-
CSR
-
Resolution: Unresolved
-
P4
-
None
-
behavioral
-
minimal
-
The format of debug logs is always subject to change. Not aware of any tooling that needs java.security.debug to follow a particular pattern.
-
System or security property
-
JDK
Summary
In JDK 23, JDK-8051959 introduced an option to add thread and timestamp data to the debug java.security.debug
system property. This CSR proposes to make changes to emit that data always and remove the +thread
and +timestamp
options which were used to control the logging behavior.
Problem
By default, the thread
and timestamp
data remains off in the java.security.debug
output. To enhance the security debug logs, the thread and timestamp data should always be present. This brings it to a par with another important security debug system property, the TLS debug property: javax.net.debug. Output from TLS javax.net.debug
logs always contains thread and timestamp data.
Solution
Remove the +thread
and +timestamp
support code and print thread and timestamp data by default. This enancement is only proposed for the JDK feature release. Update releases can continue to opt into such data.
Debug output data from use of the java.security.debug
property will now resemble something like the following:
properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: package.definition=sun.misc.,sun.reflect.
properties[0x10|main|Security.java:122|2025-05-01 14:59:42.859 UTC]: Initial security property: krb5.kdc.bad.policy=tryLast
Specification
- The system property javadoc document, recently introduced via JDK-8328914, is updated to remove mention of the
+thread
and+timestamp
options. - Update the
java.security.debug
help output to remove mention of the+thread
and+timestamp
options - A release note will accompany this change.
- Continued use of the
+thread
and+timestamp
options will no longer have impact. The thread and timestamp data is always printed and valid security components used in thejava.security.debug
property will continue to be logged.
- csr of
-
JDK-8350689 Turn on timestamp and thread metadata by default for java.security.debug
-
- Open
-