Quality Outreach Heads-up - JDK 20: Deprecate URL Public ConstructorsDavid Delabassee on February 15, 2023
The OpenJDK Quality Group is promoting the testing of FOSS projects with OpenJDK builds as a way to improve the overall quality of the release. This heads-up is part of a regular communication sent to the projects involved. To learn more about the program, and how-to join, please check here.
JDK 20 - Deprecate URL Public Constructors
java.net.URL class, dating from Java SE 1.0, does not encode or decode any URL components according to the RFC2396 escaping mechanism. It is the responsibility of the caller to encode any fields, which need to be escaped prior to calling URL, and also to decode any escaped fields that are returned from URL. This has led to many usability issues, including some potential vulnerabilities when the calling code did not take this into consideration.
In Java SE 1.4, the
java.net.URI class has been added to mitigate some of the
java.net.URL shortcomings. It also offers methods to create an URL from an URI.
JDK 20 will deprecate all public constructors of
java.net.URL. This will provide a strong warning and discourage developers from using them.
To construct a URL, the
URI::toURL alternative should instead be preferred. To construct a
file: based URL,
Path::toURI should be used prior to
For more details, please check JDK-8294241.