In Java 8, it is possible (easy enough) to substitute a custom security manager which can capture system exit calls and allow code to continue executing. Java 21 makes this more difficult. However, this can cause a problem for systems that are being upgraded from Java 8 to Java 21, since processes can sometimes fail without any exceptions or logs. This is usually because libraries that used to substitute a custom security manager no longer do that with Java 21. Tracing the source of the error can be difficult.
Consider this use case:
If "Library 1" starts supporting Java 21, and so does not substitute a custom security manager, it can cause the "Web Application" to terminate without warning.
For example, look at this note from Apache Ant which says a custom security manager will be substituted if running on versions of Java lower than Java 18, but not on Java 18 and above. Other libraries are taking similar approaches.
I have boiled this down to the essentials. Take a look at how this could happen: sualeh/system-exit-21.
Top comments (2)
Thanks à lot for this very technical post. I learned a lot about exit codes
@adriens Please read again. I have modified the article slightly.