chore: merge kaboomserver/framework

Only use the space required by the latest commit.

script/reset.sh

@@ -8,9 +8,18 @@ pkill -9 schematics.sh
 pkill -9 server.sh
 pkill -9 java
 
-# Sync changes with the github repository
+# Sync changes with the GitHub repository
+cd ~/framework
+git fetch origin --depth 1
+git reset --hard origin/master
+git reflog expire --expire=all --all
+git gc --prune=all
+
 cd ~/server-default
-git pull
+git fetch origin --depth 1
+git reset --hard origin/master
+git reflog expire --expire=all --all
+git gc --prune=all
 
 chmod -R 777 ~/server/
 rm -rf ~/server/*

vendor/generate_jre.sh

@@ -3,7 +3,7 @@
 # This script is used as a reference to generate a stripped-down JRE for the server
 
 rm -rf java/
-curl -L https://download.java.net/java/GA/jdk19/877d6127e982470ba2a7faa31cc93d04/36/GPL/openjdk-19_linux-x64_bin.tar.gz > openjdk.tar.gz
+curl -L https://download.java.net/java/GA/jdk21/fd2272bbf8e04c3dbaee13770090416c/35/GPL/openjdk-21_linux-x64_bin.tar.gz > openjdk.tar.gz
 tar -zxvf openjdk.tar.gz
 rm openjdk.tar.gz
 mv jdk* jdk/

