[
https://issues.apache.org/jira/browse/DERBY-7126?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17446165#comment-17446165
]
Richard N. Hillegas commented on DERBY-7126:
--------------------------------------------
According to the Open JDK security experts, the java.security.manager property
is read only at boot time. This is a micro-performance optimization implemented
as part of https://bugs.openjdk.java.net/browse/JDK-8203316.
As a consequence of this change, the Derby server cannot be secure-by-default,
starting with JDK 18. It seems that our hand has been forced. We face the
following choice:
o Don't try to install a SecurityManager if the JVM level is JDK 18 or higher.
o Have the network server fail in a visible way if java.security.manager is not
set to "allow" on the boot command line and if the -noSecurityManager startup
argument is not set.
Either option requires documentation changes. Unfortunately, old versions of
the Derby server will fail silently when booted on JDK 18 or higher. What a
mess.
> Make it possible to build and test Derby cleanly with OpenJDK 18
> ----------------------------------------------------------------
>
> Key: DERBY-7126
> URL: https://issues.apache.org/jira/browse/DERBY-7126
> Project: Derby
> Issue Type: Task
> Components: Build tools
> Affects Versions: 10.16.0.0
> Reporter: Richard N. Hillegas
> Assignee: Richard N. Hillegas
> Priority: Major
> Attachments: DERBY_7126_A.java, DERBY_7126_B.java, dcl_emc2sm.jar,
> derby-7126-01-aa-regenerateSignedJars.diff,
> derby-7126-02-aa-suppressDeprecationWarnings.diff
>
>
> Releases of Open JDK 18 can be found at https://jdk.java.net/178. We should
> adjust Derby as necessary so that it builds cleanly (including javadoc) and
> tests cleanly with this version of the platform.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
