Eclipse SDK 4.28

What's new in this version:

New features in the Platform and Equinox:
Text Editors:
- The editor area now shows the most important and useful commands and their key binding when no editor is open

Security:
- To address CVE-2021-41033, all access to external update sites and their artifacts is forced to use https, even when http is specified. The following system properties can be used to affect this behavior
- Adding the line -Dp2.httpRule=allow as the last line of the eclipse.ini can be used to restore the previous behavior. This can be relevant inside a corporate environment where the firewall may introduce certificates into the network traffic that are not recognized by the cacerts of the Java runtime, i.e., this may be used to avoid "PKIX path validation failed" exceptions that can otherwise be fixed only by importing the firewall certificate into the Java runtime's cacerts.
- These rules can be specified as configuration-scoped preferences available via the Authorities tab of the Install/Update → Trust preferences:
- The default preference value of each rule is determined by the corresponding system property.
- To address CVE-2021-41037, all access to external update sites and their artifacts during installation and updates is tracked and reported so that you are made aware of the source of the content being installed and can decide whether to trust content from that source. This provides an additional level of security in addition to the signing of artifacts. Simply installing content, even without actually installing any associated artifacts, can in general reconfigure the installation and that could potentially be used for malicious purposes. Also, simply because an artifact is signed, doesn't imply the artifact is necessarily trustworthy. It is important to take into account the source of installed content before installing that content.
- When installing new content as well as when installing updates, the following Trust Authorities dialog is displayed showing the sites that have been contacted, details about those sites, and details about the specific content being installed from each site
- All content must originate from sites explicitly accepted as trusted before installation proceeds and before library artifacts are downloaded. The trusted authorities can be remembered in the preferences to avoid being prompted repeatedly for authorities that have already been considered as trusted. Those recorded preferences are available for review and modification via the Authorities tab of the Install/Update → Trust preferences
- The system property p2.trustedAuthorities can be used to specify a (comma or space separated) list of authorities considered trusted. The default value is effectively.
- In the event that a PGP key is compromised, the key may be revoked. Artifacts signed before the revocation date are generally still valid, but an attacker can create back-dated signatures. Therefore, any artifact signed with a revoked key, and any internal exception that occurs while processing the revocation information of the key, will result in that artifact being treated as a suspicious artifact, leading to a Trust Artifacts prompt. You may still choose to install such content, but you will be reminded of the risk. You should consider very carefully the source of the content as tracked for your review before taking this risk.

As an extra security precaution, the handling of Cancel for the Trust Artifacts dialog has been modified:
- In particular, if you choose to reject the content, i.e., if you press Cancel or close the dialog, any of the prompted artifacts that have been downloaded during the current install or update operation will be removed from disk to avoid caching of untrusted artifacts.

General Updates:
- Launch/Debug context menus directly shows relevant launch configurations:
- In the "Run As/Debug As" context-menus, the shortcuts that can resolve directly to 1 or more launch configurations (i.e., shortcuts which implement ILaunchShortcut2) are replaced by the resolved launch directly.
- This allows to more directly know which launch configuration will be used for the Run or Debug session so it will be easier to identify it afterwards if you intend to tweak it. It is also useful in case you have setup multiple launch configurations of the same for the project and often want to run different ones; for example for A/B testing or for distinct build actions.

Logging API SLF4J version 2:
- The Eclipse Platform is now shipped with slf4j.api version 2 by default. But even for version 2 the back-ward compatibility of the package org.sfl4j (but only for that package) has not been broken and slf4j.api exports the package org.sfl4j in version 1 and 2. Therefore Plug-ins that only import and use the package org.slf4j in version 1 don't have to be touched.
- Besides breaking changes in the other sfl4j packages than org.sfl4j, version 2 has also changed the way to connect the slf4j.api bundle to a logging-backend to use Java's ServiceLoader mechanism. Consequently you have to make sure that the logging-backend used in your application uses is compatible with slf4j.api version 2. Additionally a OSGi Service Loader Mediator is needed to permit Java's ServiceLoader access to the the provider bundle. To fulfill this requirement Eclipse Platform ships org.apache.aries.spifly.dynamic.bundle by default. If you assemble a final application you have to ensure that this bundle is automatically activated during startup. For an Eclipse Product this can be achieved by assigning the Plug-in org.apache.aries.spifly.dynamic.bundle a suitable start-level in the Configuration section of your product.

