WIP JDK 21

.github/workflows/bin-solr-test.yml

@@ -17,16 +17,16 @@ jobs:
 
     steps:
     # Setup
-    - uses: actions/checkout@v2
-    - name: Set up JDK 11
-      uses: actions/setup-java@v2
+    - uses: actions/checkout@v3
+    - name: Set up JDK 21
+      uses: actions/setup-java@v3
       with:
         distribution: 'temurin'
-        java-version: 11
+        java-version: 21
         java-package: jdk
     - name: Grant execute permission for gradlew
       run: chmod +x gradlew
-    - uses: actions/cache@v2
+    - uses: actions/cache@v3
       with:
         path: |
           ~/.gradle/caches

.github/workflows/docker-test.yml

@@ -23,18 +23,18 @@ jobs:
 
     steps:
     # Setup
-    - uses: actions/checkout@v2
-    - name: Set up JDK 11
-      uses: actions/setup-java@v2
+    - uses: actions/checkout@v3
+    - name: Set up JDK 21
+      uses: actions/setup-java@v3
       with:
         distribution: 'temurin'
-        java-version: 11
+        java-version: 21
         java-package: jdk
     - name: Install ACL
       run: sudo apt-get install acl
     - name: Grant execute permission for gradlew
       run: chmod +x gradlew
-    - uses: actions/cache@v2
+    - uses: actions/cache@v3
       with:
         path: |
           ~/.gradle/caches

.github/workflows/gradle-precommit.yml

@@ -7,25 +7,25 @@ on:
 
 jobs:
   test:
-    name: gradle precommit w/ Java 11
+    name: gradle precommit w/ Java 21
 
     runs-on: ubuntu-latest
 
     steps:
     # Setup
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
 
-    - name: Set up JDK 11
-      uses: actions/setup-java@v2
+    - name: Set up JDK 21
+      uses: actions/setup-java@v3
       with:
         distribution: 'temurin'
-        java-version: 11
+        java-version: 21
         java-package: jdk
 
     - name: Grant execute permission for gradlew
       run: chmod +x gradlew
 
-    - uses: actions/cache@v2
+    - uses: actions/cache@v3
       with:
         path: |
           ~/.gradle/caches

.github/workflows/solrj-test.yml

@@ -16,16 +16,16 @@ jobs:
 
     steps:
     # Setup
-    - uses: actions/checkout@v2
-    - name: Set up JDK 11
-      uses: actions/setup-java@v2
+    - uses: actions/checkout@v3
+    - name: Set up JDK 21
+      uses: actions/setup-java@v3
       with:
         distribution: 'temurin'
-        java-version: 11
+        java-version: 21
         java-package: jdk
     - name: Grant execute permission for gradlew
       run: chmod +x gradlew
-    - uses: actions/cache@v2
+    - uses: actions/cache@v3
       with:
         path: |
           ~/.gradle/caches

build.gradle

@@ -85,7 +85,7 @@ ext {
   buildTime = DateTimeFormatter.ofPattern("HH:mm:ss").format(tstamp)
   buildYear = DateTimeFormatter.ofPattern("yyyy").format(tstamp)
 
-  minJavaVersion = JavaVersion.VERSION_11
+  minJavaVersion = JavaVersion.VERSION_21
 
   // Allow definiting external tool locations using system props.
   externalTool = { name ->
@@ -192,7 +192,6 @@ apply from: file('gradle/hacks/global-exclude-dependencies.gradle')
 apply from: file('gradle/hacks/gradle-archives.gradle')
 
 apply from: file('gradle/hacks/wipe-temp.gradle')
-apply from: file('gradle/hacks/hashmapAssertions.gradle')
 apply from: file('gradle/hacks/turbocharge-jvm-opts.gradle')
 apply from: file('gradle/hacks/dummy-outputs.gradle')
 

buildSrc/build.gradle

@@ -21,7 +21,7 @@ repositories {
 
 ext {
   // Minimum Java version required to compile buildSrc.
-  minJavaVersion = JavaVersion.VERSION_11
+  minJavaVersion = JavaVersion.VERSION_21
 }
 
