New candidate JEP: 411: Deprecate the Security Manager for Removal
David Black
dblack at atlassian.com
Sun Apr 18 23:50:32 UTC 2021
On Fri, 16 Apr 2021 at 04:05, <mark.reinhold at oracle.com> wrote:
> https://openjdk.java.net/jeps/411
>
> Summary: Deprecate the Security Manager for removal in a future
> release. The Security Manager dates from Java 1.0. It has not been the
> primary means of securing client-side Java code for many years, and it
> has rarely been used to secure server-side code. To move Java forward,
> we intend to deprecate the Security Manager for removal in concert with
> the legacy Applet API (JEP 398).
>
> - Mark
>
Hi,
How can those interested in the JEP get involved?
(I am asking because Atlassian makes use of a custom java security manager,
based on the manas security manager[0], to help mitigate SSRF attacks[1])
[0] - https://code.google.com/archive/p/manas-java-security/
[1] -
https://github.com/asecurityteam/ssrf-protection-example-manas-security-manager/blob/master/example-security-manager-core/src/main/java/com/google/security/manas/ManasSecurityManager.java#L410
More information about the jdk-dev
mailing list