Clojure 1.12.0
Clojure 1.12.0 is now available! Find download and usage information on the Downloads page. 1 Compatibility 1.1 Java 8 - Compatiblity EOL notice Clojure 1.12 produces Java 8 bytecode (same as Clojure 1.10 and 1.11), but this is expected to be the last release using a Java 8 baseline. Future releases will move the bytecode and minimum Java compatibility to a newer Java LTS release. 1.2 Java 21 - Virtual thread pinning from user code under synchronized Clojure users want to use virtual threads on JDK 21. Prior to 1.12, Clojure lazy-seqs and delays, in order to enforce run-once behavior, ran user code under synchronized blocks, which as of JDK 21 don’t yet participate in cooperative blocking. Thus if that code did e.g. blocking I/O it would pin a real thread. JDK 21 may emit warnings for this when using -Djdk.tracePinnedThreads=full . To avoid this pinning, in 1.12 lazy-seq and delay use locks instead of synchronized blocks. 1.3 Security Fix CVE-2024-22871 detailed in GHSA-vr64-r9qj-h27f : 1.4 Serialization CLJ-1327 explicitly sets the Java serialization identifier for the classes in Clojure that implement Java serialization. In Clojure 1.11.0 this changed for two classes unnecessarily and we reverted those changes in Clojure 1.11.1 - this completes that work for the rest of the classes. Clojure data types have implemented the Java serialization interfaces since Clojure 1.0. Java serialization is designed to save graphs of Java instances into a byte stream. Every class has an identifier (the serialVersionUID) that is automatically generated based on
Clojure 1.12.0 has been released, bringing several updates and improvements to the popular functional programming language. The new version is available for download on the official Downloads page, and users can start exploring its features and enhancements. This release marks the final version using Java 8 bytecode, as future updates will shift to a newer Java LTS release. Additionally, Clojure 1.12.0 introduces a security fix, improves virtual thread pinning on JDK 21, and addresses serialization consistency.
One of the key changes in Clojure 1.12.0 is the end-of-life (EOL) notice for Java 8 compatibility. While this release still produces Java 8 bytecode, similar to Clojure 1.10 and 1.11, it is expected to be the last version to do so. Moving forward, Clojure will align with a newer Java LTS release, ensuring better compatibility and support for future developments. This shift aims to keep Clojure in line with evolving Java standards and ensure long-term stability.
Another significant update in Clojure 1.12.0 is the improvement in virtual thread pinning on JDK 21. Prior to this release, lazy-seqs and delays in Clojure ran user code under synchronized blocks to enforce run-once behavior. However, JDK 21 does not participate in cooperative blocking, which could lead to real thread pinning if the code performed blocking I/O operations. To address this, Clojure 1.12.0 replaces synchronized blocks with locks in lazy-seq and delay implementations, preventing unwanted thread pinning and ensuring better compatibility with JDK 21's virtual threads.
Security is a top priority for the Clojure community, and this release includes a critical fix for CVE-2024-22871, detailed in GHSA-vr64-r9qj-h27f. The update addresses a vulnerability that could potentially impact the stability and security of Clojure applications. By resolving this issue, users can rest assured that their Clojure projects are protected from potential threats.
Furthermore, Clojure 1.12.0 addresses serialization consistency by explicitly setting the Java serialization identifier for classes in Clojure that implement Java serialization. In Clojure 1.11.0, two classes had unnecessary changes to their serialization identifiers, which were later reverted in Clojure 1.11.1. This release completes the work for the remaining classes, ensuring that Clojure data types maintain consistent serialization across versions. Java serialization saves graphs of Java instances into a byte stream, with each class having a unique identifier (serialVersionUID) based on its name, type hierarchy, and serialized fields. At deserialization, compatibility is ensured only when the class identifier matches the one recorded in the serialized bytes. While Clojure has never guaranteed serialization consistency across versions, this update helps minimize unnecessary compatibility breaks.
In summary, Clojure 1.12.0 introduces several important updates, including the final Java 8 release, improved virtual thread pinning on JDK 21, a critical security fix, and enhanced serialization consistency. These changes position Clojure for continued growth and stability, ensuring that it remains a powerful and reliable tool for developers building complex applications. Users are encouraged to download and explore the new version to take advantage of these enhancements.