vendor/java/conf/jaxp.properties

@@ -0,0 +1,180 @@
+################################################################################
+#           JAXP Configuration File
+#
+# jaxp.properties (this file) is the default configuration file for JAXP, the API
+# defined in the java.xml module. It is in java.util.Properties format and typically
+# located in the {java.home}/conf directory. It may contain key/value pairs for
+# specifying the implementation classes of JAXP factories and/or properties
+# that have corresponding system properties.
+#
+# A user-specified configuration file can be set up using the system property
+# java.xml.config.file to override any or all of the entries in jaxp.properties.
+# The following statement provides myConfigurationFile as a custom configuration
+# file:
+#     java -Djava.xml.config.file=myConfigurationFile
+################################################################################
+
+# ---- JAXP Default Configuration ----
+#
+# The JAXP default configuration (jaxp.properties) contains entries for the
+# Factory Lookup Mechanism and properties with corresponding system properties.
+# The values are generally set to the default values of the properties.
+#
+#
+# JAXP Lookup Mechanism:
+#
+# The JAXP configuration file ranks 2nd to the System Property in the precedent
+# order of the JAXP Lookup Mechanism. When the System Property is not specified,
+# a JAXP factory reads the configuration file in order to locate an implementation
+# class. If found, the class specified will be used as the factory implementation
+# class.
+#
+# The format of an entry is key=value where the key is the fully qualified name
+# of the factory and value that of the implementation class. The following entry
+# set a DocumentBuilderFactory implementation class:
+#
+# javax.xml.parsers.DocumentBuilderFactory=com.sun.org.apache.xerces.internal.jaxp.DocumentBuilderFactoryImpl
+#
+#
+# Java SE and JDK Implementation Specific Properties:
+#
+# The JAXP configuration file ranks above the default settings in the Property
+# Precedence in that its entries will override the default values of the corresponding
+# properties.
+#
+# All properties that have System Properties defined in Java SE or supported
+# by the JDK Implementation can be placed in the configuration file to override
+# the default property values. The format is:
+#     system-property-name=value
+#
+# For example, the FILES property in CatalogFeatures has an associated system
+# property called javax.xml.catalog.files. An entry for the FILES property in the
+# configuration file would therefore use javax.xml.catalog.files as the key, that
+# is:
+#     javax.xml.catalog.files=strict
+#
+#
+# Extension Functions:
+#
+# This property determines whether XSLT and XPath extension functions are allowed.
+# The value type is boolean and the default value is true (allowing
+# extension functions). The following entry would override the default value and
+# disallow extension functions:
+#
+# jdk.xml.enableExtensionFunctions=false
+#
+#
+# Overriding the default parser:
+#
+# This property allows using a third party implementation to override the default
+# parser provided by the JDK. The value type is boolean and the default value is
+# false, disallowing overriding the default parser. The setting below reflects
+# the default property setting:
+#
+jdk.xml.overrideDefaultParser=false
+#
+#
+# External Access Properties:
+#
+# The External Access Properties are defined in javax.xml.XMLConstants. Their
+# system properties are javax.xml.accessExternalDTD, javax.xml.accessExternalSchema,
+# and javax.xml.accessExternalStylesheet. The values are a list of protocols separated
+# by comma, plus empty string ("") to represent no protocol allowed and the key
+# word "all" for all access. The default is "all", allowing all external resources
+# to be fetched. The followings are example of external access settings:
+#
+# allow local (file) DTDs to be retrieved
+# javax.xml.accessExternalDTD=file
+#
+# allow local (file) and remote (http) external schemas
+# javax.xml.accessExternalSchema=file, http
+#
+# reject any external stylesheets
+# javax.xml.accessExternalStylesheet=""
+#
+# allow all external stylesheets
+# javax.xml.accessExternalStylesheet="all"
+#
+#
+# Catalog Properties:
+#
+# The Catalog API defines four features: FILES, PREFER, DEFER and RESOLVE.
+# Except PREFER, all other properties can be placed in the configuration file
+# using the system properties defined for them.
+#
+# FILES: A semicolon-delimited list of URIs to locate the catalog files. The URIs
+# must be absolute and have a URL protocol handler for the URI scheme. The following
+# is an example of setting up a catalog file:
+#
+# javax.xml.catalog.files = file:///users/auser/catalog/catalog.xml
+#
+# DEFER: Indicates that the alternative catalogs including those specified in
+# delegate entries or nextCatalog are not read until they are needed. The value
+# is a boolean and the default value is true.
+#
+# javax.xml.catalog.defer=true
+#
+# RESOLVE: Determines the action if there is no matching entry found after all of
+# the specified catalogs are exhausted. The values are key words: strict, continue,
+# and ignore. The default is strict. The following setting reflects the default
+# setting.
+#
+# javax.xml.catalog.resolve=strict
+#
+#
+# useCatalog:
+# This property instructs XML processors to use XML Catalogs to resolve entity
+# references. The value is a boolean and the default value is true.
+#
+# javax.xml.useCatalog=true
+#
+#
+# Implementation Specific Properties - Limits
+#
+# Limits have a value type Integer. The values must be positive integers. Zero
+# means no limit.
+#
+# Limits the number of entity expansions. The default value is 64000
+# jdk.xml.entityExpansionLimit=64000
+#
+# Limits the total size of all entities that include general and parameter entities.
+# The size is calculated as an aggregation of all entities. The default value is 5x10^7.
+# jdk.xml.totalEntitySizeLimit=5E7
+#
+# Limits the maximum size of any general entities. The default value is 0.
+# jdk.xml.maxGeneralEntitySizeLimit=0
+#
+# Limits the maximum size of any parameter entities, including the result of
+# nesting multiple parameter entities. The default value is 10^6.
+# jdk.xml.maxParameterEntitySizeLimit=1E6
+#
+# Limits the total number of nodes in all entity references. The default value is 3x10^6.
+# jdk.xml.entityReplacementLimit=3E6
+#
+# Limits the number of attributes an element can have. The default value is 10000.
+# jdk.xml.elementAttributeLimit=10000
+#
+# Limits the number of content model nodes that may be created when building a
+# grammar for a W3C XML Schema that contains maxOccurs attributes with values
+# other than "unbounded". The default value is 5000.
+# jdk.xml.maxOccurLimit=5000
+#
+# Limits the maximum element depth. The default value is 0.
+# jdk.xml.maxElementDepth=0
+#
+# Limits the maximum size of XML names, including element name, attribute name
+# and namespace prefix and URI. The default value is 1000.
+jdk.xml.maxXMLNameLimit=1000
+#
+#
+# XPath Limits
+#
+# Limits the number of groups an XPath expression can contain. The default value is 10.
+jdk.xml.xpathExprGrpLimit=10
+#
+# Limits the number of operators an XPath expression can contain. The default value is 100.
+jdk.xml.xpathExprOpLimit=100
+#
+# Limits the total number of XPath operators in an XSL Stylesheet. The default value is 10000.
+jdk.xml.xpathTotalOpLimit=10000
+

vendor/java/conf/security/java.security

@@ -22,6 +22,12 @@
 # the command line, set the key security.overridePropertiesFile
 # to false in the master security properties file. It is set to true
 # by default.
+#
+# If this properties file fails to load, the JDK implementation will throw
+# an unspecified error when initializing the java.security.Security class.
+# Properties in this file are typically parsed only once. If any of the
+# properties are modified, applications should be restarted to ensure the
+# changes are properly reflected.
 
