SpotBugs observes four places where the code is influenced by the system’s default charset:
MDQueryMD5ItemIdTransformer
MDQuerySHA1ItemIdTransformer
SHA1StringTransformer
X509RSAOpenSSLBlacklistValidator (reading the blocklist resource)
In each of these cases, we should stabilise behaviour by explicitly using UTF-8 and updating the Javadoc appropriately.
Note that there’s a proposed JSR that will make this the default behaviour of Java at some point in the future, so in my mind this isn’t particularly contentious.
The change in default behaviour is in JEP 400 and was incorporated in Java 18. So, we can’t assume this to be done for us while Java 17 is still a permitted platform.
SpotBugs observes four places where the code is influenced by the system’s default charset:
MDQueryMD5ItemIdTransformerMDQuerySHA1ItemIdTransformerSHA1StringTransformerX509RSAOpenSSLBlacklistValidator(reading the blocklist resource)In each of these cases, we should stabilise behaviour by explicitly using UTF-8 and updating the Javadoc appropriately.
Note that there’s a proposed JSR that will make this the default behaviour of Java at some point in the future, so in my mind this isn’t particularly contentious.