New candidate JEP: 486: Permanently Disable the Security Manager
Peter Firmstone
peter.firmstone at zeus.net.au
Thu Oct 3 10:28:04 UTC 2024
Which release does this target?
I've been waiting to learn the affected Java release, so we can document
which versions of Java our software can and cannot support.
We'll continue to use Java beyond this release, but will need to
maintain our own fork, as it's not possible to build an Authorization
layer on top of Java without low level hooks, this is built into our
software at a foundational level and cannot be removed.
Thank you.
Peter.
On 26/09/2024 9:55 pm, Mark Reinhold wrote:
> // Correcting Sean’s e-mail address
>
> https://openjdk.org/jeps/486
>
> Summary: The Security Manager has not been the primary means of
> securing client-side Java code for many years, it has rarely been used
> to secure server-side code, and it is costly to maintain. We therefore
> deprecated it for removal in Java 17 via JEP 411 (2021). As the next
> step toward removing the Security Manager, we will revise the Java
> Platform specification so that developers cannot enable it and other
> Platform classes do not refer to it. This change will have no impact
> on the vast majority of applications, libraries, and tools. We will
> remove the Security Manager API in a future release.
>
> - Mark
More information about the security-dev
mailing list