 // Make sure the build environment is consistent.

buildSrc/scriptDepVersions.gradle

@@ -23,7 +23,7 @@ ext {
   scriptDepVersions = [
       "apache-rat": "0.15",
       "commons-codec": "1.16.0",
-      "ecj": "3.33.0",
+      "ecj": "3.35.0",
       "javacc": "7.0.12",
       "jgit": "6.7.0.202309050840-r",
       "flexmark": "0.64.8",

dev-tools/solr-missing-doclet/build.gradle

@@ -23,8 +23,8 @@ version = "1.0.0-SNAPSHOT"
 group = "org.apache.solr.tools"
 description = 'Doclet-based javadoc validation'
 
-sourceCompatibility = JavaVersion.VERSION_11
-targetCompatibility = JavaVersion.VERSION_11
+sourceCompatibility = JavaVersion.VERSION_21
+targetCompatibility = JavaVersion.VERSION_21
 
 tasks.withType(JavaCompile) {
   options.compilerArgs += ["--release", targetCompatibility.toString()]

gradle/documentation/render-javadoc.gradle

@@ -18,7 +18,7 @@ import org.gradle.internal.jvm.Jvm
  */
 
 // generate javadocs by calling javadoc tool
-// see https://docs.oracle.com/en/java/javase/11/tools/javadoc.html
+// see https://docs.oracle.com/en/java/javase/21/tools/javadoc.html
 
 def resources = scriptResources(buildscript)
 
@@ -80,15 +80,15 @@ allprojects {
 // Set up titles and link up some offline docs for all documentation
 // (they may be unused but this doesn't do any harm).
 
-def javaJavadocPackages = rootProject.file("${resources}/java11/")
+def javaJavadocPackages = rootProject.file("${resources}/java21/")
 def junitJavadocPackages = rootProject.file("${resources}/junit/")
 allprojects {
   project.tasks.withType(RenderJavadocTask) {
     title = "Solr ${project.version} ${project.name} API"
 
     offlineLinks += [
-        "https://docs.oracle.com/en/java/javase/11/docs/api/": project.relativePath(javaJavadocPackages),
-        "https://junit.org/junit4/javadoc/4.12/": project.relativePath(junitJavadocPackages)
+        "https://docs.oracle.com/en/java/javase/21/docs/api/": project.relativePath(javaJavadocPackages),
+        "https://junit.org/junit4/javadoc/4.13/": project.relativePath(junitJavadocPackages)
     ]
 
     solrDocUrl = provider({ rootProject.solrDocUrl })
@@ -370,7 +370,7 @@ class RenderJavadocTask extends DefaultTask {
       opts << [ '-linkoffline', url, dir ]
     }
 
-    opts << [ '--release', 11 ]
+    opts << [ '--release', 21 ]
     opts << '-Xdoclint:all,-missing'
 
     // Increase Javadoc's heap.

solr/core/src/test/org/apache/solr/cloud/PackageManagerCLITest.java

@@ -18,6 +18,7 @@
 package org.apache.solr.cloud;
 
 import java.lang.invoke.MethodHandles;
+import java.nio.file.Path;
 import java.util.Arrays;
 import org.apache.solr.cli.PackageTool;
 import org.apache.solr.cli.SolrCLI;
@@ -30,6 +31,7 @@
 import org.eclipse.jetty.server.handler.DefaultHandler;
 import org.eclipse.jetty.server.handler.HandlerList;
 import org.eclipse.jetty.server.handler.ResourceHandler;
+import org.eclipse.jetty.util.resource.Resource;
 import org.junit.AfterClass;
 import org.junit.BeforeClass;
 import org.junit.Test;
@@ -242,7 +244,10 @@ public void start() throws Exception {
       server.setStopAtShutdown(true);
 
