since 2.28.0 (July 2020) the default initial branch is configurable (|init.defaultBranch|). Since October 2020, the default branch for new repositories on GitHub is "main". Finally, PMD will also use this new name for the main branch in all our own repositories. Why "main"? PMD uses a very simple branching model - pull requests with feature branches and one main development branch, from which releases are created. That's why "main" is currently the best fitting name. More information: - https://sfconservancy.org/news/2020/jun/23/gitbranchname/ - https://github.blog/changelog/2020-10-01-the-default-branch-for-newly-created-repositories-is-now-main/ What changes? - We change the default branch on GitHub, so that pull requests are automatically created against |main| from now on. - If you have already a local clone of PMD's repository, you'll need to rename the old master branch locally: |git branch --move master main git fetch origin git branch --set-upstream-to=origin/main main git remote set-head origin --auto| More info: https://git-scm.com/book/en/v2/Git-Branching-Branch-Management#_changing_master and https://docs.github.com/en/repositories/configuring-branches-and-merges-in-your-repository/managing-branches-in-your-repository/renaming-a-branch#updating-a-local-clone-after-a-branch-name-changes - If you created a fork on GitHub, you'll need to change the default branch in your fork to |main| as well (Settings > Default Branch). - Some time after this release, we'll delete the old master branch on GitHub. Then only |main| can be used. - This change is expanded to the other PMD repositories as well, e.g. pmd-designer and pmd-regression-tester. 🐛 Fixed Issues * apex * #5138 <https://github.com/pmd/pmd/issues/5138>: [apex] Various false-negatives since 7.3.0 when using triggers (ApexCRUDViolation, CognitiveComplexity, OperationWithLimitsInLoop) * #5163 <https://github.com/pmd/pmd/issues/5163>: [apex] Parser error when using toLabel in SOSL query * #5182 <https://github.com/pmd/pmd/issues/5182>: [apex] Parser error when using GROUPING in a SOQL query * #5218 <https://github.com/pmd/pmd/issues/5218>: [apex] Parser error when using nested subqueries in SOQL * #5228 <https://github.com/pmd/pmd/issues/5228>: [apex] Parser error when using convertCurrency() in SOQL * core * #5059 <https://github.com/pmd/pmd/issues/5059>: [core] xml output doesn't escape CDATA inside its own CDATA * #5201 <https://github.com/pmd/pmd/issues/5201>: [core] PMD sarif schema file points to nonexistent location * #5222 <https://github.com/pmd/pmd/issues/5222>: [core] RuleReference/RuleSetWriter don't handle changed default property values correctly * #5229 <https://github.com/pmd/pmd/issues/5229>: [doc] CLI flag |--show-suppressed| needs to mention xml, html, summaryhtml * java * #5190 <https://github.com/pmd/pmd/issues/5190>: [java] NPE in type inference * java-codestyle * #5046 <https://github.com/pmd/pmd/issues/5046>: [java] LocalVariableCouldBeFinal false positive with try/catch * java-errorprone * #5068 <https://github.com/pmd/pmd/issues/5068>: [java] MissingStaticMethodInNonInstantiatableClass: false positive with builder pattern * #5207 <https://github.com/pmd/pmd/issues/5207>: [java] CheckSkipResult: false positve for a private method |void skip(int)| in a subclass of FilterInputStream 🚨 API Changes No changes. ✨ Merged pull requests * #5186 <https://github.com/pmd/pmd/pull/5186>: [java] Cleanup things about implicit classes - Clément Fournier <https://github.com/oowekyala> (@oowekyala <https://sourceforge.net/u/oowekyala/profile/>) * #5188 <https://github.com/pmd/pmd/pull/5188>: [apex] Use new apex-parser 4.2.0 - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #5191 <https://github.com/pmd/pmd/pull/5191>: [java] Fix #5046 - FPs in LocalVariableCouldBeFinal - Clément Fournier <https://github.com/oowekyala> (@oowekyala <https://sourceforge.net/u/oowekyala/profile/>) * #5192 <https://github.com/pmd/pmd/pull/5192>: [java] Fix #5190 - NPE in type inference caused by null type - Clément Fournier <https://github.com/oowekyala> (@oowekyala <https://sourceforge.net/u/oowekyala/profile/>) * #5195 <https://github.com/pmd/pmd/pull/5195>: [apex] Fix various FNs when using triggers - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #5202 <https://github.com/pmd/pmd/pull/5202>: [core] Sarif format: refer to schemastore.org - David Schach <https://github.com/dschach> (@dschach) * #5208 <https://github.com/pmd/pmd/pull/5208>: [doc] Added Codety to "Tools / Integrations" - Tony <https://github.com/random1223> (@random1223) * #5210 <https://github.com/pmd/pmd/pull/5210>: [core] Fix PMD's XMLRenderer to escape CDATA - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #5211 <https://github.com/pmd/pmd/pull/5211>: Change branch master to main - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #5212 <https://github.com/pmd/pmd/pull/5212>: [java] Adjust signature matching in CheckSkipResultRule - Juan Martín Sotuyo Dodero <https://github.com/jsotuyod> (@jsotuyod) * #5223 <https://github.com/pmd/pmd/pull/5223>: [core] Fix RuleReference / RuleSetWriter handling of properties - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) * #5224 <https://github.com/pmd/pmd/pull/5224>: [java] Fix #5068: Class incorrectly identified as non-instantiatable - Lukas Gräf <https://github.com/lukasgraef> (@lukasgraef) * #5230 <https://github.com/pmd/pmd/pull/5230>: [doc] Documentation update for --show-suppressed flag - David Schach <https://github.com/dschach> (@dschach) * #5237 <https://github.com/pmd/pmd/pull/5237>: [apex] Support convertCurrency() in SOQL/SOSL - Andreas Dangel <https://github.com/adangel> (@adangel <https://sourceforge.net/u/adangel/profile/>) 📦 Dependency updates * #5185 <https://github.com/pmd/pmd/issues/5185>: Bump checkstyle from 10.14.0 to 10.18.1 * #5187 <https://github.com/pmd/pmd/issues/5187>: Bump org.apache.maven.plugins:maven-install-plugin from 3.1.1 to 3.1.3 * #5199 <https://github.com/pmd/pmd/issues/5199>: Bump org.apache.maven.plugins:maven-deploy-plugin from 3.1.1 to 3.1.3 * #5216 <https://github.com/pmd/pmd/issues/5216>: Bump com.github.siom79.japicmp:japicmp-maven-plugin from 0.20.0 to 0.23.0 * #5226 <https://github.com/pmd/pmd/issues/5226>: Bump rouge from 4.3.0 to 4.4.0 in the all-gems group across 1 directory * #5227 <https://github.com/pmd/pmd/issues/5227>: Bump com.google.code.gson:gson from 2.10.1 to 2.11.0 * #5232 <https://github.com/pmd/pmd/issues/5232>: Bump com.google.protobuf:protobuf-java from 3.25.3 to 3.25.5 * #5233 <https://github.com/pmd/pmd/issues/5233>: Bump webrick from 1.8.1 to 1.8.2 in /docs 📈 Stats * 60 commits * 27 closed tickets & PRs * Days since last release: 27 |
|
From: Andreas D. <and...@pm...> - 2024-08-30 09:06:38
|
* Downloads: https://github.com/pmd/pmd/releases/tag/pmd_releases%2F7.5.0 * Documentation: https://docs.pmd-code.org/pmd-doc-7.5.0/ 30-August-2024 - 7.5.0 The PMD team is pleased to announce PMD 7.5.0. This is a minor release. Table Of Contents * 🚀 New: Java 23 Support <https://sourceforge.net/p/pmd/news/2024/08/pmd-750-30-august-2024-released/#new-java-23-support> * 🌟 New Rules <https://sourceforge.net/p/pmd/news/2024/08/pmd-750-30-august-2024-released/#new-rules> * 🐛 Fixed Issues <https://sourceforge.net/p/pmd/news/2024/08/pmd-750-30-august-2024-released/#fixed-issues> * 🚨 API Changes <https://sourceforge.net/p/pmd/news/2024/08/pmd-750-30-august-2024-released/#api-changes> o Deprecations <https://sourceforge.net/p/pmd/news/2024/08/pmd-750-30-august-2024-released/#deprecations> o Experimental <https://sourceforge.net/p/pmd/news/2024/08/pmd-750-30-august-2024-released/#experimental> * ✨ External Contributions <https://sourceforge.net/p/pmd/news/2024/08/pmd-750-30-august-2024-released/#external-contributions> * 📦 Dependency updates <https://sourceforge.net/p/pmd/news/2024/08/pmd-750-30-august-2024-released/#dependency-updates> * 📈 Stats <https://sourceforge.net/p/pmd/news/2024/08/pmd-750-30-august-2024-released/#stats> 🚀 New: Java 23 Support This release of PMD brings support for Java 23. There are no new standard language features, but a couple of preview language features: * JEP 455: Primitive Types in Patterns, instanceof, and switch (Preview) <https://openjdk.org/jeps/455> * JEP 476: Module Import Declarations (Preview) <https://openjdk.org/jeps/476> * JEP 477: Implicitly Declared Classes and Instance Main Methods (Third Preview) <https://openjdk.org/jeps/477> * JEP 482: Flexible Constructor Bodies (Second Preview) <https://openjdk.org/jeps/482> Note that String Templates (introduced as preview in Java 21 and 22) are not supported anymore in Java 23, see JDK-8329949 <https://bugs.openjdk.org/browse/JDK-8329949> for details. In order to analyze a project with PMD that uses these preview language features, you'll need to enable it via the environment variable |PMD_JAVA_OPTS| and select the new language version |23-preview|: |exportPMD_JAVA_OPTS=--enable-preview pmdcheck--use-versionjava-23-preview... | Note: Support for Java 21 preview language features have been removed. The version "21-preview" are no longer available. 🌟 New Rules * The new Java rule |AvoidSynchronizedStatement| <https://docs.pmd-code.org/pmd-doc-7.5.0/pmd_rules_java_multithreading.html#avoidsynchronizedstatement> finds synchronization blocks that could cause performance issues with virtual threads due to pinning. * The new JavaScript rule |AvoidConsoleStatements| <https://docs.pmd-code.org/pmd-doc-7.5.0/pmd_rules_ecmascript_performance.html#avoidconsolestatements> finds any function calls on the Console API (e.g. |console.log|). Using these in production code might negatively impact performance. 🐛 Fixed Issues * apex-performance * #5139 <https://github.com/pmd/pmd/issues/5139>: [apex] OperationWithHighCostInLoop: false negative for triggers * java * #5062 <https://github.com/pmd/pmd/issues/5062>: [java] Support Java 23 * #5167 <https://github.com/pmd/pmd/issues/5167>: [java] java.lang.IllegalArgumentException: \<?> cannot be a wildcard bound * java-bestpractices * #3602 <https://github.com/pmd/pmd/issues/3602>: [java] GuardLogStatement: False positive when compile-time constant is created from external constants * #4731 <https://github.com/pmd/pmd/issues/4731>: [java] GuardLogStatement: Documentation is unclear why getters are flagged * #5145 <https://github.com/pmd/pmd/issues/5145>: [java] UnusedPrivateMethod: False positive with method calls inside lambda * #5151 <https://github.com/pmd/pmd/issues/5151>: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is a constant from another class * #5152 <https://github.com/pmd/pmd/issues/5152>: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is "this" * #5153 <https://github.com/pmd/pmd/issues/5153>: [java] GuardLogStatement: Should not need to guard parameterized log messages where the replacement arg is an array element * java-design * #5048 <https://github.com/pmd/pmd/issues/5084>: [java] CognitiveComplexity: Exception when using Map.of() * #5162 <https://github.com/pmd/pmd/issues/5162>: [java] SingularField: False-positive when preceded by synchronized block * java-multithreading * #5175 <https://github.com/pmd/pmd/issues/5175>: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement * javascript-performance * #5105 <https://github.com/pmd/pmd/issues/5105>: [javascript] Prohibit any console methods * plsql * #5125 <https://github.com/pmd/pmd/pull/5125>: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names) * plsql-bestpractices * #5132 <https://github.com/pmd/pmd/issues/5132>: [plsql] TomKytesDespair: XPathException