Mistyped: 24 is not LTS :)
> Am 26.06.2025 um 08:50 schrieb Richard Zowalla <r...@apache.org>:
>
> Hi all,
>
> I've created a branch here: https://github.com/apache/tomee/tree/jdk24 that
> includes the same changes as shown in [1], allowing TomEE to run on Java 24.
> This is necessary due to the removal and deprecation of several
> SecurityManager-related classes. Some of these now throw exceptions in Java
> 24, preventing TomEE from running / starting altogether.
>
> I completed a full build with Java 24 [2], and the only failures observed
> were related to EJB method permission tests. Since Java 21, most of the
> affected classes have become no-ops, meaning EJB method permissions are no
> longer effectively enforced (as confirmed by running tests on Java 21+).
>
> Given this, I propose we merge these changes after careful review.
>
> We can keep other SecurityManager-related logic, like Subject.doAsPrivileged,
> for now—especially since EE10 still targets Java 17, where these are
> deprecated but functional. In the longer term, we can look into
> bridging/adapting these, as other ASF projects have done. It would also be
> important to add a note on our download page that running TomEE on Java 21+
> currently does not guarantee EJB method security.
>
> From my perspective, merging these changes would benefit users who aren’t
> relying on EJB method security, enabling them to run TomEE on Java 24 (an LTS
> release).
>
> I'd like to open a discussion on how best to move forward with this.
>
> Gruß
> Richard
>
> [1]
> https://github.com/apache/tomee/commit/6d779321ddb9111cb46e7cd7f8e27929ff8bc3cc
> [2] https://ci-builds.apache.org/job/Tomee/job/pull-request-manual-jdk24/7/
>