       ResourceHandler resourceHandler = new ResourceHandler();
-      resourceHandler.setResourceBase(resourceDir);
+
+      // Using just setResourceBase(".") means that Jetty calls toRealPath with NO_FOLLOW_LINKS
+      // in PathResource line 226. This invocation bypasses that check by using a URI instead.
+      resourceHandler.setBaseResource(Resource.newResource(Path.of(resourceDir).toRealPath().toUri()));
       resourceHandler.setDirectoriesListed(true);
 
       HandlerList handlers = new HandlerList();

solr/core/src/test/org/apache/solr/handler/component/TestPivotHelperCode.java

@@ -89,7 +89,7 @@ public void testCompareWithNullLast() {
     assertEquals(a.compareTo(b), PivotFacetFieldValueCollection.compareWithNullLast(a, b));
     assertEquals(b.compareTo(a), PivotFacetFieldValueCollection.compareWithNullLast(b, a));
 
-    Long bb = new Long(b.longValue());
+    Long bb = Long.valueOf(b.longValue());
     assertEquals(0, PivotFacetFieldValueCollection.compareWithNullLast(b, bb));
 
     assertEquals(0, PivotFacetFieldValueCollection.compareWithNullLast(null, null));

solr/modules/scripting/src/java/org/apache/solr/scripting/update/ScriptUpdateProcessorFactory.java

@@ -43,6 +43,7 @@
 import org.apache.solr.common.SolrException.ErrorCode;
 import org.apache.solr.common.params.ModifiableSolrParams;
 import org.apache.solr.common.util.NamedList;
+import org.apache.solr.common.util.SuppressForbidden;
 import org.apache.solr.core.SolrCore;
 import org.apache.solr.core.SolrResourceLoader;
 import org.apache.solr.request.LocalSolrQueryRequest;
@@ -144,6 +145,7 @@
  *
  * @since 4.0.0
  */
+@SuppressForbidden(reason = "Using AccessController")
 public class ScriptUpdateProcessorFactory extends UpdateRequestProcessorFactory
     implements SolrCoreAware {
 
@@ -249,6 +251,8 @@ public void inform(SolrCore core) {
    * @param rsp The solr response
    * @return The list of initialized script engines.
    */
+  @SuppressForbidden(reason = "Using AccessController")
+  @SuppressWarnings("removal")
   private List<EngineInfo> initEngines(SolrQueryRequest req, SolrQueryResponse rsp)
       throws SolrException {
 
@@ -428,6 +432,8 @@ public void finish() throws IOException {
      * Result value is computed from the return value of the script function if: it exists, is
      * non-null, and can be cast to a java Boolean.
      */
+    @SuppressForbidden(reason = "Using AccessController")
+    @SuppressWarnings("removal")
     private boolean invokeFunction(String name, Object... cmd) {
       return AccessController.doPrivileged(
           new PrivilegedAction<Boolean>() {
@@ -513,6 +519,7 @@ public Reader openReader(SolrResourceLoader resourceLoader) throws IOException {
   }
 
   // sandbox for script code: zero permissions
+  @SuppressWarnings("removal")
   private static final AccessControlContext SCRIPT_SANDBOX =
       new AccessControlContext(new ProtectionDomain[] {new ProtectionDomain(null, null)});
 }

solr/modules/scripting/src/test/org/apache/solr/scripting/update/ScriptUpdateProcessorFactoryTest.java

@@ -23,6 +23,7 @@
 import org.apache.solr.common.SolrException;
 import org.apache.solr.common.SolrInputDocument;
 import org.apache.solr.common.params.ModifiableSolrParams;
+import org.apache.solr.common.util.SuppressForbidden;
 import org.apache.solr.core.SolrCore;
 import org.apache.solr.update.processor.UpdateProcessorTestBase;
 import org.apache.solr.update.processor.UpdateRequestProcessorChain;
@@ -233,6 +234,8 @@ public void testJavaScriptCompatibility() throws Exception {
     assertEquals("bar", d.getFieldValue("term_s"));
   }
 
