New candidate JEP: 421: Deprecate Finalization for Removal
Alan.Bateman at oracle.com
Tue Nov 2 14:20:32 UTC 2021
On 02/11/2021 14:00, - wrote:
> On a side note, will the actual removal of finalization become a
> dependency of the actual removal of the security manager? I recall
> when the security manager was deprecated for removal, developers
> pointed out that there can be security risks with finalization in the
> mailing list.
I suspect you may be thinking about classes that specify SM permission
checks in their constructors. If so then no SM means the permission
check doesn't do anything. If finalization is disabled or removed then
the specific attack isn't a concern. So I think independent for that
discussion, assuming this is what you mean.
More information about the jdk-dev