On Wed, 17 Apr 2024 14:55:05 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> In the compatibility risk description of the CSR: > > > In line with the efforts to check invalid URLs (see > > [JDK-8294241](https://bugs.openjdk.org/browse/JDK-8294241): Deprecate URL > > public constructors), "java.security.properties" file-URL values such as > > "file:///C:\some\path\extra.properties" or "file:///some/path/extra > > .properties" need to be converted into their valid counterparts: > > "file:///C:/some/path/extra.properties" and > > "file:///some/path/extra%20.properties" respectively. > > Is it worth breaking such invalid URLs? I think that it is worth introducing this breaking change now, under a release note. Adjustments may be required to some Java launchers but the fix in itself should be straightforward. Those malformed URLs should have never been allowed and, with the deprecation and possible removal of the constructor that allowed them, it will be something to do at some point anyways. If we continue to support them, we would need to introduce code to handle includes different than `java.security.properties` or accept that the malformed URLs will spread to newly included files —and breaking changes will be worse in the future—. ------------- PR Comment: https://git.openjdk.org/jdk/pull/16483#issuecomment-2066069129
