Hide the onjcmd option of the jdwp agent and the corresponding VM.start_java_debugging command, without removing the functionality outright.
According to JDK-8223456 the onjcmd option and the corresponding diagnostic command should be hidden as far as possible. The onjcmd option was introduced with JDK-8214892 and it had been backported to OpenJDK update release 11.0.3. So this hiding shall be backported to OpenJDK 11 updates as well to match upstream.
The onjcmd option is not mentioned in the help output of the JDWP agent anymore. The corresponding diagnostic command VM.start_java_debugging is now registered as hidden, so it would not be included in the list of supported commands by jcmd or via the mbeans.
Apart from that the functionality is still working.
diff --git a/src/hotspot/share/services/diagnosticCommand.cpp b/src/hotspot/share/services/diagnosticCommand.cpp --- a/src/hotspot/share/services/diagnosticCommand.cpp +++ b/src/hotspot/share/services/diagnosticCommand.cpp @@ -129,7 +129,7 @@ // Debug on cmd (only makes sense with JVMTI since the agentlib needs it). #if INCLUDE_JVMTI - DCmdFactory::register_DCmdFactory(new DCmdFactoryImpl<DebugOnCmdStartDCmd>(full_export, true, false)); + DCmdFactory::register_DCmdFactory(new DCmdFactoryImpl<DebugOnCmdStartDCmd>(full_export, true, true)); #endif // INCLUDE_JVMTI } diff --git a/src/jdk.jdwp.agent/share/native/libjdwp/debugInit.c b/src/jdk.jdwp.agent/share/native/libjdwp/debugInit.c --- a/src/jdk.jdwp.agent/share/native/libjdwp/debugInit.c +++ b/src/jdk.jdwp.agent/share/native/libjdwp/debugInit.c @@ -873,7 +873,6 @@ "launch=<command line> run debugger on event none\n" "onthrow=<exception name> debug on throw none\n" "onuncaught=y|n debug on any uncaught? n\n" - "onjcmd=y|n start debug via jcmd? n\n" "timeout=<timeout value> for listen/attach in milliseconds n\n" "mutf8=y|n output modified utf-8 n\n" "quiet=y|n control over terminal messages n\n"));