 # In this file, various security properties are set for use by
 # java.security classes. This is where users can statically register
@@ -340,6 +346,17 @@ ssl.TrustManagerFactory.algorithm=PKIX
 #
 #networkaddress.cache.ttl=-1
 
+#
+# The Java-level namelookup cache stale policy:
+#
+# any positive value: the number of seconds to use the stale names
+# zero: do not use stale names
+# negative values are ignored
+#
+# default value is 0 (NEVER).
+#
+#networkaddress.cache.stale.ttl=0
+
 # The Java-level namelookup cache policy for failed lookups:
 #
 # any negative value: cache forever
@@ -731,8 +748,9 @@ http.auth.digest.disabledAlgorithms = MD5, SHA-1
 # Example:
 #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048, \
 #       rsa_pkcs1_sha1, secp224r1
-jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
-    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL
+jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, DTLSv1.0, RC4, DES, \
+    MD5withRSA, DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
+    ECDH
 
 #
 # Legacy algorithms for Secure Socket Layer/Transport Layer Security (SSL/TLS)
@@ -883,7 +901,8 @@ jdk.tls.legacyAlgorithms=NULL, anon, RC4, DES, 3DES_EDE_CBC
 # Note: This property is currently used by OpenJDK's JSSE implementation. It
 # is not guaranteed to be examined and used by other implementations.
 #
-jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37
+jdk.tls.keyLimits=AES/GCM/NoPadding KeyUpdate 2^37, \
+                  ChaCha20-Poly1305 KeyUpdate 2^37
 
 #
 # Cryptographic Jurisdiction Policy defaults
@@ -925,10 +944,16 @@ crypto.policy=unlimited
 
 #
 # The policy for the XML Signature secure validation mode. Validation of
-# XML Signatures that violate any of these constraints will fail. The
-# mode is enforced by default. The mode can be disabled by setting the
-# property "org.jcp.xml.dsig.secureValidation" to Boolean.FALSE with the
-# javax.xml.crypto.XMLCryptoContext.setProperty() method.
+# XML Signatures that violate any of these constraints will fail.
+# The mode can be enabled or disabled by setting the property
+# "org.jcp.xml.dsig.secureValidation" to Boolean.TRUE or Boolean.FALSE with
+# the javax.xml.crypto.XMLCryptoContext.setProperty() method, or by setting
+# the system property "org.jcp.xml.dsig.secureValidation" to "true" or
+# "false". Any other value for the system property is also treated as "false".
+# If the system property is set, it supersedes the XMLCryptoContext property
+# value.
+#
+# The secure validation mode is enabled by default.
 #
 #   Policy:
 #       Constraint {"," Constraint }
@@ -977,6 +1002,23 @@ jdk.xml.dsig.secureValidationPolicy=\
     noDuplicateIds,\
     noRetrievalMethodLoops
 
+#
+# Support for the here() function
+#
+# This security property determines whether the here() XPath function is
+# supported in XML Signature generation and verification.
+#
+# If this property is set to false, the here() function is not supported.
+# Generating an XML Signature that uses the here() function will throw an
+# XMLSignatureException. Validating an existing XML Signature that uses the
+# here() function will also throw an XMLSignatureException.
+#
+# The default value for this property is true.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be examined and used by other implementations.
+#
+#jdk.xml.dsig.hereFunctionSupported=true
 
 #
 # Deserialization JVM-wide filter factory
@@ -1362,17 +1404,18 @@ jdk.io.permissionsUseCanonicalPath=false
 jdk.tls.alpnCharset=ISO_8859_1
 
 #
-# JNDI Object Factories Filter
+# Global JNDI Object Factories Filter
 #
 # This filter is used by the JNDI runtime to control the set of object factory classes
 # which will be allowed to instantiate objects from object references returned by
 # naming/directory systems. The factory class named by the reference instance will be
 # matched against this filter. The filter property supports pattern-based filter syntax
-# with the same format as jdk.serialFilter.
+# with the same format as jdk.serialFilter. Limit patterns specified in the filter property
+# are unused.
 #
-# Each pattern is matched against the factory class name to allow or disallow it's
-# instantiation. The access to a factory class is allowed unless the filter returns
-# REJECTED.
+# Each class name pattern is matched against the factory class name to allow or disallow its
+# instantiation. The access to a factory class is allowed if the filter returns
+# ALLOWED.
 #
 # Note: This property is currently used by the JDK Reference implementation.
 # It is not guaranteed to be examined and used by other implementations.
@@ -1384,6 +1427,58 @@ jdk.tls.alpnCharset=ISO_8859_1
 # instance to recreate the referenced object.
 #jdk.jndi.object.factoriesFilter=*
 
