On 11/26/25 03:34, Vladimir Petko wrote:
Dear Maintainers,
IcedTea Web implements the Java Web Start (JWS) specification[1].
Applet support is removed from the browsers, but the user can still
run Java Web Start applications via the provided desktop launchers by
downloading the JLNP file.
Security Manager provided a moderate sandbox that limited access to
the host machine. OpenJDK 25 removes the Security Manager. This allows
unrestricted access to the host machine without the user realising it.
I wonder if we should remove this package from the unstable pocket, as
it poses a security risk to users when ran using openjdk-25.
yes please!
