jamesfredley opened a new pull request, #15417: URL: https://github.com/apache/grails-core/pull/15417
## Summary - Add version-conditional JVM arguments in `GrailsGradlePlugin` to suppress warnings on Java 23+ and 24+ - Override `commons-lang3` from 3.17.0 (Spring Boot managed) to 3.20.0 in the Grails BOM - Include Gradle TestKit functional tests for the JVM arg configuration ## Changes ### 1. Java compatibility JVM args in `GrailsGradlePlugin` (#15216, #15343) Adds `configureJavaCompatibilityArgs(Project)` which conditionally applies JVM flags to all `Test` and `JavaExec` tasks based on the target Java version (toolchain-aware, falls back to current JVM): | Flag | Java Version | Why | |------|-------------|-----| | `--sun-misc-unsafe-memory-access=allow` | 23+ | JEP 471/498 - Netty 4.1.x uses `sun.misc.Unsafe.allocateMemory` for off-heap buffers. Terminal deprecation warnings appear on 23+. Suppresses until Netty migrates to `MemorySegment` (Netty 4.2+). | | `--enable-native-access=ALL-UNNAMED` | 24+ | JEP 472 - hawtjni (JLine 2.x) and Netty call `System.loadLibrary`/native methods. Warning-only now, becomes mandatory deny in a future JDK. | Flags are **not added** on Java 17-22, avoiding `Unrecognized option` errors. **Note on #15343**: The original issue suggested `--add-opens=java.base/sun.misc=ALL-UNNAMED`, but that flag addresses module visibility, not the `sun.misc.Unsafe` memory-access deprecation. The correct flag is `--sun-misc-unsafe-memory-access=allow`. ### 2. commons-lang3 BOM override to 3.20.0 Spring Boot 3.5.x manages commons-lang3 at 3.17.0, which has two issues: - **LANG-1786**: `FastDatePrinter` timezone formatting regression causing incorrect timezone display - **CVE-2025-48924**: `StackOverflowError` in `ClassUtils.getClass` with crafted input (fixed in 3.18.0+) #### Non-breaking changes analysis (3.17.0 -> 3.20.0) All versions in this range require **Java 8+** (unchanged baseline). There are **no breaking changes**: | Category | Details | |----------|---------| | **Removed methods** | None | | **Changed signatures** | None | | **Changed behavior** | `LocaleUtils.toLocale()` now accepts 2-letter country codes it previously rejected (more lenient, not breaking) | | **New deprecations** | Several methods deprecated in favor of newer alternatives - existing calls continue to work | | **New methods** | Additions to `StringUtils`, `ArrayUtils`, `ClassUtils`, etc. - purely additive | | **Bug fixes** | LANG-1786 (timezone), LANG-1770 (NumberUtils), LANG-1754 (DurationUtils), among others | | **Security fixes** | CVE-2025-48924 (ClassUtils StackOverflow) | ### 3. Tests New `GrailsGradlePluginJavaCompatSpec` with 4 Gradle TestKit functional tests: | Test | Toolchain | Verifies | |------|-----------|----------| | No toolchain (JDK 17) | None | No compat args added | | Toolchain = current JDK | 17 | No compat args added | | Toolchain = 23 | 23 | Only `--sun-misc-unsafe-memory-access=allow` | | Toolchain = 24 | 24 | Both flags on both `Test` and `JavaExec` tasks | ## Files Changed - `grails-gradle/plugins/.../GrailsGradlePlugin.groovy` - Added `configureJavaCompatibilityArgs()`, `resolveTargetJavaVersion()`, new imports - `dependencies.gradle` - Added `commons-lang3.version: 3.20.0` and `commons-lang3` BOM entry - `grails-gradle/plugins/.../GrailsGradlePluginJavaCompatSpec.groovy` - New test spec - `grails-gradle/plugins/.../test-projects/java-compat-*` - 4 new test fixture projects ## Related Issues - Closes #15216 - Closes #15343 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
