JDK 10 Early Access Release Notes

Last Updated: 2018/01/19

The following is a draft of the Release Notes that will be shipped with JDK 10. Until this version releases the contents are subject to change.


Since build 37  Integrations

core-svc/java.lang.management
 Provide a system property to disable JRE last usage tracking

New system property jdk.disableLastUsageTracking is introduced to disable JRE last usage tracking for a running VM. This property can be set in the command line with -Djdk.disableLastUsageTracking=true or -Djdk.disableLastUsageTracking. With this system property set, JRE last usage tracking will be disabled regardless of com.oracle.usagetracker.track.last.usage property value set in usagetracker.properties.

JDK-8192039 (not public)

Since build 36  Integrations

security-libs/java.security
 Open source the root certificates in Oracle's Java SE Root CA program

The OpenJDK 9 binary for Linux x64 contains an empty cacerts keystore. This prevents TLS connections from being established because there are no Trusted Root Certificate Authorities installed. As a workaround for OpenJDK 9 binaries, users had to set the javax.net.ssl.trustStore System Property to use a different keystore.

"JEP 319: Root Certificates" [1] addresses this problem by populating the cacerts keystore with a set of root certificates issued by the CAs of Oracle's Java SE Root CA Program. As a prerequisite, each CA must sign the Oracle Contributor Agreement (OCA) http://www.oracle.com/technetwork/community/oca-486395.html, or an equivalent agreement, to grant Oracle the right to open-source their certificates.

[1] https://bugs.openjdk.java.net/browse/JDK-8191486

See JDK-8189131
core-svc/javax.management
 Replace plaintext passwords by hashed passwords for out-of-the-box JMX Agent

The clear passwords present in jmxremote.password file will now be over-written by their SHA3-512 hash by the JMX agent. Each line for the role will follow the below format

role_name W hashedPassword

role_name is any string that does not itself contain spaces or tabs.
W = spaces or tabs

The hashed password will follow the format below.

hashedPassword = base64_encoded_64_byte_salt W base64_encoded_hash W hash_algorithm
where,
  base64_encoded_64_byte_salt = 64 byte random salt
  base64_encoded_hash = Hash_algorithm(password + salt)
  W = spaces or tabs
  hash_algorithm = Algorithm string specified using the format below
      https://docs.oracle.com/javase/9/docs/specs/security/standard-names.htmlmessagedigest-algorithms
      This is an optional field. If not specified, SHA3-512 will be assumed.

If passwords are in clear, they will be overwritten by their hash if all of
the below criteria are met.
        1. com.sun.management.jmxremote.password.toHashes property is set to true in management.properties file
        2. the password file is writable
        3. the system security policy allows writing into the password file, if a security manager is configured

In order to change the password for a role, replace the hashed password entry with a new clear text password or a new hashed password. If the new password is in clear, it will be replaced with its hash when a new login attempt is made.

A given role should have at most one entry in this file. If a role has no entry, it has no access. If multiple entries are found for the same role name, then the last one is used.

A user generated hashed password file can also be used instead of clear-text password file. If generated by the user, hashed passwords must follow the format specified above.

This file must be made accessible by ONLY the owner, otherwise the program will exit with an error.

In order to prevent inadverent edits to the password file in the production environment, it is recommended to deploy a read-only hashed password file. The hashed entries for clear passwords can be generated in advance by running the JMX agent.

It is recommended not to edit the password file while the agent is running, as edits could be lost if a client connection triggers the hashing of the password file at the same time that the file is externally modified. The integrity of the file is guaranteed, but any external edits made to the file during the short period between the time that the agent reads the file and the time that it writes it back might get lost

See JDK-5016517

Since build 35  Integrations

tools/javadoc(tool)
 HTML files in doc-files subdirectories are wrapped with standard javadoc decorations

The standard doclet will copy HTML files in doc-files subdirectories for packages being documented to the document output directory. The content of such files will be wrapped with the standard header, footer and navigation bars. In addition, any appropriate comment tags within such files will now be processed.

See JDK-8185985
security-libs/java.security
 Remove deprecated pre-1.2 SecurityManager methods and fields

The following pre-1.2 deprecated java.lang.SecurityManager methods and fields that have been marked with forRemoval=true have now been removed: the inCheck field, and the getInCheck, classDepth, classLoaderDepth, currentClassLoader, currentLoadedClass, inClass, and inClassLoader methods. Also, the deprecated checkMemberAccess method has been changed to throw a SecurityException if the caller has not been granted AllPermission as this method is error-prone and users should instead invoke the checkPermission method directly.

