Clojure 1.12.0
Clojure 1.12.0 is now available! Find download and usage information on the Downloads page. 1 Compatibility 1.1 Java 8 - Compatiblity EOL notice Clojure 1.12 produces Java 8 bytecode (same as Clojure 1.10 and 1.11), but this is expected to be the last release using a Java 8 baseline. Future releases will move the bytecode and minimum Java compatibility to a newer Java LTS release. 1.2 Java 21 - Virtual thread pinning from user code under synchronized Clojure users want to use virtual threads on JDK 21. Prior to 1.12, Clojure lazy-seqs and delays, in order to enforce run-once behavior, ran user code under synchronized blocks, which as of JDK 21 don’t yet participate in cooperative blocking. Thus if that code did e.g. blocking I/O it would pin a real thread. JDK 21 may emit warnings for this when using -Djdk.tracePinnedThreads=full . To avoid this pinning, in 1.12 lazy-seq and delay use locks instead of synchronized blocks. 1.3 Security Fix CVE-2024-22871 detailed in GHSA-vr64-r9qj-h27f : 1.4 Serialization CLJ-1327 explicitly sets the Java serialization identifier for the classes in Clojure that implement Java serialization. In Clojure 1.11.0 this changed for two classes unnecessarily and we reverted those changes in Clojure 1.11.1 - this completes that work for the rest of the classes. Clojure data types have implemented the Java serialization interfaces since Clojure 1.0. Java serialization is designed to save graphs of Java instances into a byte stream. Every class has an identifier (the serialVersionUID) that is automatically generated based on
Clojure 1.12.0 has been released, bringing several updates and improvements to the popular functional programming language. The new version is available for download on the official Downloads page, and users can start exploring its features and enhancements. This release includes changes in compatibility, virtual thread pinning, a security fix, and serialization improvements.
One of the key updates in Clojure 1.12.0 is the compatibility notice for Java 8. While this version still produces Java 8 bytecode, similar to Clojure 1.10 and 1.11, it is expected to be the last release using a Java 8 baseline. Future releases will shift the bytecode and minimum Java compatibility to a newer Java LTS release. This move aims to keep Clojure aligned with the latest Java standards and ensure long-term support.
Another significant change in Clojure 1.12.0 is related to virtual thread pinning on JDK 21. Prior to this release, Clojure's lazy-seqs and delays ran user code under synchronized blocks to enforce run-once behavior. However, JDK 21 does not participate in cooperative blocking, which could lead to real thread pinning if the code performed blocking I/O. To avoid this issue, Clojure 1.12.0 now uses locks instead of synchronized blocks for lazy-seq and delay. This change ensures better compatibility with JDK 21 and prevents potential warnings when using the -Djdk.tracePinnedThreads=full option.
Clojure 1.12.0 also includes a security fix addressing CVE-2024-22871, which is detailed in GHSA-vr64-r9qj-h27f. This update ensures that the Clojure implementation remains secure and resolves any vulnerabilities that could be exploited.
In addition to these changes, Clojure 1.12.0 addresses serialization issues by explicitly setting the Java serialization identifier for Clojure classes that implement Java serialization. In Clojure 1.11.0, two classes had unnecessary changes, which were reverted in Clojure 1.11.1. This release completes the work for the remaining classes, ensuring that Clojure data types maintain compatibility with Java serialization.
Java serialization is designed to save graphs of Java instances into a byte stream. Each class has an identifier, known as the serialVersionUID, which is automatically generated based on the class name, its type hierarchy, and the serialized fields. At deserialization time, compatibility is ensured only if the available class has an identifier that matches the one recorded in the serialized bytes. While Clojure has never guaranteed serialization consistency across versions, this release aims to minimize compatibility breaks while maintaining the language's evolution.
In summary, Clojure 1.12.0 introduces important updates in compatibility, virtual thread pinning, security, and serialization. These improvements ensure that the language remains up-to-date with the latest Java standards, secure, and compatible with various environments. Users are encouraged to download and explore the new version to take advantage of these enhancements.
