This article is an AI-assisted translation of the original French content.

Java 25 was released on September 16th and is now available for download from major distributors (Eclipse Temurin for example) as well as in Docker images for most systems. Here are some tips for migrating.

The migration from Java 21 to Java 25 should not cause major breakage in typical enterprise applications. The removals concern elements that have been deprecated for several versions or are no longer used. The rest of this document covers the main changes and a summary of the more minor ones. Deprecations, however, are not mentioned.

For libs with annotation processors (Lombok, …) Link to heading

Lombok is an annotation processor: the library generates code at compile time based on annotations present in the compiled code. Many other such libraries exist, like Manifold, which allow generating useful code at compile time from simple annotations. Starting from Java 22, the default behavior of Java is no longer to automatically process annotation processors. Thus, it is no longer sufficient to have Lombok in the classpath for the annotation processor to be invoked: the compiler must be explicitly instructed to do so using a command-line option. The recommended approach is to explicitly place the annotation processor libraries in the --processor-path (in addition to the classpath). For a pom.xml file in the case of Lombok, this looks like:

    <dependencies>
        <dependency>
            <groupId>org.projectlombok</groupId>
            <artifactId>lombok</artifactId>
            <optional>true</optional>
        </dependency>
        <!--Other project dependencies-->
    </dependencies>
    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.14.0</version>
                <configuration>
                    <!--Required addition starting from Java 23-->
                    <annotationProcessorPaths>
                        <path>
                            <groupId>org.projectlombok</groupId>
                            <artifactId>lombok</artifactId>
                        </path>
                    </annotationProcessorPaths>
                </configuration>
            </plugin>
            <!-- Other project plugins-->
        </plugins>
        <!--any other build configurations-->
    </build>

NB: pom.xml file reproduced partially with only the relevant parts. In this example, it is assumed that the Lombok version is managed elsewhere in a <dependencyManagement>. The <version> of artifacts placed in <annotationProcessorPaths> must be specified. This can be omitted here because the dependency also appears in <dependencies> and its version is controlled by <dependencyManagement>

The Security Manager will be removed Link to heading

  • the SecurityManager class will be removed: it still exists but calls lead to errors

  • the following must be removed:

    • calls to System#setSecurityManager and System#getSecurityManager
    • uses of the system property java.security.manager
    • Uses of the javax.security.auth.Subject class (for managing authentication information) must no longer rely on the security manager but on the new Java Authentication and Authorization Service (JAAS) API:
      • Replace Subject::doAs with Subject::callAs
      • Replace Subject::getSubject with Subject::current

  • See JEP 486 for the motivations behind the removal and the alternatives

Removed command-line flags Link to heading

These are flags that no longer have a purpose or have no effect but may still appear in some scripts:

  • -XX:[+-]RegisterFinalizersAtInit
  • -XX:+UseEmptySlotsInSupers
  • -Xnoagent
  • -t
  • -tm
  • -Xfuture
  • -checksource
  • -cs
  • -noasyncgc

-profile and -p have been removed from jdeps as those options were deprecated.

The jdk.random module is removed Link to heading

The packages of the jdk.random module have been moved to java.base.

More minor changes Link to heading

Some “more minor” changes are noted because most applications should not be affected. If needed, they are detailed in the video cited in the references (be sure to read the links in the video description):

  • use of final with a record pattern is now forbidden
  • use of include as a property name in security properties files is now forbidden
  • Null check when using reflection in inner class constructors
  • Warning when using sun.misc.Unsafe and restrictions on certain JNI and Foreign Function Memory API operations
  • Removals (already deprecated elements):
  • Fixes for I/O behavior on Windows:
    • paths starting with \\? are now accepted
    • file and directory names ending with spaces are rejected (as in native Windows tools)
    • there is no longer an attempt to delete read-only files
  • No longer using locale definitions drawn from JRE/COMPAT (setting the java.locale.providers property to COMPAT or JRE has no effect: use CLDR (which is what Java does by default with CLDR version 44)

Scanning code for deprecated API elements Link to heading

Reference Link to heading