Java 17 LTS: Enterprise Features Guide
-
15/12/2021
-
One-minute read
- Pattern Matching & Sealed Classes: JEP 406 (Pattern Matching for switch – preview) and JEP 409 (Sealed Classes) simplify type-safe hierarchies and eliminate boilerplate
instanceof
chains. - Context-Specific Deserialization Filters (JEP 415): Strengthens protections against serialization gadgets in enterprise applications.
- Enhanced Pseudo-Random Number Generators (JEP 356): New interfaces and algorithms (
L64X128MixRandom
, Xoshiro256PlusPlus
) enable reproducible simulations and better stream APIs. - Strong Encapsulation of JDK Internals (JEP 403):
--illegal-access
is removed; only critical internal APIs (e.g., sun.misc.Unsafe
) remain accessible. - Foreign Function & Memory API (JEP 412 – incubator): Early preview of Project Panama for calling native code without JNI.
Upgrade Checklist
- Dependency Audit: Ensure frameworks support Java 17; upgrade build tools (Maven/Gradle plugins) accordingly.
- Illegal Access Cleanup: Replace reflective access to JDK internals with supported APIs or reactive modules.
- Testing: Run unit, integration, and load tests with the new JVM; watch for changes in garbage collectors (G1 default, optional ZGC/Shenandoah).
- Runtime Flags: Review startup scripts—many legacy flags were removed or renamed.
Security Considerations
- Adopt the new strong encapsulation stance; if you must open modules, use scoped
--add-opens
with clear documentation. - Review TLS configurations; obsolete algorithms continue to be deprecated over time.
Resources