for more complex exception handler 🚨 API Changes Deprecations * pmd-jsp * |JspParserImpl| <https://docs.pmd-code.org/apidocs/pmd-jsp/7.5.0/net/sourceforge/pmd/lang/jsp/ast/JspParserImpl.html#> is deprecated now. It should have been package-private because this is an implementation class that should not be used directly. * pmd-plsql * |MergeUpdateClausePrefix| <https://docs.pmd-code.org/apidocs/pmd-plsql/7.5.0/net/sourceforge/pmd/lang/plsql/ast/PLSQLParserImpl.html#MergeUpdateClausePrefix()> is deprecated. This production is not used anymore and will be removed. Note: The whole parser implementation class has been deprecated since 7.3.0, as it is supposed to be internalized. * pmd-velocity * |VtlParserImpl| <https://docs.pmd-code.org/apidocs/pmd-velocity/7.5.0/net/sourceforge/pmd/lang/velocity/ast/VtlParserImpl.html#> is deprecated now. It should have been package-private because this is an implementation class that should not be used directly. * pmd-visualforce * |VfParserImpl| <https://docs.pmd-code.org/apidocs/pmd-visualforce/7.5.0/net/sourceforge/pmd/lang/visualforce/ast/VfParserImpl.html#> is deprecated now. It should have been package-private because this is an implementation class that should not be used directly. Experimental * pmd-java * Renamed |isUnnamedClass()| to |ASTCompilationUnit#isSimpleCompilationUnit| <https://docs.pmd-code.org/apidocs/pmd-java/7.5.0/net/sourceforge/pmd/lang/java/ast/ASTCompilationUnit.html#isSimpleCompilationUnit()> * |ASTImplicitClassDeclaration| <https://docs.pmd-code.org/apidocs/pmd-java/7.5.0/net/sourceforge/pmd/lang/java/ast/ASTImplicitClassDeclaration.html#> * |ASTImportDeclaration#isModuleImport| <https://docs.pmd-code.org/apidocs/pmd-java/7.5.0/net/sourceforge/pmd/lang/java/ast/ASTImportDeclaration.html#isModuleImport()> * |JavaVisitorBase#visit(ASTImplicitClassDeclaration, P)| <https://docs.pmd-code.org/apidocs/pmd-java/7.5.0/net/sourceforge/pmd/lang/java/ast/JavaVisitorBase.html#visit(net.sourceforge.pmd.lang.java.ast.ASTImplicitClassDeclaration,P)> ✨ External Contributions * #5125 <https://github.com/pmd/pmd/pull/5125>: [plsql] Improve merge statement (order of merge insert/update flexible, allow prefixes in column names) - Arjen Duursma <https://github.com/duursma> (@duursma) * #5175 <https://github.com/pmd/pmd/pull/5175>: [java] Update AvoidSynchronizedAtMethodLevel message to mention ReentrantLock, new rule AvoidSynchronizedStatement - Chas Honton <https://github.com/chonton> (@chonton <https://sourceforge.net/u/chonton/profile/>) 📦 Dependency updates * #5100 <https://github.com/pmd/pmd/issues/5100>: Enable Dependabot * #5141 <https://github.com/pmd/pmd/issues/5141>: Bump org.apache.maven.plugins:maven-checkstyle-plugin from 3.3.1 to 3.4.0 * #5142 <https://github.com/pmd/pmd/issues/5142>: Bump org.apache.maven.plugins:maven-compiler-plugin from 3.12.1 to 3.13.0 * #5144 <https://github.com/pmd/pmd/issues/5144>: Bump org.codehaus.mojo:versions-maven-plugin from 2.16.2 to 2.17.1 * #5148 <https://github.com/pmd/pmd/issues/5148>: Bump org.apache.commons:commons-text from 1.11.0 to 1.12.0 * #5149 <https://github.com/pmd/pmd/issues/5149>: Bump org.apache.maven.plugins:maven-site-plugin from 4.0.0-M13 to 4.0.0-M16 * #5160 <https://github.com/pmd/pmd/issues/5160>: Bump org.pcollections:pcollections from 3.2.0 to 4.0.2 * #5161 <https://github.com/pmd/pmd/issues/5161>: Bump danger from 9.4.3 to 9.5.0 in the all-gems group across 1 directory * #5164 <https://github.com/pmd/pmd/issues/5164>: Bump org.apache.maven.plugins:maven-dependency-plugin from 3.6.1 to 3.7.1 * #5165 <https://github.com/pmd/pmd/issues/5165>: Bump the all-gems group across 1 directory with 2 updates * #5171 <https://github.com/pmd/pmd/issues/5171>: Bump net.bytebuddy:byte-buddy-agent from 1.14.12 to 1.14.19 * #5180 <https://github.com/pmd/pmd/issues/5180>: Bump net.sf.saxon:Saxon-HE from 12.4 to 12.5 📈 Stats * 87 commits * 25 closed tickets & PRs * Days since last release: 35 |