+#
+# Protocol Specific JNDI/LDAP Object Factories Filter
+#
+# This filter is used by the JNDI/LDAP provider implementation in the JDK to further control the
+# set of object factory classes which will be allowed to instantiate objects from object
+# references bound to LDAP contexts. The factory class named by the reference instance will
+# be matched against this filter. The filter property supports pattern-based filter syntax
+# with the same format as jdk.serialFilter. Limit patterns specified in the filter property
+# are unused.
+#
+# Each class name pattern is matched against the factory class name to allow or disallow its
+# instantiation. The access to a factory class is allowed only when it is not rejected by this filter
+# or by the global filter defined by "jdk.jndi.object.factoriesFilter", and at least one of these
+# two filters returns ALLOWED.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be examined and used by other implementations.
+#
+# If the system property jdk.jndi.ldap.object.factoriesFilter is also specified, it supersedes
+# the security property value defined here. The default value of the property is
+# "java.naming/com.sun.jndi.ldap.**;!*".
+#
+# The default pattern value allows any object factory class defined in the java.naming module
+# to be specified by the reference instance, but rejects any other.
+#jdk.jndi.ldap.object.factoriesFilter=java.naming/com.sun.jndi.ldap.**;!*
+
+#
+# Protocol Specific JNDI/RMI Object Factories Filter
+#
+# This filter is used by the JNDI/RMI provider implementation in the JDK to further control the
+# set of object factory classes which will be allowed to instantiate objects from object
+# references bound to RMI names. The factory class named by the reference instance will
+# be matched against this filter. The filter property supports pattern-based filter syntax
+# with the same format as jdk.serialFilter. Limit patterns specified in the filter property
+# are unused.
+#
+# Each class name pattern is matched against the factory class name to allow or disallow its
+# instantiation. The access to a factory class is allowed only when it is not rejected by this filter
+# or by the global filter defined by "jdk.jndi.object.factoriesFilter", and at least one of these
+# two filters returns ALLOWED.
+#
+# Note: This property is currently used by the JDK Reference implementation.
+# It is not guaranteed to be examined and used by other implementations.
+#
+# If the system property jdk.jndi.rmi.object.factoriesFilter is also specified, it supersedes
+# the security property value defined here. The default value of the property is
+# "jdk.naming.rmi/com.sun.jndi.rmi.**;!*".
+#
+# The default pattern value allows any object factory class defined in the jdk.naming.rmi module
+# to be specified by the reference instance, but rejects any other.
+#jdk.jndi.rmi.object.factoriesFilter=jdk.naming.rmi/com.sun.jndi.rmi.**;!*
+
 #
 # Policy for non-forwardable service ticket in a S4U2proxy request
 #