See JDK-8186535

Since build 34  Integrations

core-svc/javax.management
 MBeanOperationInfo accepts any int value as "impact"

A new validation for impact parameter of javax.management.MBeanOperationInfo.MBeanOperationInfo constructor has been introduced. MBeanOperationInfo now throws a new IllegalArgumentException if impact provided is not among INFO, ACTION, ACTION_INFO, UNKNOWN

See JDK-8024352

Since build 33  Integrations

tools/javac
 improved bytecode generation for enhanced for-loop

This enhancement improves the translation approach for an enhanced-for. For example given:

List<String> data = new ArrayList<>();
for (String b : data);

This is the code generated after this enhancement:

{
    /*synthetic*/ Iterator i$ = data.iterator();
    for (; i$.hasNext(); ) {
        String b = (String)i$.next();
    }
    b = null;
    i$ = null;
}

declaring the iterator variable outside of the for loop allows to assign null to it as soon as it is not used anymore, thus making it accessible to the GC which can get rid of the unused memory. Something similar is done for the case when the expression in the enhanced for loop is an array.

See JDK-8175883
tools/javadoc(tool)
 javadoc treats failure to access a URL as an error, not a warning.

If javadoc cannot access the contents of a URL provided with the -link or -linkoffline options, the tool will now report an error. Previously, the tool continued with a warning, producing incorrect documentation output.

See JDK-8180019

Since build 32  Integrations

security-libs/java.security
 The java.security.acl APIs are deprecated, for removal

The deprecated java.security.acl APIs are now marked with forRemoval=true and are subject to removal in a future version of Java SE.

See JDK-8175094
security-libs/java.security
 The java.security.{Certificate,Identity,IdentityScope,Signer} APIs are deprecated, for removal

The deprecated java.security.{Certificate, Identity, IdentityScope, Signer} classes are now marked with forRemoval=true and are subject to removal in a future version of Java SE.

See JDK-8175091
tools/javadoc(tool)
 javadoc support for multiple stylesheets

The javadoc tool has a new javadoc command-line option --add-stylesheet, to support the use of multiple stylesheets in the generated documentation. The existing -stylesheetfile option now has an alias, --main-stylesheet, to help distinguish the main stylesheet from any additional stylesheets. For more details, see the Tools Reference for javadoc.

See JDK-8185371

Since build 31  Integrations

 On macOS the java.awt.TrayIcon.displayMessage() was reimplemented to use standart notification center

On macOS in jdk10 the java.awt.TrayIcon.displayMessage() method will use NSUserNotification api to show the messages to the user. The new messages will be shown using standart notification center instead of a custom window.

See JDK-8187639

Since build 30  Integrations

security-libs/javax.security
 Mark deprecated javax.security.auth.Policy API with forRemoval=true

The javax.security.auth.Policy class has been deprecated since JDK 1.4 and superseded/replaced by java.security.Policy. It is now marked with forRemoval=true and will be removed in a future release.

See JDK-8159535

Since build 29  Integrations

tools/javadoc(tool)
 Overriding methods that do not change the specification

Many classes override inherited methods without changing the specification. The javadoc tool has a new option --overridden-methods=value, which can be used to group these methods with the other inherited methods, instead of documenting them in detail with the other methods declared in the class. For more details, see the Tool Reference Guide for the javadoc tool.

See JDK-8157000
client-libs/java.awt
 Automatic showing of the touch keyboard for Swing/AWT text components

This release adds support for automatic showing of the touch keyboard for Swing/AWT text components on Microsoft Windows 8 or later. The touch keyboard can be shown, when the user taps the text component area using a touch screen or clicks in this area using a mouse, when no keyboard is attached to a computer. The system property "awt.touchKeyboardAutoShowIsEnabled" controls whether this functionality is enabled in the JDK, and it is enabled by default. If this functionality is not needed, the user can switch it off by setting this system property to "false" on the command line with "-Dawt.touchKeyboardAutoShowIsEnabled=false".

See JDK-8166772

Since build 28  Integrations

tools/jshell
 Speeding up JShell startup

The time needed to start JShell has been significantly reduced, especially in cases where a start file with many snippets is used.

See JDK-8186694

Since build 25  Integrations

security-libs/java.security
 Remove policytool

The policytool security tool has been removed from the JDK.

See JDK-8148371
tools/javac
 New Class AST node with enclosing instance fixed

For code like:

<enclosing>.new <Class>(...) { ... }

The getEnclosingExpression() method of the NewClassTree AST node was returning null in some cases. This has been fixed, and getEnclosingExpression() now returns the enclosing expression.