|
From: David D. <dav...@or...> - 2024-08-23 12:47:21
|
Welcome to the latest OpenJDK Quality Outreach update! Everything is on track for the General Availability of Java 23 on September 17th [1] as the JDK 23 Release Candidate builds (RC2 - builds 37) are now available [2]. And before shifting your attention to JDK 24, make sure to check the Heads-Up below as it is related to an important JAXP update in JDK 23. The JVM Language Summit took place earlier this month in Santa Clara (California). During this unique conference, key updates around the Java platforms were presented and discussed. So, make sure to watch the JVMLS 2024 playlist [3] as videos are added regularly. And it's not really a surprise but Valhalla was a highly discussed topic. In his session [4], Brian Goetz (Java Language Architect) explained the proposed solution: value classes, null-restricted types, improved definite assignment analysis, and strict initialization. Around the same time-frame, Valhalla Early-Access builds implementing Value Classes and Objects were also made available [5], see the Release Notes [6] for the details. As usual, feedback should be reported to the proper mailing list [7]. [1] https://openjdk.org/projects/jdk/23/ [2] https://jdk.java.net/23/ [3] https://www.youtube.com/playlist?list=PLX8CzqL3ArzUEYnTa6KYORRbP3nhsK0L1 [4] https://www.youtube.com/watch?v=IF9l8fYfSnI [5] https://jdk.java.net/valhalla/ [6] https://openjdk.org/projects/valhalla/early-access [7] https://mail.openjdk.org/mailman/listinfo/valhalla-dev ## Heads-up - JDK 23: Prepare for a More Restrictive JAXP Configuration The Java platform supports XML processing with JAXP (Java APIs for XML Processing) that are based on a wide range of XML technologies and standards, which can make them challenging to secure. To mitigate risks, JAXP offers comprehensive security features [8], but the default settings of some security features are not strict, making them opt-in. To improve out-of-the-box security, future JDK releases will make XML processing more restrictive by default and JDKs 21 to 23 help developers prepare for these changes. ### JDK 21: JAXP Configuration File JDK 21 added `$JAVA_HOME/conf/jaxp.properties` as the default JAXP configuration file, property settings in this file reflect the current, built-in defaults for the JDK. JDK 21 also added the system property `java.xml.config.file` for specifying the location of a custom configuration file. For details, refer to JDK-8303530 [9] or the `java.xml` documentation [10]. ### JDK 23: Restrictive JAXP Configuration File Template JDK 23 adds `$JAVA_HOME/conf/jaxp-strict.properties.template`, a JAXP configuration file template that specifies more restrictive XML processing settings. It is recommended to test applications on these more restrictive settings to prepare them for a future JDK release that has them as default. The following steps should be used to test an application with that template: * copy the template file to a location outside of `$JAVA_HOME/conf`, e.g. `/<my_path>/jaxp-strict.properties` * run the application with the system property `java.xml.config.file` set to the file's path, e.g. `java -Djava.xml.config.file=/<my_path>/jaxp-strict.properties myApp` For details, please refer to JDK-8330542 [11]. [8] https://docs.oracle.com/en/java/javase/22/security/java-api-xml-processing-jaxp-security-guide.html#GUID-6E76FE41-A8C5-4F56-AB46-83A89B1E904A [9] https://bugs.openjdk.org/browse/JDK-8303530 [10] https://docs.oracle.com/en/java/javase/21/docs/api/java.xml/module-summary.html#Conf [11] https://bugs.openjdk.org/browse/JDK-8330542 ## JDK 24 Early-Access Builds The JDK 24 early-access builds 12 are available [12], and are provided under the GNU General Public License v2, with the Classpath Exception. The Release Notes are available here [13]. ### Changes in recent JDK 24 builds that may be of interest: - JDK-8335638: Calling VarHandle.