JEP proposed to target JDK 24: 486: Permanently Disable the Security Manager
Mark Reinhold
mark.reinhold at oracle.com
Fri Nov 1 18:28:52 UTC 2024
The following JEP is proposed to target JDK 24:
486: Permanently Disable the Security Manager
https://openjdk.org/jeps/486
Summary: The Security Manager has not been the primary means of
securing client-side Java code for many years, it has rarely been used
to secure server-side code, and it is costly to maintain. We therefore
deprecated it for removal in Java 17 via JEP 411 (2021). As the next
step toward removing the Security Manager, we will revise the Java
Platform specification so that developers cannot enable it and other
Platform classes do not refer to it. This change will have no impact
on the vast majority of applications, libraries, and tools. We will
remove the Security Manager API in a future release.
Feedback on this proposal from JDK Project Committers and Reviewers [1]
is more than welcome, as are reasoned objections. If no such objections
are raised by 20:00 UTC on Friday, 8 November, or if they’re raised and
then satisfactorily answered, then per the JEP 2.0 process proposal [2]
I’ll target this JEP to JDK 24.
- Mark
[1] https://openjdk.org/census#jdk
[2] https://cr.openjdk.java.net/~mr/jep/jep-2.0-02.html
More information about the jdk-dev
mailing list