diff --git a/build-tools-internal/src/main/resources/fips_java.security b/build-tools-internal/src/main/resources/fips_java.security
index 1018b1b96acc2..b1fc913df148f 100644
--- a/build-tools-internal/src/main/resources/fips_java.security
+++ b/build-tools-internal/src/main/resources/fips_java.security
@@ -49,3 +49,6 @@ jdk.xml.dsig.secureValidationPolicy=\
noRetrievalMethodLoops
jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep;\
java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!*
+
+# Needed since JDK25 to match the default config in the out-of-the-box java.security
+jdk.includeInExceptions=hostInfoExclSocket
diff --git a/build-tools-internal/src/main/resources/fips_java_oracle.security b/build-tools-internal/src/main/resources/fips_java_oracle.security
index 875151a058eeb..c8c0662f27832 100644
--- a/build-tools-internal/src/main/resources/fips_java_oracle.security
+++ b/build-tools-internal/src/main/resources/fips_java_oracle.security
@@ -50,3 +50,6 @@ jdk.xml.dsig.secureValidationPolicy=\
noRetrievalMethodLoops
jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep;\
java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!*
+
+# Needed since JDK25 to match the default config in the out-of-the-box java.security
+jdk.includeInExceptions=hostInfoExclSocket
diff --git a/build-tools-internal/version.properties b/build-tools-internal/version.properties
index c75a20161dc12..e4b5572f22db2 100644
--- a/build-tools-internal/version.properties
+++ b/build-tools-internal/version.properties
@@ -2,7 +2,7 @@ elasticsearch = 9.0.8
lucene = 10.1.0
bundled_jdk_vendor = openjdk
-bundled_jdk = 24.0.2+12@fdc5d0102fe0414db21410ad5834341f
+bundled_jdk = 25+36@bd75d5f9689641da8e1daabeccb5528b
# optional dependencies
spatial4j = 0.7
jts = 1.15.0
diff --git a/client/rest/src/test/java/org/elasticsearch/client/RestClientMultipleHostsIntegTests.java b/client/rest/src/test/java/org/elasticsearch/client/RestClientMultipleHostsIntegTests.java
index 9a5f239970469..cc06db937e52b 100644
--- a/client/rest/src/test/java/org/elasticsearch/client/RestClientMultipleHostsIntegTests.java
+++ b/client/rest/src/test/java/org/elasticsearch/client/RestClientMultipleHostsIntegTests.java
@@ -49,6 +49,7 @@
import static org.elasticsearch.client.RestClientTestUtil.randomErrorNoRetryStatusCode;
import static org.elasticsearch.client.RestClientTestUtil.randomOkStatusCode;
import static org.hamcrest.CoreMatchers.instanceOf;
+import static org.hamcrest.Matchers.startsWith;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.assertTrue;
@@ -314,7 +315,7 @@ public void testNodeSelector() throws Exception {
} catch (ConnectException e) {
// Windows isn't consistent here. Sometimes the message is even null!
if (false == System.getProperty("os.name").startsWith("Windows")) {
- assertEquals("Connection refused", e.getMessage());
+ assertThat(e.getMessage(), startsWith("Connection refused"));
}
}
} else {
diff --git a/client/rest/src/test/java/org/elasticsearch/client/RestClientTests.java b/client/rest/src/test/java/org/elasticsearch/client/RestClientTests.java
index fd36387a46962..12468317d4359 100644
--- a/client/rest/src/test/java/org/elasticsearch/client/RestClientTests.java
+++ b/client/rest/src/test/java/org/elasticsearch/client/RestClientTests.java
@@ -44,6 +44,7 @@
import static java.util.Collections.singletonList;
import static org.hamcrest.Matchers.instanceOf;
+import static org.hamcrest.Matchers.startsWith;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertSame;
@@ -105,7 +106,7 @@ public void onSuccess(Response response) {
public void onFailure(Exception exception) {
try {
assertThat(exception, instanceOf(IllegalArgumentException.class));
- assertEquals("Expected scheme name at index 0: ::http:///", exception.getMessage());
+ assertThat(exception.getMessage(), startsWith(("Expected scheme name")));
} finally {
latch.countDown();
}
diff --git a/gradle/verification-metadata.xml b/gradle/verification-metadata.xml
index 785e06c9b4962..c34c0f63e0824 100644
--- a/gradle/verification-metadata.xml
+++ b/gradle/verification-metadata.xml
@@ -4596,6 +4596,11 @@
+
+
+
+
+
@@ -4641,6 +4646,11 @@
+
+
+
+
+