{access-mode} methods reflectively throws wrong exception - JDK-8329471: Remove GTK2 - JDK-8333772: Incorrect Kerberos behavior when udp_preference_limit = 0 - JDK-8304929: MethodTypeDesc throws an unchecked exception than ReflectiveOperationException … - JDK-4966250: SSLSessionContext.setSessionTimeout() documentation could be updated - JDK-8337506: Disable "best-fit" mapping on Windows command line - JDK-8336479: Provide Process.waitFor(Duration) - JDK-8336999: Verification for resource area allocated data structures in C2 - JDK-8335480: Only deoptimize threads if needed when closing shared arena - JDK-8335939: Hide element writing across the ClassFile API - JDK-8336489: Track scoped accesses in JVMCI compiled code - JDK-8334492: DiagnosticCommands (jcmd) should accept %p in output filenames and substitute PID - JDK-8334495: Use FFM instead of jdk.internal.misc.Unsafe in java.desktop font implementation - JDK-8333396: Use StringBuilder internally for java.text.Format.* formatting - JDK-8336815: Several methods in java.net.Socket and ServerSocket do not s… Note: A more exhaustive list of changes can be found here [14]. [12] https://jdk.java.net/24/ [13] https://jdk.java.net/24/release-notes [14] https://github.com/openjdk/jdk/compare/jdk-24+7...jdk-24+12 # Project Loom New Early-Access Builds The latest Loom early access builds (Builds 24-loom+3-33 -2024/7/27) are now available [15]. These builds, based on an incomplete version of JDK 24, improve the implementation of Java monitors (synchronized methods) to work better with virtual threads. These builds are intended for developers looking to "kick the tires" and provide feedback or bug reports. Feedback should be reported to the Loom mailing list [16] (subscription required). [15] https://jdk.java.net/loom/ [16] http://mail.openjdk.org/mailman/listinfo/loom-dev # JavaFX Early-Access Builds These are early access builds of the JavaFX 23 and 24 Runtime built from openjdk/jfx [17]. These builds enable JavaFX application developers to build and test their applications with JavaFX 23 and 24 on JDK 23 and 24 respectively. And although these builds are designed to work with JDK 23 EA, they are also known to work with JDK 21 and later versions. The latest early access builds of JavaFX 23 (Builds 27) are available [18], under the GNU General Public License, version 2, with the Classpath Exception. And similarly, the latest early access builds of JavaFX 24 (Builds 4) are available here [19]. [17] https://github.com/openjdk/jfx [18] https://jdk.java.net/javafx23/ [19] https://jdk.java.net/javafx24/ ## Topics of Interest - JDK 23 G1/Parallel/Serial GC changes https://tschatzl.github.io/2024/07/22/jdk23-g1-serial-parallel-gc-changes.html - How to Read a JDK Enhancement Proposal https://inside.java/2024/08/01/newscast-74/ - JFR Event to Detect Invocations of Deprecated Methods https://egahlin.github.io/2024/05/31/deprecated-event.html - JVMLS: Valhalla - Where Are We? https://www.youtube.com/watch?v=IF9l8fYfSnI - JVMLS: An Opinionated Overview on Static Analysis for Java https://inside.java/2024/08/20/jvmls-static-analysis/ - JVMLS: Rethinking Java String Concatenation https://inside.java/2024/08/19/jvmls-string-concatention/ - JVMLS: Project Babylon - Code Reflection https://inside.java/2024/08/14/jvmls-code-reflection/ - JVMLS: A Code Reflection Example - Translating Java to SPIR-V https://inside.java/2024/08/16/jvmls-spir-v/ - JVMLS: Java in 2024 Keynote https://inside.java/2024/08/12/jvmls-keynote/ ~ As always, please ping me if you encounter issues with an early-access build. And see you next month for the Java 23 launch! --David |
29 messages has been excluded from this view by a project administrator.