vendor/java/lib/classlist

@@ -92,6 +92,7 @@ java/lang/Long$LongCache
 java/lang/Math
 java/lang/Module
 java/lang/Module$ArchivedData
+java/lang/Module$EnableNativeAccess
 java/lang/Module$ReflectionData
 java/lang/ModuleLayer
 java/lang/ModuleLayer$Controller
@@ -150,7 +151,7 @@ java/lang/Thread$FieldHolder
 java/lang/Thread$State
 java/lang/Thread$ThreadIdentifiers
 java/lang/Thread$UncaughtExceptionHandler
-java/lang/ThreadDeath
+java/lang/ThreadBuilders$BoundVirtualThread
 java/lang/ThreadGroup
 java/lang/ThreadLocal
 java/lang/ThreadLocal$ThreadLocalMap
@@ -206,7 +207,7 @@ java/lang/invoke/InfoFromMemberName
 java/lang/invoke/InnerClassLambdaMetafactory
 java/lang/invoke/InnerClassLambdaMetafactory$ForwardingMethodGenerator
 java/lang/invoke/InvokerBytecodeGenerator
-java/lang/invoke/InvokerBytecodeGenerator$2
+java/lang/invoke/InvokerBytecodeGenerator$1
 java/lang/invoke/InvokerBytecodeGenerator$ClassData
 java/lang/invoke/Invokers
 java/lang/invoke/Invokers$Holder
@@ -260,9 +261,19 @@ java/lang/invoke/VarHandle$AccessMode
 java/lang/invoke/VarHandle$AccessType
 java/lang/invoke/VarHandleBooleans$FieldInstanceReadOnly
 java/lang/invoke/VarHandleBooleans$FieldInstanceReadWrite
+java/lang/invoke/VarHandleByteArrayAsChars$ArrayHandle
+java/lang/invoke/VarHandleByteArrayAsChars$ByteArrayViewVarHandle
+java/lang/invoke/VarHandleByteArrayAsDoubles$ArrayHandle
+java/lang/invoke/VarHandleByteArrayAsDoubles$ByteArrayViewVarHandle
+java/lang/invoke/VarHandleByteArrayAsFloats$ArrayHandle
+java/lang/invoke/VarHandleByteArrayAsFloats$ByteArrayViewVarHandle
+java/lang/invoke/VarHandleByteArrayAsInts$ArrayHandle
+java/lang/invoke/VarHandleByteArrayAsInts$ByteArrayViewVarHandle
+java/lang/invoke/VarHandleByteArrayAsLongs$ArrayHandle
+java/lang/invoke/VarHandleByteArrayAsLongs$ByteArrayViewVarHandle
+java/lang/invoke/VarHandleByteArrayAsShorts$ArrayHandle
+java/lang/invoke/VarHandleByteArrayAsShorts$ByteArrayViewVarHandle
 java/lang/invoke/VarHandleGuards
-java/lang/invoke/VarHandleInts$FieldInstanceReadOnly
-java/lang/invoke/VarHandleInts$FieldInstanceReadWrite
 java/lang/invoke/VarHandleLongs$FieldInstanceReadOnly
 java/lang/invoke/VarHandleLongs$FieldInstanceReadWrite
 java/lang/invoke/VarHandleReferences$FieldInstanceReadOnly
@@ -304,9 +315,30 @@ java/lang/ref/ReferenceQueue
 java/lang/ref/ReferenceQueue$Null
 java/lang/ref/SoftReference
 java/lang/ref/WeakReference
+java/lang/reflect/AccessFlag
+java/lang/reflect/AccessFlag$1
+java/lang/reflect/AccessFlag$10
+java/lang/reflect/AccessFlag$11
+java/lang/reflect/AccessFlag$12
+java/lang/reflect/AccessFlag$13
+java/lang/reflect/AccessFlag$14
+java/lang/reflect/AccessFlag$15
+java/lang/reflect/AccessFlag$16
+java/lang/reflect/AccessFlag$17
+java/lang/reflect/AccessFlag$18
+java/lang/reflect/AccessFlag$2
+java/lang/reflect/AccessFlag$3
+java/lang/reflect/AccessFlag$4
+java/lang/reflect/AccessFlag$5
+java/lang/reflect/AccessFlag$6
+java/lang/reflect/AccessFlag$7
+java/lang/reflect/AccessFlag$8
+java/lang/reflect/AccessFlag$9
+java/lang/reflect/AccessFlag$Location
 java/lang/reflect/AccessibleObject
 java/lang/reflect/AnnotatedElement
 java/lang/reflect/Array
+java/lang/reflect/ClassFileFormatVersion
 java/lang/reflect/Constructor
 java/lang/reflect/Executable
 java/lang/reflect/Field
@@ -348,6 +380,7 @@ java/nio/Bits
 java/nio/Bits$1
 java/nio/Buffer
 java/nio/Buffer$1
+java/nio/Buffer$2
 java/nio/ByteBuffer
 java/nio/ByteOrder
 java/nio/CharBuffer
@@ -394,7 +427,6 @@ java/security/AccessController
 java/security/AllPermission
 java/security/BasicPermission
 java/security/BasicPermissionCollection
-java/security/CodeSigner
 java/security/CodeSource
 java/security/Guard
 java/security/Permission
@@ -636,6 +668,9 @@ java/util/ResourceBundle$Control$CandidateListCache
 java/util/ResourceBundle$NoFallbackControl
 java/util/ResourceBundle$ResourceBundleProviderHelper
 java/util/ResourceBundle$SingleFormatControl
+java/util/SequencedCollection
+java/util/SequencedMap
+java/util/SequencedSet
 java/util/ServiceLoader
 java/util/ServiceLoader$1
 java/util/ServiceLoader$2
@@ -718,11 +753,12 @@ java/util/concurrent/atomic/AtomicInteger