diff --git a/libs/entitlement/asm-provider/build.gradle b/libs/entitlement/asm-provider/build.gradle
index d992792cd96d8..e6016a4294977 100644
--- a/libs/entitlement/asm-provider/build.gradle
+++ b/libs/entitlement/asm-provider/build.gradle
@@ -13,10 +13,10 @@ dependencies {
compileOnly project(':libs:entitlement')
compileOnly project(':libs:core')
compileOnly project(':libs:logging')
- implementation 'org.ow2.asm:asm:9.7.1'
- implementation 'org.ow2.asm:asm-util:9.7.1'
- implementation 'org.ow2.asm:asm-tree:9.7.1'
- implementation 'org.ow2.asm:asm-analysis:9.7.1'
+ implementation 'org.ow2.asm:asm:9.8'
+ implementation 'org.ow2.asm:asm-util:9.8'
+ implementation 'org.ow2.asm:asm-tree:9.8'
+ implementation 'org.ow2.asm:asm-analysis:9.8'
testImplementation project(":test:framework")
testImplementation project(":libs:entitlement:bridge")
}
diff --git a/libs/entitlement/tools/public-callers-finder/build.gradle b/libs/entitlement/tools/public-callers-finder/build.gradle
index 664e6e763c4dd..42dda12654453 100644
--- a/libs/entitlement/tools/public-callers-finder/build.gradle
+++ b/libs/entitlement/tools/public-callers-finder/build.gradle
@@ -46,8 +46,8 @@ repositories {
dependencies {
compileOnly(project(':libs:core'))
- implementation 'org.ow2.asm:asm:9.7.1'
- implementation 'org.ow2.asm:asm-util:9.7.1'
+ implementation 'org.ow2.asm:asm:9.8'
+ implementation 'org.ow2.asm:asm-util:9.8'
implementation(project(':libs:entitlement:tools:common'))
}
diff --git a/libs/entitlement/tools/securitymanager-scanner/build.gradle b/libs/entitlement/tools/securitymanager-scanner/build.gradle
index 93a4f74360a6e..2391e89e31ffe 100644
--- a/libs/entitlement/tools/securitymanager-scanner/build.gradle
+++ b/libs/entitlement/tools/securitymanager-scanner/build.gradle
@@ -46,8 +46,8 @@ repositories {
dependencies {
compileOnly(project(':libs:core'))
- implementation 'org.ow2.asm:asm:9.7.1'
- implementation 'org.ow2.asm:asm-util:9.7.1'
+ implementation 'org.ow2.asm:asm:9.8'
+ implementation 'org.ow2.asm:asm-util:9.8'
implementation(project(':libs:entitlement:tools:common'))
}
diff --git a/modules/lang-expression/build.gradle b/modules/lang-expression/build.gradle
index ddab38e5eac4b..2c7c46b4f945e 100644
--- a/modules/lang-expression/build.gradle
+++ b/modules/lang-expression/build.gradle
@@ -19,10 +19,10 @@ dependencies {
api "org.apache.lucene:lucene-expressions:${versions.lucene}"
runtimeOnly "org.apache.lucene:lucene-codecs:${versions.lucene}"
runtimeOnly "org.antlr:antlr4-runtime:${versions.antlr4}"
- runtimeOnly 'org.ow2.asm:asm:7.2'
- runtimeOnly 'org.ow2.asm:asm-commons:7.2'
- runtimeOnly 'org.ow2.asm:asm-tree:7.2'
- runtimeOnly 'org.ow2.asm:asm-analysis:7.2'
+ runtimeOnly 'org.ow2.asm:asm:9.8'
+ runtimeOnly 'org.ow2.asm:asm-commons:9.8'
+ runtimeOnly 'org.ow2.asm:asm-tree:9.8'
+ runtimeOnly 'org.ow2.asm:asm-analysis:9.8'
}
restResources {
restApi {
diff --git a/modules/lang-painless/build.gradle b/modules/lang-painless/build.gradle
index b030d3c2d5e16..5a0d0ac1f8d64 100644
--- a/modules/lang-painless/build.gradle
+++ b/modules/lang-painless/build.gradle
@@ -37,11 +37,11 @@ configurations {
dependencies {
api "org.antlr:antlr4-runtime:${versions.antlr4}"
- api 'org.ow2.asm:asm-util:7.2'
- api 'org.ow2.asm:asm-tree:7.2'
- api 'org.ow2.asm:asm-commons:7.2'
- api 'org.ow2.asm:asm-analysis:7.2'
- api 'org.ow2.asm:asm:7.2'
+ api 'org.ow2.asm:asm-util:9.8'
+ api 'org.ow2.asm:asm-tree:9.8'
+ api 'org.ow2.asm:asm-commons:9.8'
+ api 'org.ow2.asm:asm-analysis:9.8'
+ api 'org.ow2.asm:asm:9.8'
spi project('spi')
clusterModules project(':modules:mapper-extras')
}
diff --git a/test/test-clusters/src/main/resources/fips/fips_java.security b/test/test-clusters/src/main/resources/fips/fips_java.security
index 1018b1b96acc2..b1fc913df148f 100644
--- a/test/test-clusters/src/main/resources/fips/fips_java.security
+++ b/test/test-clusters/src/main/resources/fips/fips_java.security
@@ -49,3 +49,6 @@ jdk.xml.dsig.secureValidationPolicy=\
noRetrievalMethodLoops
jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep;\
java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!*
+
+# Needed since JDK25 to match the default config in the out-of-the-box java.security
+jdk.includeInExceptions=hostInfoExclSocket
