Summary

In JDK 23, JDK-8051959 introduced an option to add thread and timestamp data to the debug java.security.debug system property. This CSR proposes to make changes to emit that data always and remove the +thread and +timestamp options which were used to control the logging behavior.

Problem

By default, the thread and timestamp data remains off in the java.security.debug output. To enhance the security debug logs, the thread and timestamp data should always be present. This brings it to a par with another important security debug system property, the TLS debug property: javax.net.debug. Output from TLS javax.net.debug logs always contains thread and timestamp data.

Solution

Remove the +thread and +timestamp support code and print thread and timestamp data by default. This enancement is only proposed for the JDK feature release. Update releases can continue to opt into such data.

Debug output data from use of the java.security.debug property will now resemble something like the following:

properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast

Specification

• The system property javadoc document, recently introduced via JDK-8328914, is updated to remove mention of the +thread and +timestamp options.
• Update the java.security.debug help output to remove mention of the +thread and +timestamp options
• A release note will accompany this change.
• Continued use of the +thread and +timestamp options will no longer have impact. The thread and timestamp data is always printed and valid security components used in the java.security.debug property will continue to be logged.