New features for Java developers:
- Open Call Hierarchy action added to the list of actions shown on Ctrl+Click for fields or methods

Java Formatter:
- New Javadoc html format option When the formatter option Comments > Javadocs > Format HTML tags is selected, the default behavior for block tags (<pre>, <p>, <dl>, <ul>, <ol>, <hr>, and <dir>) is to put each tag and it's closing tag on separate lines. A new sub-option: Do not put block tags on separate lines has been added to specify not to do this and instead have the tags start on a new line and have their closing tags end a line.
- Debug:
- New launch config name preference For launch configurations, a name is often generated on behalf of the user which is simply the type name of the Java application, Java applet, or the JUnit test class. In some instances, a user may have classes with the same name in different packages or projects. Creating launch configurations for each will reuse the type name and add (nn) for each configuration created after the first. Looking in the Run Configurations or Debug Configurations dialogs or the pull-down for Run or Debug, it may be difficult to determine via the name which type the configuration is referring to.
- To alleviate this, a new set of preferences has been added to specify that the launch configuration name generated use the fully qualified type name. Once set, new configurations (either manually created in the Run Configurations or Debug Configurations dialogs or as a result of specifying Run as... or Debug as... from the context menu will qualify the generated name. Existing configurations are not altered.
- To specify the new preferences, go to Preferences > Java > Launching

JDT Developers:
- Method to mark message keys used When developing Java code, there are set mechanisms for handling message translation. There is also a context action Source > Find Broken Externalized Strings which checks .properties file and Java message translation classes that access the .properties file. The action checks for a number of issues including whether a message key is unused or missing and provides the results in the Search dialog.
- When detecting unused keys, it is possible for the action to generate false positives. For example, a message could be used by another plug-in or product which is not in the workspace or a message key could be dynamically created and the action cannot detect this.
- A new mechanism has been added for a developer to denote that a message key is known to be used and should be ignored by the Find Broken Externalized Strings action. Simply copy any known used messages from the existing .properties file into a .usedproperties file with the same name, in the same package. The .usedproperties file follows the same syntax as a .properties file and any message keys added there will not be marked as unused by the action. The message data in the .usedproperties file is ignored and can be removed if desired.

Updated CompilationParticipant API:
- New CompilationParticipant.postProcess() method was added that notifies participants about finished class compilation. This notification occurs right before the compiled class is written out to disk. This allows participants perform arbitrary byte code manipulation on generated classes.

New APIs in the Platform and Equinox:
Platform Changes:
Command Icons in e4:
- It is now possible to set command icons in the e4 model using the Eclipse 4 Model Editor. Previously this was only possible for e3 commands using the org.eclipse.ui.commandImages extension point.

Influence "Ignore Whitespace" in Compare:
- The "Ignore White Space" context menu action in the Eclipse Compare editor ignores all whitespace, including what may be semantically significant whitespace. For example, in Java a whitespace difference in a string literal is semantically significant while trailing whitespace is not.
- It is now possible to hook into the ignore-whitespace algorithm by providing an implementation of the new IIgnoreWhitespaceContributor interface. Return an instance of this interface in your override of the createIgnoreWhitespaceContributor method in your sub-class of TextMergeViewer.
- Your implementation is called for each detected whitespace difference when "Ignore White Space" is enabled. Your implementation can decide whether that whitespace difference should be ignored or not.

Onboarding information in editor area:
- The editor area now shows the most important and useful commands and their key binding when no editor is open. The information shown is dependent on the currently active perspective. Perspective have to provide these details by providing an extension to the org.eclipse.ui.perspectiveExtensions extension point. Provide and image in the editorOnboardingImage attribute and an short text in the editorOnboardingText attribute of the perspectiveExtension element. Up to 5 commands can be provided in the editorOnboardingCommand. For more details refer to the extension point's documentation. The org.eclipse.ui.resourcePerspective perspective can be used as an example.

Enhanced IPath creation and conversion:
- The IPath interface now provides various static factory methods to create IPath instances from portable, Linux or Windows path strings as well as from java.io.File or java.nio.file.Path objects. You can now create an IPath completely without referring to org.eclipse.core.runtime.Path.
- Furthermore IPath.toPath() was added, which converts an IPath to a equivalent java.nio.file.Path object

New features for plug-in developers:
Dialogs, Wizards and Views:
Support for automatic Manifest generation:
- PDE now support generating the manifest automatically
- Create a new Plugin project and select the standard OSGi framework type and select "Generate OSGi metadata automatically"
- Review and maybe adjust the usual settings like name and version

Editors:
New Manifest Cleanup action:
- Select the Organize Manifest Action
- Choose the "Recompute Import-Package ..." cleanup
- The Manifest will be transformed and the result can be reviewed

Support for auto-completion for build.properties file:
- PDE now support auto-completion of keys in the build.properties file
- User does not need to remember the complete words in the build.properties header specification. They can start typing as much as they know, and invoke the auto-completion key bindings (usually ctrl+space) to obtain the list of potential valid headers that match the user's intent.

PDE Compiler:
Support for schema and feature compilers for project-specific preferences:
- PDE now support all available compilers for project preferences
- the project specific preferences property page contained only plugin compiler (manifest compiler), while the schema and feature compiler settings are available in the workspace-wide settings. remove this restriction and open up all the compiler settings for project-specific settings too.

Security:
CVE-2021-41033: Enforce https protocol:
- PDE's access to update sites when populating target platforms is affected by the enforcement of https access. See the Platform's CVE-2021-41033: Enforce https protocol section for details.