JDK-8247371 : Release Note: Enable ShowCodeDetailsInExceptionMessages by default
  • Type: Sub-task
  • Component: hotspot
  • Sub-Component: runtime
  • Affected Version: 15
  • Priority: P4
  • Status: Closed
  • Resolution: Delivered
  • Submitted: 2020-06-10
  • Updated: 2021-05-14
  • Resolved: 2020-06-24
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 15
15Resolved
Related Reports
Relates :  
JDK-8244639 - Enable ShowCodeDetailsInExceptionMessages by default
Description
The default of the flag ShowCodeDetailsInExceptionMessages was changed to 'true'.  The helpful NullPointerException messages of [JEP 358](http://openjdk.java.net/jeps/358) are now printed by default.  The messages contain snippets of the code where the NullPointerException was raised.

App deployers should  double check the output of their web applications and similar usage scenarios. 
The NullPointerException message could be included in application error messages or be displayed by other means in the app. This could give remote attackers valuable hints about a potential vulnerable state of the software components being used.

An example message is 'Cannot read field "c" because "a.b" is null'. The attacker knows that field b of a contains null which might be unintended and offer an opportunity for an attack. For more details of what the message can contain see the above mentioned [JEP 358](http://openjdk.java.net/jeps/358).