<!DOCTYPE html><html><head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
Yes. I will file the follow-up bugs listed in the PR soon, and the
first of these will be to remove all calls to doPrivileged. My plan
is to file an umbrella task with separate bugs for each module that
can then be split and done in parallel by different developers.<br>
<br>
-- Kevin<br>
<br>
<br>
<div class="moz-cite-prefix">On 10/9/2024 5:17 PM, John Hendrikx
wrote:<br>
</div>
<blockquote type="cite" cite="mid:23bfe767-0558-4617-a7d8-d6c5ee891564@gmail.com">
<p>Does this mean all the ugly AccessController.doPrivileged code
can be simplified?</p>
<p>--John<br>
</p>
<div class="moz-cite-prefix">On 09/10/2024 16:22, Kevin Rushforth
wrote:<br>
</div>
<blockquote type="cite" cite="mid:1599ac75-b6e5-44a1-b2af-add167599a5b@oracle.com"> I
just took the PR out of Draft, so it is now ready for review.<br>
<br>
-- Kevin<br>
<br>
<br>
<div class="moz-cite-prefix">On 10/2/2024 8:20 AM, Kevin
Rushforth wrote:<br>
</div>
<blockquote type="cite" cite="mid:98351681-43bb-41c7-86e4-adb3cc23c33d@oracle.com">
<blockquote type="cite">I suspect people who are using
SecurityManager with JavaFX are still on java8.</blockquote>
<br>
Very likely.<br>
<br>
-- Kevin<br>
<br>
<br>
<div class="moz-cite-prefix">On 10/2/2024 7:58 AM, Andy
Goryachev wrote:<br>
</div>
<blockquote type="cite" cite="mid:BL3PR10MB6185927F4D365DAB160BB234E5702@BL3PR10MB6185.namprd10.prod.outlook.com">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}@font-face
{font-family:"Iosevka Fixed SS16";
panose-1:2 0 5 9 3 0 0 0 0 4;}@font-face
{font-family:"Times New Roman \(Body CS\)";
panose-1:2 11 6 4 2 2 2 2 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:10.0pt;
font-family:"Aptos",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Iosevka Fixed SS16";
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}</style>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Iosevka Fixed SS16"">Good
riddance! I suspect people who are using
SecurityManager with JavaFX are still on java8.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Iosevka Fixed SS16""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Iosevka Fixed SS16"">-andy<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Iosevka Fixed SS16""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Iosevka Fixed SS16""><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Iosevka Fixed SS16""><o:p> </o:p></span></p>
<div id="mail-editor-reference-message-container">
<div>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-size:12.0pt;color:black">From: </span></b><span style="font-size:12.0pt;color:black">openjfx-dev
<a class="moz-txt-link-rfc2396E" href="mailto:openjfx-dev-retn@openjdk.org" moz-do-not-send="true"><openjfx-dev-retn@openjdk.org></a>
on behalf of Kevin Rushforth <a class="moz-txt-link-rfc2396E" href="mailto:kevin.rushforth@oracle.com" moz-do-not-send="true"><kevin.rushforth@oracle.com></a><br>
<b>Date: </b>Wednesday, October 2, 2024 at
07:46<br>
<b>To: </b>openjfx-dev <a class="moz-txt-link-rfc2396E" href="mailto:openjfx-dev@openjdk.org" moz-do-not-send="true"><openjfx-dev@openjdk.org></a><br>
<b>Subject: </b>Proposal: Remove support for
running JavaFX with the security manager<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:11.0pt">The Java Security
Manager was deprecated for removal in JDK 17
by JEP <br>
411 [1]. The next step in the evolution of
removing the security manager <br>
is to permanently disable it as proposed by
candidate JEP 486 [2]. Once <br>
this is done, System::getSecurityManager will
unconditionally return <br>
null, System::setSecurityManager will
unconditionally throw <br>
UnsupportedOperationException, and running
"java -Dsecurity.manager" <br>
will cause the VM to exit with a fatal error.
This will either happen in <br>
JDK 24 (likely) or 25 (in case it misses 24).
Either way, it will soon <br>
be gone.<br>
<br>
I propose to remove support for running JavaFX
applications with a <br>
security manager in JavaFX 24. Any JavaFX
application that uses a <br>
security manager will necessarily need to use
JDK 21.x LTS going <br>
forward, and thus can similarly use JavaFX
21.x LTS. See JDK-8341090 [3].<br>
<br>
Comments?<br>
<br>
-- Kevin<br>
<br>
[1] <a href="https://openjdk.org/jeps/411" moz-do-not-send="true" class="moz-txt-link-freetext">https://openjdk.org/jeps/411</a><br>
[2] <a href="https://openjdk.org/jeps/486" moz-do-not-send="true" class="moz-txt-link-freetext">https://openjdk.org/jeps/486</a><br>
[3] <a href="https://bugs.openjdk.org/browse/JDK-8341090" moz-do-not-send="true" class="moz-txt-link-freetext">https://bugs.openjdk.org/browse/JDK-8341090</a><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
</blockquote>
<br>
</body>
</html>