 java/util/concurrent/atomic/AtomicLong
 java/util/concurrent/atomic/LongAdder
 java/util/concurrent/atomic/Striped64
-java/util/concurrent/atomic/Striped64$1
+java/util/concurrent/atomic/Striped64$Cell
 java/util/concurrent/locks/AbstractOwnableSynchronizer
 java/util/concurrent/locks/AbstractQueuedSynchronizer
 java/util/concurrent/locks/AbstractQueuedSynchronizer$ConditionNode
 java/util/concurrent/locks/AbstractQueuedSynchronizer$ConditionObject
+java/util/concurrent/locks/AbstractQueuedSynchronizer$ExclusiveNode
 java/util/concurrent/locks/AbstractQueuedSynchronizer$Node
 java/util/concurrent/locks/Condition
 java/util/concurrent/locks/Lock
@@ -817,7 +853,6 @@ java/util/stream/Collector$Characteristics
 java/util/stream/Collectors
 java/util/stream/Collectors$CollectorImpl
 java/util/stream/Collectors$Partition
-java/util/stream/Collectors$Partition$1
 java/util/stream/FindOps
 java/util/stream/FindOps$FindOp
 java/util/stream/FindOps$FindSink
@@ -886,11 +921,13 @@ java/util/zip/Inflater
 java/util/zip/Inflater$InflaterZStreamRef
 java/util/zip/InflaterInputStream
 java/util/zip/ZipCoder
+java/util/zip/ZipCoder$Comparison
 java/util/zip/ZipCoder$UTF8ZipCoder
 java/util/zip/ZipConstants
 java/util/zip/ZipEntry
 java/util/zip/ZipFile
 java/util/zip/ZipFile$1
+java/util/zip/ZipFile$2
 java/util/zip/ZipFile$CleanableResource
 java/util/zip/ZipFile$EntrySpliterator
 java/util/zip/ZipFile$InflaterCleanupAction
@@ -913,6 +950,7 @@ jdk/internal/access/JavaNetURLAccess
 jdk/internal/access/JavaNetUriAccess
 jdk/internal/access/JavaNioAccess
 jdk/internal/access/JavaSecurityAccess
+jdk/internal/access/JavaSecurityPropertiesAccess
 jdk/internal/access/JavaUtilConcurrentFJPAccess
 jdk/internal/access/JavaUtilJarAccess
 jdk/internal/access/JavaUtilResourceBundleAccess
@@ -925,7 +963,6 @@ jdk/internal/foreign/abi/VMStorage
 jdk/internal/jimage/BasicImageReader
 jdk/internal/jimage/BasicImageReader$1
 jdk/internal/jimage/ImageHeader
-jdk/internal/jimage/ImageLocation
 jdk/internal/jimage/ImageReader
 jdk/internal/jimage/ImageReader$SharedImageReader
 jdk/internal/jimage/ImageReaderFactory
@@ -984,9 +1021,12 @@ jdk/internal/math/MathUtils
 jdk/internal/misc/Blocker
 jdk/internal/misc/CDS
 jdk/internal/misc/CarrierThread
+jdk/internal/misc/CarrierThreadLocal
 jdk/internal/misc/InnocuousThread
 jdk/internal/misc/InternalLock
+jdk/internal/misc/MainMethodFinder
 jdk/internal/misc/OSEnvironment
+jdk/internal/misc/PreviewFeatures
 jdk/internal/misc/ScopedMemoryAccess
 jdk/internal/misc/Signal
 jdk/internal/misc/Signal$Handler
@@ -1034,7 +1074,6 @@ jdk/internal/org/objectweb/asm/AnnotationVisitor
 jdk/internal/org/objectweb/asm/AnnotationWriter
 jdk/internal/org/objectweb/asm/Attribute
 jdk/internal/org/objectweb/asm/ByteVector
-jdk/internal/org/objectweb/asm/ClassReader
 jdk/internal/org/objectweb/asm/ClassVisitor
 jdk/internal/org/objectweb/asm/ClassWriter
 jdk/internal/org/objectweb/asm/ConstantDynamic
@@ -1085,6 +1124,8 @@ jdk/internal/reflect/ReflectionFactory$GetReflectionFactoryAction
 jdk/internal/reflect/UnsafeFieldAccessorImpl
 jdk/internal/reflect/UnsafeStaticFieldAccessorImpl
 jdk/internal/util/ArraysSupport
+jdk/internal/util/ByteArray
+jdk/internal/util/ClassFileDumper
 jdk/internal/util/Preconditions
 jdk/internal/util/Preconditions$1
 jdk/internal/util/Preconditions$2
@@ -1103,7 +1144,7 @@ jdk/internal/vm/StackableScope
 jdk/internal/vm/ThreadContainer
 jdk/internal/vm/ThreadContainers
 jdk/internal/vm/ThreadContainers$RootContainer
-jdk/internal/vm/ThreadContainers$RootContainer$CountingRootContainer
+jdk/internal/vm/ThreadContainers$RootContainer$TrackingRootContainer
 jdk/internal/vm/vector/VectorSupport
 jdk/internal/vm/vector/VectorSupport$Vector
 jdk/internal/vm/vector/VectorSupport$VectorMask
@@ -1116,10 +1157,10 @@ sun/invoke/util/ValueConversions$WrapperCache
 sun/invoke/util/VerifyAccess
 sun/invoke/util/VerifyType
 sun/invoke/util/Wrapper
-sun/invoke/util/Wrapper$1
 sun/invoke/util/Wrapper$Format
 sun/launcher/LauncherHelper
 sun/net/util/IPAddressUtil
+sun/net/util/IPAddressUtil$MASKS
 sun/net/util/URLUtil
 sun/net/www/ParseUtil
