The Java Security Manager was deprecated for removal in JDK 17 by JEP
411 [1]. The next step in the evolution of removing the security manager
is to permanently disable it as proposed by candidate JEP 486 [2]. Once
this is done, System::getSecurityManager will unconditionally return
null, System::setSecurityManager will unconditionally throw
UnsupportedOperationException, and running "java -Dsecurity.manager"
will cause the VM to exit with a fatal error. This will either happen in
JDK 24 (likely) or 25 (in case it misses 24). Either way, it will soon
be gone.
I propose to remove support for running JavaFX applications with a
security manager in JavaFX 24. Any JavaFX application that uses a
security manager will necessarily need to use JDK 21.x LTS going
forward, and thus can similarly use JavaFX 21.x LTS. See JDK-8341090 [3].
Comments?
-- Kevin
[1] https://openjdk.org/jeps/411
[2] https://openjdk.org/jeps/486
[3] https://bugs.openjdk.org/browse/JDK-8341090
