OpenJDK News: Source Compacting, Module Declarations, and More
There was significant progress in the OpenJDK ecosystem during the week of April 14th, 2025, with eight new JEPs elevated from Draft to Candidate status. Notably, four of these will be finalized after their respective preview rounds, improving the Java programming experience.
JEP 512: Compact Source Files and Instance Main Methods
JEP 512, Compact Source Files and Instance Main Methods, has transitioned to Candidate status. This feature, aimed at simplifying Java for newcomers, allows students to write their first programs without needing to understand complex language features. It builds on previous previews, including JEP 495, Simple Source Files and Instance Main Methods (Fourth Preview). More details on this can be found in the Paving the on-ramp blog post by Brian Goetz.
JEP 511: Module Import Declarations
JEP 511, Module Import Declarations, allows developers to succinctly import all packages exported by a module. This enhancement simplifies the reuse of modular libraries, improving code organization without requiring code to be part of a module.
JEP 510: Key Derivation Function API
JEP 510, Key Derivation Function API, introduces an API for cryptographic algorithms that derive keys from a secret key. This feature enables security providers to implement KDF algorithms in either Java or native code and supports the implementation of JEP 452, Key Encapsulation Mechanism.
JEP 509: JFR CPU-Time Profiling (Experimental)
JEP 509, JFR CPU-Time Profiling (Experimental), enhances the JDK Flight Recorder (JFR) to capture CPU-time profiling information on Linux OS, facilitating performance analysis.
JEP 508: Vector API (Tenth Incubator)
JEP 508, Vector API (Tenth Incubator), continues its incubation phase, focusing on efficient vector computations. The API reliably compiles to optimal vector instructions on supported CPU architectures, achieving better performance than scalar computations.
JEP 507: Primitive Types in Patterns, instanceof, and switch (Third Preview)
JEP 507, Primitive Types in Patterns, instanceof, and switch (Third Preview), enhances pattern matching by allowing primitive type patterns. This feature is essential for developers looking to adopt more advanced Java programming techniques.
JEP 506: Scoped Values
JEP 506, Scoped Values, enables sharing of immutable data across threads, providing an alternative to thread-local variables. This can significantly improve performance in applications using a large number of virtual threads.
JEP 505: Structured Concurrency (Fifth Preview)
JEP 505, Structured Concurrency (Fifth Preview), introduces structured concurrency to treat groups of related tasks as a single unit of work, enhancing reliability and error handling in concurrent programming.
JDK 25 Feature Set and Release Schedule
The JDK 25 release schedule is as follows:
- Rampdown Phase One: June 5, 2025
- Rampdown Phase Two: July 17, 2025
- Initial Release Candidate: August 7, 2025
- Final Release Candidate: August 21, 2025
- General Availability: September 16, 2025
Included features so far:
- JEP 503: Remove the 32-bit x86 Port
- JEP 502: Stable Values (Preview)
OpenJDK Vulnerability Advisory: 2025/04/15
Several vulnerabilities were addressed in OpenJDK, affecting versions 24, 21.0.6, 17.0.14, 11.0.26, and 8u442. Notable fixes include:
- CVE-2025-21587 in the javax.net.ssl component with a CVSSv3.1 score of 7.4.
- CVE-2025-30698 in the 2D client-libs with a CVSSv3.1 score of 5.6.
- CVE-2025-30691 in the compiler component with a CVSSv3.1 score of 4.8.
For further details about the OpenJDK vulnerabilities, developers can refer to the OpenJFX risk matrix.
Passwordless Authentication Integration
As the landscape of authentication evolves, integrating passwordless solutions becomes essential. MojoAuth offers a seamless way to integrate passwordless authentication for both web and mobile applications. With options like passkey, phone OTP, and email OTP, developers can provide a smooth and secure login experience.
Explore how MojoAuth can enhance your applications with passwordless authentication solutions and contact us for more information on implementation.
*** This is a Security Bloggers Network syndicated blog from MojoAuth – Go Passwordless authored by Pradeep Singh. Read the original post at: https://mojoauth.com/blog/openjdk-news-source-compacting-module-declarations-and-more/
