Mistyped: 24 is not LTS :)

> Am 26.06.2025 um 08:50 schrieb Richard Zowalla <r...@apache.org>:
> 
> Hi all,
> 
> I've created a branch here: https://github.com/apache/tomee/tree/jdk24 that 
> includes the same changes as shown in [1], allowing TomEE to run on Java 24. 
> This is necessary due to the removal and deprecation of several 
> SecurityManager-related classes. Some of these now throw exceptions in Java 
> 24, preventing TomEE from running / starting altogether.
> 
> I completed a full build with Java 24 [2], and the only failures observed 
> were related to EJB method permission tests. Since Java 21, most of the 
> affected classes have become no-ops, meaning EJB method permissions are no 
> longer effectively enforced (as confirmed by running tests on Java 21+).
> 
> Given this, I propose we merge these changes after careful review.
> 
> We can keep other SecurityManager-related logic, like Subject.doAsPrivileged, 
> for now—especially since EE10 still targets Java 17, where these are 
> deprecated but functional. In the longer term, we can look into 
> bridging/adapting these, as other ASF projects have done. It would also be 
> important to add a note on our download page that running TomEE on Java 21+ 
> currently does not guarantee EJB method security.
> 
> From my perspective, merging these changes would benefit users who aren’t 
> relying on EJB method security, enabling them to run TomEE on Java 24 (an LTS 
> release).
> 
> I'd like to open a discussion on how best to move forward with this.
> 
> Gruß
> Richard
> 
> [1] 
> https://github.com/apache/tomee/commit/6d779321ddb9111cb46e7cd7f8e27929ff8bc3cc
> [2] https://ci-builds.apache.org/job/Tomee/job/pull-request-manual-jdk24/7/
> 

Reply via email to