 sun/net/www/protocol/file/Handler
@@ -1165,11 +1206,13 @@ sun/nio/fs/UnixUriUtils
 sun/nio/fs/Util
 sun/reflect/annotation/AnnotationParser
 sun/security/action/GetBooleanAction
+sun/security/action/GetIntegerAction
 sun/security/action/GetPropertyAction
 sun/security/util/Debug
 sun/security/util/FilePermCompat
 sun/security/util/LazyCodeSourcePermissionCollection
 sun/security/util/SecurityProperties
+sun/security/util/SignatureFileVerifier
 sun/text/resources/cldr/FormatData
 sun/util/PreHashedMap
 sun/util/calendar/AbstractCalendar
@@ -1210,7 +1253,6 @@ sun/util/locale/provider/DecimalFormatSymbolsProviderImpl
 sun/util/locale/provider/JRELocaleProviderAdapter
 sun/util/locale/provider/LocaleDataMetaInfo
 sun/util/locale/provider/LocaleProviderAdapter
-sun/util/locale/provider/LocaleProviderAdapter$1
 sun/util/locale/provider/LocaleProviderAdapter$Type
 sun/util/locale/provider/LocaleResources
 sun/util/locale/provider/LocaleResources$ResourceReference
@@ -1341,6 +1383,7 @@ sun/util/spi/CalendarProvider
 @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeStatic L_L
 @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeStatic L_V
 @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeStaticInit LL_L
+@lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeStaticInit L_L
 @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeVirtual L3_V
 @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder invokeVirtual LL_L
 @lambda-form-invoker [LF_RESOLVE] java.lang.invoke.DirectMethodHandle$Holder newInvokeSpecial L3_L
@@ -1409,7 +1452,9 @@ sun/util/spi/CalendarProvider
 @lambda-proxy java/lang/module/ModuleFinder$2 apply ()Ljava/util/function/Function; (Ljava/lang/Object;)Ljava/lang/Object; REF_invokeStatic java/lang/module/ModuleFinder$2 lambda$findAll$2 (Ljava/lang/module/ModuleFinder;)Ljava/util/stream/Stream; (Ljava/lang/module/ModuleFinder;)Ljava/util/stream/Stream;
 @lambda-proxy java/lang/module/ModuleFinder$2 apply ()Ljava/util/function/Function; (Ljava/lang/Object;)Ljava/lang/Object; REF_invokeVirtual java/util/Optional stream ()Ljava/util/stream/Stream; (Ljava/util/Optional;)Ljava/util/stream/Stream;
 @lambda-proxy java/lang/module/ModuleFinder$2 apply (Ljava/lang/String;)Ljava/util/function/Function; (Ljava/lang/Object;)Ljava/lang/Object; REF_invokeStatic java/lang/module/ModuleFinder$2 lambda$find$0 (Ljava/lang/String;Ljava/lang/module/ModuleFinder;)Ljava/util/Optional; (Ljava/lang/module/ModuleFinder;)Ljava/util/Optional;
+@lambda-proxy java/security/Security run ()Ljava/security/PrivilegedAction; ()Ljava/lang/Object; REF_invokeStatic java/security/Security lambda$static$0 ()Ljava/lang/Object; ()Ljava/lang/Object;
 @lambda-proxy java/text/DecimalFormatSymbols test ()Ljava/util/function/IntPredicate; (I)Z REF_invokeStatic java/text/DecimalFormatSymbols lambda$findNonFormatChar$0 (I)Z (I)Z
+@lambda-proxy java/time/ZoneOffset apply ()Ljava/util/function/Function; (Ljava/lang/Object;)Ljava/lang/Object; REF_invokeStatic java/time/ZoneOffset lambda$ofTotalSeconds$0 (Ljava/lang/Integer;)Ljava/time/ZoneOffset; (Ljava/lang/Integer;)Ljava/time/ZoneOffset;
 @lambda-proxy java/time/format/DateTimeFormatter queryFrom ()Ljava/time/temporal/TemporalQuery; (Ljava/time/temporal/TemporalAccessor;)Ljava/lang/Object; REF_invokeStatic java/time/format/DateTimeFormatter lambda$static$0 (Ljava/time/temporal/TemporalAccessor;)Ljava/time/Period; (Ljava/time/temporal/TemporalAccessor;)Ljava/time/Period;
 @lambda-proxy java/time/format/DateTimeFormatter queryFrom ()Ljava/time/temporal/TemporalQuery; (Ljava/time/temporal/TemporalAccessor;)Ljava/lang/Object; REF_invokeStatic java/time/format/DateTimeFormatter lambda$static$1 (Ljava/time/temporal/TemporalAccessor;)Ljava/lang/Boolean; (Ljava/time/temporal/TemporalAccessor;)Ljava/lang/Boolean;
 @lambda-proxy java/time/format/DateTimeFormatterBuilder queryFrom ()Ljava/time/temporal/TemporalQuery; (Ljava/time/temporal/TemporalAccessor;)Ljava/lang/Object; REF_invokeStatic java/time/format/DateTimeFormatterBuilder lambda$static$0 (Ljava/time/temporal/TemporalAccessor;)Ljava/time/ZoneId; (Ljava/time/temporal/TemporalAccessor;)Ljava/time/ZoneId;