+  @SuppressForbidden(reason = "Using AccessController")
+  @SuppressWarnings("removal")
   public void testScriptSandbox() throws Exception {
     assumeTrue("This test only works with security manager", System.getSecurityManager() != null);
     expectThrows(

solr/solrj/src/java/org/apache/solr/client/solrj/beans/DocumentObjectBinder.java

@@ -136,6 +136,7 @@ private List<DocField> getDocFields(Class<?> clazz) {
     return fields;
   }
 
+  @SuppressWarnings({"removal"})
   @SuppressForbidden(reason = "Needs access to possibly private @Field annotated fields/methods")
   private List<DocField> collectInfo(Class<?> clazz) {
     List<DocField> fields = new ArrayList<>();

solr/solrj/src/java/org/apache/solr/common/util/SolrNamedThreadFactory.java

@@ -26,6 +26,8 @@ public class SolrNamedThreadFactory implements ThreadFactory {
   private final AtomicInteger threadNumber = new AtomicInteger(1);
   private final String prefix;
 
+  @SuppressWarnings({"removal"})
+  @SuppressForbidden(reason = "Using SecurityManager")
   public SolrNamedThreadFactory(String namePrefix) {
     SecurityManager s = System.getSecurityManager();
     group = (s != null) ? s.getThreadGroup() : Thread.currentThread().getThreadGroup();

solr/solrj/src/test/org/apache/solr/client/solrj/embedded/JettyWebappTest.java

@@ -19,6 +19,7 @@
 import java.io.File;
 import java.io.InputStream;
 import java.net.URL;
+import java.nio.file.Path;
 import java.util.Locale;
 import java.util.Random;
 import org.apache.http.Header;
@@ -35,6 +36,7 @@
 import org.eclipse.jetty.server.Server;
 import org.eclipse.jetty.server.ServerConnector;
 import org.eclipse.jetty.server.session.DefaultSessionIdManager;
+import org.eclipse.jetty.util.resource.Resource;
 import org.eclipse.jetty.webapp.WebAppContext;
 
 /**
@@ -62,7 +64,9 @@ public void setUp() throws Exception {
     // insecure: only use for tests!!!!
     server.setSessionIdManager(
         new DefaultSessionIdManager(server, new Random(random().nextLong())));
-    new WebAppContext(server, path, "/solr");
+    // Using just WebAppContext with path means that Jetty calls toRealPath with NO_FOLLOW_LINKS
+    // in PathResource line 226. This invocation bypasses that check by using a URI instead.
+    new WebAppContext(server, Resource.newResource(Path.of(path).toRealPath().toUri()), "/solr");
 
     ServerConnector connector = new ServerConnector(server, new HttpConnectionFactory());
     connector.setIdleTimeout(1000 * 60 * 60);

solr/test-framework/src/java/org/apache/solr/embedded/JettySolrRunner.java

@@ -94,6 +94,7 @@
 import org.eclipse.jetty.servlet.ServletHolder;
 import org.eclipse.jetty.servlet.Source;
 import org.eclipse.jetty.util.component.LifeCycle;
+import org.eclipse.jetty.util.resource.Resource;
 import org.eclipse.jetty.util.ssl.SslContextFactory;
 import org.eclipse.jetty.util.thread.QueuedThreadPool;
 import org.eclipse.jetty.util.thread.ReservedThreadExecutor;
@@ -373,7 +374,13 @@ private void init(int port) {
       // Initialize the servlets
       final ServletContextHandler root =
           new ServletContextHandler(server, "/solr", ServletContextHandler.SESSIONS);
-      root.setResourceBase(".");
+      try {
+        // Using just setResourceBase(".") means that Jetty calls toRealPath with NO_FOLLOW_LINKS
+        // in PathResource line 226. This invocation bypasses that check by using a URI instead.
+        root.setBaseResource(Resource.newResource(Path.of(".").toRealPath().toUri()));
+      } catch (IOException e) {
+        throw new RuntimeException("Unable to set Jetty resource base", e);
+      }
 
       server.addEventListener(
           new LifeCycle.Listener() {