Dear Maintainers, IcedTea Web implements the Java Web Start (JWS) specification[1].
Applet support is removed from the browsers, but the user can still run Java Web Start applications via the provided desktop launchers by downloading the JLNP file. Security Manager provided a moderate sandbox that limited access to the host machine. OpenJDK 25 removes the Security Manager. This allows unrestricted access to the host machine without the user realising it. I wonder if we should remove this package from the unstable pocket, as it poses a security risk to users when ran using openjdk-25. Best Regards, Vladimir. [1] https://github.com/AdoptOpenJDK/IcedTea-Web?tab=readme-ov-file