diff --git a/test/test-clusters/src/main/resources/fips/fips_java_oracle.security b/test/test-clusters/src/main/resources/fips/fips_java_oracle.security
index 875151a058eeb..c50f85202a1e4 100644
--- a/test/test-clusters/src/main/resources/fips/fips_java_oracle.security
+++ b/test/test-clusters/src/main/resources/fips/fips_java_oracle.security
@@ -50,3 +50,7 @@ jdk.xml.dsig.secureValidationPolicy=\
noRetrievalMethodLoops
jceks.key.serialFilter = java.base/java.lang.Enum;java.base/java.security.KeyRep;\
java.base/java.security.KeyRep$Type;java.base/javax.crypto.spec.SecretKeySpec;!*
+
+# Needed since JDK25 to match the default config in the out-of-the-box java.security
+jdk.includeInExceptions=hostInfoExclSocket
+
diff --git a/x-pack/plugin/esql/build.gradle b/x-pack/plugin/esql/build.gradle
index b3eaed518c59f..81e9f6b80d962 100644
--- a/x-pack/plugin/esql/build.gradle
+++ b/x-pack/plugin/esql/build.gradle
@@ -86,6 +86,11 @@ interface Injected {
}
tasks.named("test").configure {
+ // prevent empty stacktraces on JDK 25 for intrinsic Math.*Exact invocations
+ // https://bugs.openjdk.org/browse/JDK-8367990
+ // https://github.com/elastic/elasticsearch/issues/135009
+ jvmArgs '-XX:-OmitStackTraceInFastThrow'
+
if (buildParams.ci == false) {
systemProperty 'generateDocs', true
def injected = project.objects.newInstance(Injected)
diff --git a/x-pack/plugin/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/JdbcConfigurationTests.java b/x-pack/plugin/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/JdbcConfigurationTests.java
index 970b8b6d572e4..d309346bb4bbd 100644
--- a/x-pack/plugin/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/JdbcConfigurationTests.java
+++ b/x-pack/plugin/sql/jdbc/src/test/java/org/elasticsearch/xpack/sql/jdbc/JdbcConfigurationTests.java
@@ -11,6 +11,7 @@
import org.elasticsearch.test.ESTestCase;
import org.elasticsearch.xpack.sql.client.SslConfig;
import org.elasticsearch.xpack.sql.client.SuppressForbidden;
+import org.hamcrest.Matchers;
import java.net.URI;
import java.net.URISyntaxException;
@@ -43,12 +44,7 @@ private JdbcConfiguration ci(String url) throws SQLException {
public void testInvalidUrl() {
JdbcSQLException e = expectThrows(JdbcSQLException.class, () -> ci("jdbc:es://localhost9200/?ssl=#5#"));
- assertEquals(
- "Invalid URL: Invalid connection configuration: Illegal character in fragment at index 28: "
- + "http://localhost9200/?ssl=#5#; format should be "
- + "[jdbc:[es|elasticsearch]://[[http|https]://]?[host[:port]]?/[prefix]?[\\?[option=value]&]*]",
- e.getMessage()
- );
+ assertThat(e.getMessage(), Matchers.startsWith("Invalid URL: Invalid connection configuration: Illegal character in fragment"));
}
public void testJustThePrefix() throws Exception {
diff --git a/x-pack/plugin/sql/sql-client/src/test/java/org/elasticsearch/xpack/sql/client/UriUtilsTests.java b/x-pack/plugin/sql/sql-client/src/test/java/org/elasticsearch/xpack/sql/client/UriUtilsTests.java
index af25b40220979..2040f592be2dd 100644
--- a/x-pack/plugin/sql/sql-client/src/test/java/org/elasticsearch/xpack/sql/client/UriUtilsTests.java
+++ b/x-pack/plugin/sql/sql-client/src/test/java/org/elasticsearch/xpack/sql/client/UriUtilsTests.java
@@ -16,6 +16,7 @@
import static org.elasticsearch.xpack.sql.client.UriUtils.appendSegmentToPath;
import static org.elasticsearch.xpack.sql.client.UriUtils.parseURI;
import static org.elasticsearch.xpack.sql.client.UriUtils.removeQuery;
+import static org.hamcrest.Matchers.matchesPattern;
public class UriUtilsTests extends ESTestCase {
@@ -89,9 +90,10 @@ public void testUnsupportedProtocol() throws Exception {
}
public void testMalformedWhiteSpace() throws Exception {
- assertEquals(
- "Invalid connection configuration: Illegal character in authority at index 7: http:// ",
- expectThrows(IllegalArgumentException.class, () -> parseURI(" ", DEFAULT_URI)).getMessage()
+ assertThat(
+ expectThrows(IllegalArgumentException.class, () -> parseURI(" ", DEFAULT_URI)).getMessage(),
+ // Use a lenient regex here since later JDKs trim exception message whitespace
+ matchesPattern("^Invalid connection configuration: Illegal character in authority at index 7: http:// ?")
);
}