Eliya is an OpenJDK 25 LTS distribution for regulated / compliance-conscious production. One argument behind it is that some production and compliance policy can only be implemented inside the JVM, not by a wrapper around it. Example: PCI DSS 3.5.1 requires a PAN to be unreadable at rest, but a heap dump writes live card numbers to disk in cleartext. Disable dumps and you lose the forensics. Redacting the dump as the stream is written, inside HotSpot, is the only solution that doesn't trade one risk for another, and you can't compose it from existing flags.
The usecase above is one class of issues where it requires acting before exposure. i.e. JVM’s internal diagnostic writers emit cleartext as it streams, so external tools only see data after it already exists on disk. JEPJEP-536 is exactly this kind. The same treatment requires for hs_err as well.
Eliya is an OpenJDK 25 LTS distribution for regulated / compliance-conscious production. One argument behind it is that some production and compliance policy can only be implemented inside the JVM, not by a wrapper around it. Example: PCI DSS 3.5.1 requires a PAN to be unreadable at rest, but a heap dump writes live card numbers to disk in cleartext. Disable dumps and you lose the forensics. Redacting the dump as the stream is written, inside HotSpot, is the only solution that doesn't trade one risk for another, and you can't compose it from existing flags.
Interesting, but I can't imagine of any other usecase. Any?
The usecase above is one class of issues where it requires acting before exposure. i.e. JVM’s internal diagnostic writers emit cleartext as it streams, so external tools only see data after it already exists on disk. JEPJEP-536 is exactly this kind. The same treatment requires for hs_err as well.