Add Java 25 support#318
Merged
Merged
Conversation
Bump Byte Buddy 1.15.11 -> 1.18.11 (adds JDK 25 / class-file v69 support) and raise the max supported Java version gate from 24 to 25. Also add Java 25 to the unit-test and end-to-end CI matrices. Verified locally on JDK 25: the agent loads, installs instrumentation, and blocks a SQL injection against a Spring Boot app compiled to Java 25 (v69) bytecode.
798fbd9 to
43f5d64
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
added 2 commits
July 8, 2026 12:51
Gradle 8.14 cannot run on JDK 25, which broke the unit-test CI matrix rows
for Java 25. Bump the root Gradle wrapper to 9.6.1, migrate the shadow plugin
from com.github.johnrengelman.shadow 7.1.0 to com.gradleup.shadow 9.5.1
(the former is incompatible with Gradle 9), and move sourceCompatibility/
targetCompatibility into the java{} extension (project-level convention was
removed in Gradle 9).
Verified: full unit suite builds and runs on both JDK 21 and JDK 25 with the
same baseline result (only the known env-specific failures remain).
The e2e matrix rows for Java 25 failed because each sample app's own Gradle 8.14 wrapper cannot run on JDK 25. Bump the sample-app wrappers to Gradle 9.6.1 and, where the language compiler itself needs JDK 25 support: - JavalinPostgres: migrate shadow plugin to com.gradleup.shadow 9.5.1 - SpringMVCPostgresKotlin / JavalinMySQLKotlin: Kotlin -> 2.2.20 - SpringMVCPostgresGroovy: Groovy -> 4.0.28 Exclude SpringBoot2.7Postgres from the Java 25 row: Spring Boot 2.7 (legacy javax stack) does not support JDK 25; its javax coverage stays on 17-24. Verified locally on JDK 25: SpringBootPostgres, SpringBootMySQL and SpringBootHyperSQL block a SQL injection end-to-end. Apps that don't block in the local setup behave identically on JDK 21 (local DB/env, not a Java 25 regression); CI provisions the databases and validates the full matrix.
bitterpanda63
approved these changes
Jul 8, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
1.15.11→1.18.11(JDK 25 / class-file v69 support)> 24→> 25inAgent.java25added to unit-test + e2e CI matricesTesting
Locally on JDK 25: agent loads, installs instrumentation, and blocks a SQL injection against a Spring Boot app compiled to Java 25 (v69) bytecode. No-Zen instance lets it through.
Summary by Aikido
⚡ Enhancements
🔧 Refactors
More info