vendor/java/lib/security/default.policy

@@ -19,6 +19,7 @@ grant codeBase "jrt:/java.net.http" {
     permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util";
     permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www";
     permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
+    permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.ref";
     permission java.lang.RuntimePermission "modifyThread";
     permission java.net.SocketPermission "*","connect,resolve";
     // required if the HTTPClient is configured to use a local bind address
@@ -49,6 +50,8 @@ grant codeBase "jrt:/java.smartcardio" {
                    "accessClassInPackage.sun.security.jca";
     permission java.lang.RuntimePermission
                    "accessClassInPackage.sun.security.util";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.jdk.internal.util";
     permission java.util.PropertyPermission
                    "javax.smartcardio.TerminalFactory.DefaultType", "read";
     permission java.util.PropertyPermission "os.name", "read";
@@ -93,6 +96,8 @@ grant codeBase "jrt:/java.xml.crypto" {
                    "removeProviderProperty.XMLDSig";
     permission java.security.SecurityPermission
                    "com.sun.org.apache.xml.internal.security.register";
+    permission java.security.SecurityPermission
+                   "getProperty.jdk.xml.dsig.hereFunctionSupported";
     permission java.security.SecurityPermission
                    "getProperty.jdk.xml.dsig.secureValidationPolicy";
     permission java.lang.RuntimePermission
@@ -117,6 +122,8 @@ grant codeBase "jrt:/jdk.charsets" {
                    "accessClassInPackage.jdk.internal.access";
     permission java.lang.RuntimePermission
                    "accessClassInPackage.jdk.internal.misc";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.jdk.internal.util";
     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
 };
 
@@ -133,6 +140,7 @@ grant codeBase "jrt:/jdk.crypto.cryptoki" {
     permission java.lang.RuntimePermission
                    "accessClassInPackage.com.sun.crypto.provider";
     permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
+    permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.access";
     permission java.lang.RuntimePermission
                    "accessClassInPackage.sun.security.*";
     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";

vendor/java/release

@@ -1,2 +1,2 @@
-JAVA_VERSION="19"
+JAVA_VERSION="21"
 MODULES="java.base java.datatransfer java.xml java.prefs java.desktop java.instrument java.logging java.management java.security.sasl java.naming java.net.http java.scripting java.security.jgss java.transaction.xa java.sql jdk.crypto.ec jdk.security.auth jdk.unsupported jdk.zipfs"