Many thanks Rick, glad to hear all is well again! Reds,Rory
Get Outlook for iOS<https://aka.ms/o0ukef> ________________________________ From: Rick Hillegas <rick.hille...@gmail.com> Sent: Friday, June 18, 2021 7:19:09 PM To: Rory Odonnell <rory.odonn...@oracle.com>; derby-dev@db.apache.org <derby-dev@db.apache.org>; d...@tomcat.apache.org <d...@tomcat.apache.org> Cc: Dalibor Topic <dalibor.to...@oracle.com>; Balchandra Vaidya <balchandra.vai...@oracle.com>; Deepak Damodaran <deepak.n.damoda...@oracle.com> Subject: Re: [External] : Re: JDK 17 is now in Rampdown Phase One Hi Rory, Derby builds and tests cleanly against Open JDK 17-ea+26-2439 after suppressing the deprecation warnings introduced by JEP 411. Our experience is documented in a security-...@openjdk.java.net email thread titled "blizzard of deprecation warnings related to JEP 411" and in comments dated between 2021-06-15 and 2021-06-18 on https://urldefense.com/v3/__https://issues.apache.org/jira/browse/DERBY-7110__;!!GqivPVa7Brio!McghnfCCxtVZFIPEzbD7Uxb10QRjioV2hX5tYh3mbMhBIjtXLOkYmBVY53aFPl8BDjs$ . On 6/14/21 11:20 AM, Rory O'Donnell wrote: > Hi Rick, > > Excellent feedback , I suggest you send this information to the > security-dev [1] mailing list to demonstrate the impact > it is having on you and others. Make sure to subscribe first. > > Rgds,Rory > > [1] security-...@openjdk.java.net <mailto:security-...@openjdk.java.net> > > On 14/06/2021 16:43, Rick Hillegas wrote: >> Hi Rory, >> >> Copying the Tomcat developer community since this issue probably >> affects them as well. >> >> When I tried to build Derby with the Rampdown Phase One build of open >> JDK 17 (17-ea+26-2439), I saw many warnings related to the >> deprecation of Security Manager classes and methods, undoubtedly the >> consequence of JEP 411 (https://openjdk.java.net/jeps/411). Derby, >> like Tomcat, embraced the Security Manager early on. Permissions >> checks were rototilled across the whole code base. Our distributions >> ship with several template policy files, which we encourage users to >> customize for their environments. The "Configuring Java Security" >> section of our Security Guide explains how to do this >> (https://urldefense.com/v3/__https://db.apache.org/derby/docs/10.15/security/index.html__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBh9kcdocM$ >> ). >> >> My build only reported the first 100 warnings. It is likely that >> there are many more. >> >> Having read the summary of JEP 411, I understand the motivation for >> this change. However, I don't understand how applications like Tomcat >> and Derby are supposed to respond to the new blizzard of deprecation >> warnings. For instance, is there a replacement for the deprecated >> AccessController.doPrivileged() method? Or are we supposed to simply >> disable this deprecation check? Is there some security expert whom we >> should contact about this change and how to mitigate its effects? >> >> Thanks, >> -Rick >> >> >> On 6/14/21 2:18 AM, Rory O'Donnell wrote: >>> >>> Hi Rick, >>> * >>> Per the JDK 17 schedule , we are in Rampdown Phase One [1].* >>> >>> **Please advise if you find any issues while testing the latest >>> Early Access builds**.** >>> >>> * Schedule: >>> o *2021/06/10 Rampdown Phase One* >>> o 2021/07/15 Rampdown Phase Two >>> o 2021/08/05 Initial Release Candidate >>> o 2021/08/19 Final Release Candidate >>> o 2021/09/14 General Availability >>> >>> The overall feature set is frozen. No further JEPs will be targeted >>> to this release. >>> >>> ** >>> >>> * Important JEPs have been integrated – Attention Required! >>> * *JEP 411: **Deprecate the Security Manager for >>> Removal*<https://openjdk.java.net/jeps/411> >>> o Deprecate, for removal, most Security Manager related classes >>> and methods. >>> o Warning message at startup if the Security Manager is enabled on >>> the command line. >>> o Warning message at run time if a Java application or library >>> installs a Security Manager dynamically. >>> o Deprecation is in concert with the legacy Applet API (JEP 398). >>> * *JEP 407: **Remove RMI >>> Activation*<https://openjdk.java.net/jeps/407> >>> o Removal the Remote Method Invocation (RMI) Activation mechanism, >>> while preserving the rest of RMI. >>> o It was deprecated for removal by JEP >>> 385<https://openjdk.java.net/jeps/385>in Java SE 15. >>> * *JEP 403: **Strongly Encapsulate JDK >>> Internals*<https://openjdk.java.net/jeps/403> >>> o Strongly encapsulate all internal elements of the JDK, except >>> for critical internal APIs such as /sun.misc.Unsafe/. >>> o It will no longer be possible to relax the strong encapsulation >>> of internal elements via a single command-line option. >>> >>> * Other features integrated in JDK 17: >>> o *JEP 306: **Restore Always-Strict Floating-Point >>> Semantics*<https://openjdk.java.net/jeps/306> >>> o JEP 356: Enhanced Pseudo-Random Number >>> Generators<https://openjdk.java.net/jeps/356> >>> o JEP 382: New macOS Rendering >>> Pipeline<https://openjdk.java.net/jeps/382> >>> o JEP 391: macOS/AArch64 Port<https://openjdk.java.net/jeps/391> >>> o JEP 398: Deprecate the Applet API for >>> Removal<https://openjdk.java.net/jeps/398> >>> o *JEP 406: **Pattern Matching for switch >>> (Preview)*<https://openjdk.java.net/jeps/406> >>> o JEP 409: Sealed Classes<https://openjdk.java.net/jeps/409> >>> o JEP 410: Remove the Experimental AOT and JIT >>> Compiler<https://openjdk.java.net/jeps/410> >>> o JEP 412: Foreign Function & Memory API >>> (Incubator)<https://openjdk.java.net/jeps/412> >>> o *JEP 414: **Vector API (Second >>> Incubator)*<https://openjdk.java.net/jeps/414> >>> o *JEP 415: **Context-Specific Deserialization >>> Filters*<https://openjdk.java.net/jeps/415> >>> >>> *OpenJDK 17 Early Access build 26 is available at >>> **https://urldefense.com/v3/__https://jdk.java.net/17*__;Kg!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBhLKySzR0$ >>> <https://urldefense.com/v3/__https://jdk.java.net/17__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBhY2EWmz8$ >>> > >>> >>> * These early-access , open-source builds are provided under the >>> o GNU General Public License, version 2, with the Classpath >>> Exception<https://openjdk.java.net/legal/gplv2+ce.html> >>> >>> * Release Notes are available at >>> https://urldefense.com/v3/__https://jdk.java.net/17/release-notes__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBhyLFhj5g$ >>> <https://urldefense.com/v3/__https://jdk.java.net/17/release-notes__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBhyLFhj5g$ >>> > >>> >>> * Changes in recent builds that maybe of interest: >>> * *Build 26:* >>> o JDK-8268241: deprecate JVM TI Heap functions 1.0 >>> o JDK-8266846: Add java.time.InstantSource >>> o JDK-8248268: Support KWP in addition to KW >>> o JDK-8204686: Dynamic parallel reference processing support for >>> Parallel GC >>> o JDK-8259530: Generated docs contain MIT/GPL-licenced works >>> without reproducing the licence [*Reported by Apache Maven*] >>> o JDK-8266766: Arrays of types that cannot be an annotation member >>> do not yield exceptions [*Reported by ByteBuddy*] >>> o JDK-8266598: Exception values for >>> AnnotationTypeMismatchException are not always informative >>> [*Reported by ByteBuddy*] >>> * *Build 25* >>> o JDK-8266653: Change update mode for JDK rpm/deb installers as it >>> breaks "yum update" for JDK11+ >>> o JDK-8263202: Update Hebrew/Indonesian/Yiddish ISO 639 language >>> codes to current >>> o JDK-8229517: Support for optional asynchronous/buffered logging >>> o JDK-8182043: Access to Windows Large Icons >>> >>> >>> *OpenJDK 18 Early Access build 1 is now available at >>> **https://urldefense.com/v3/__https://jdk.java.net/18*__;Kg!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBhzhYMGcc$ >>> <https://urldefense.com/v3/__https://jdk.java.net/18__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBhWHowDJ4$ >>> > >>> >>> * These early-access , open-source builds are provided under the >>> o GNU General Public License, version 2, with the Classpath >>> Exception <https://openjdk.java.net/legal/gplv2+ce.html> >>> * Issues addressed in this build - here >>> <https://urldefense.com/v3/__https://github.com/openjdk/jdk/compare/jdk-18*2B0...jdk-18*2B1__;JSU!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBhH5huF_4$ >>> > >>> >>> *Other Topics which might be of Interest: * >>> >>> ** >>> >>> * Java Cryptographic Roadmap [2] has been updated. >>> * Inside Java Newscast #6 [3] >>> o a closer look at the list of JEPs of JDK 17 as well as the >>> development process >>> * Inside Java Newscast #7 [4] >>> o discusses in greater detail `pattern matching for switch`, >>> previewed in JDK 17 >>> >>> Rgds,Rory >>> >>> [1] >>> https://mail.openjdk.java.net/pipermail/jdk-dev/2021-June/005690.html >>> <https://mail.openjdk.java.net/pipermail/jdk-dev/2021-June/005690.html><https://mail.openjdk.java.net/pipermail/jdk-dev/2021-June/005690.html><https://mail.openjdk.java.net/pipermail/jdk-dev/2021-June/005690.html> >>> >>> [2] >>> https://urldefense.com/v3/__https://java.com/en/jre-jdk-cryptoroadmap.html__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBhXr9f42k$ >>> <https://urldefense.com/v3/__https://java.com/en/jre-jdk-cryptoroadmap.html__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBhXr9f42k$ >>> > >>> [3] >>> https://urldefense.com/v3/__https://inside.java/2021/06/10/insidejava-newscast-006/__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBh1WZe32A$ >>> <https://urldefense.com/v3/__https://inside.java/2021/06/10/insidejava-newscast-006/__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBh1WZe32A$ >>> > >>> [4] >>> https://urldefense.com/v3/__https://inside.java/2021/06/13/podcast-017/__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBh15gIS5s$ >>> <https://urldefense.com/v3/__https://inside.java/2021/06/13/podcast-017/__;!!GqivPVa7Brio!Ir7H5RCIuIIcRhganretmYcvHoP432X-jV4dVUNlqO1EmvYkTvkdZvEBdtBh15gIS5s$ >>> > >>> >> >