See JDK-8044853

Since build 23  Integrations

deploy/plugin
 Removal of common DOM APIs

The com.sun.java.browser.plugin2.DOM, and sun.plugin.dom.DOMObject APIs have been removed. Applications can use netscape.javascript.JSObject to manipulate the DOM.

JDK-8133601 (not public)
client-libs
 No longer possible to use old/unsupported LookAndFeels.

Some applications have been used the old names to instantiate JDK internal Swing L&Fs, i.e L&Fs such as Nimbus and Aqua: javax.swing.UIManager.setLookAndFeel("com.sun.java.swing.plaf.nimbus.NimbusLookAndFeel"); javax.swing.UIManager.setLookAndFeel("apple.laf.AquaLookAndFeel");

These classes are internal to the JDK and applications should have always treated them as such.

Applications which need to use these L&Fs must migrate to this API: For Nimbus L&F: UIManager.setLookAndFeel("javax.swing.plaf.nimbus.NimbusLookAndFeel"); For Aqua L&F: UIManager.setLookAndFeel(UIManager.getSystemLookAndFeelClassName());

See JDK-8185683
hotspot/runtime
 Flat Profiler has been removed

The FlatProfiler, enabled by setting "-Xprof" VM argument, has been deprecated since JDK 9, and in JDK 10 we are obsoleting it, by removing the implementation code. The "-Xprof" flag remains recognized, in this release, but setting it will print out a warning message.

See JDK-8173715

Since build 21  Integrations

hotspot/runtime
 Obsolete -X options have been removed

The obsolete HotSpot VM options (-Xoss, -Xsqnopause, -Xoptimize, -Xboundthreads and -Xusealtsigs) have been removed in this release.

See JDK-8179018
security-libs/javax.security
 Remove deprecated classes in com.sun.security.auth.**

The following deprecated classes that were marked for removal in JDK 9 have been removed:

See JDK-8159544

Since build 20  Integrations

tools/javadoc(tool)
 Provide a new comment tag to specify the summary of an API description.

By default, the summary of an API description is inferred from the first sentence, which is determined by using either a simple algorithm or java.text.BreakIterator. But, the heuristics are not always correct, and can lead to incorrect determination of the end of the first sentence. A new inline tag {@summary ...} is now available, to explicitly specify the text to be used as the summary of the API description. Please refer to Documentation Comment Specification for the Standard Doclet.

See JDK-8173425
core-libs/java.rmi
 The RMI Registry filter is relaxed to allow binding arrays of any type

The RMI Registry built-in serial filter is modified to check only the array size and not the component type. The maximum array size is increased to 1,000,000. The override filter can be used to decrease the limit. Array sizes greater than the maxarray limit will be rejected and otherwise will be allowed. The java.security file contains more information about the sun.rmi.registry.registryFilter property and it will be updated in the conf/security/java.security configuration file to better describe the default behavior and how to override it.

See JDK-8185346

Since build 16  Integrations

xml
 XMLInputFactory.newFactory incorrectly deprecated

A '@Deprecated' annotation was incorrectly added to the 'newFactory()' method in 'javax.xml.stream.XMLInputFactory' in Java SE 9. The method should not have been deprecated. This issue has been fixed and the '@Deprecated' annotation removed. Applications using the 'newInstance()' method are not affected.

See JDK-8183519

Since build 14  Integrations

tools/javadoc(tool)
 The old (JDK 6 era) standard doclet is removed

The old (JDK 6, JDK 7 and JDK 8 era) standard doclet, which outputs HTML content, and which has been superseded by a replacement, has been removed in this release. The underlying javadoc API (see com.sun.javadoc in the API documentation) has been deprecated, but is still available for the time being, for use by user-provided doclets.

See JDK-8177511

Since build 10  Integrations

tools/launcher
 Java launcher's data model options -d32 and -d64 are removed

The java launchers data model selection options namely (-d32, -d64, -J-d32 and -J-d64) are obsolete and were deprecated previously, these options are now removed. To prevent the launcher from failing, users must remove usages of these options when invoking the java launcher or a tool such as javac, javah etc.

See JDK-8180286

Since build 3  Integrations

tools/javac
 improve the error message issued when java.lang.IllegalAccessError is produced if two class loaders are in use

This enhancement improve the error message produced by javac if a java.lang.IllegalAccessError is thrown because external tools load javac classes with multiple class loaders.

See JDK-8167638

Delivered

tools/javah
 Removed the Native-Header Tool, javah

As previously announced, the native-header tool, javah, has been removed.

Native headers can now be generated by using the Java compiler, javac, with the -h option.

See JDK-8182758