New candidate JEP: 421: Deprecate Finalization for Removal

Alan Bateman Alan.Bateman at
Tue Nov 2 14:20:32 UTC 2021

On 02/11/2021 14:00, - wrote:
> On a side note, will the actual removal of finalization become a
> dependency of the actual removal of the security manager? I recall
> when the security manager was deprecated for removal, developers
> pointed out that there can be security risks with finalization in the
> mailing list.
I suspect you may be thinking about classes that specify SM permission 
checks in their constructors. If so then no SM means the permission 
check doesn't do anything. If finalization is disabled or removed then 
the specific attack isn't a concern. So I think independent for that 
discussion, assuming this is what you mean.


More information about the jdk-dev mailing list