On Fri, 20 Aug 2021 22:44:34 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> This change modifies the default value of the `java.security.manager` system > property from "allow" to "disallow". This means unless it's explicitly set to > "allow", any call to `System.setSecurityManager()` would throw an UOE. > > This change was previously announced on the [jdk-dev > alias](https://mail.openjdk.java.net/pipermail/jdk-dev/2021-May/005616.html) > and is documented in [JEP 411](https://openjdk.java.net/jeps/411#Description). > > The `AllowSecurityManager.java` and `SecurityManagerWarnings.java` tests are > updated to confirm this behavior change. Two other tests are updated because > they were added after JDK-8267184 and do not have > `-Djava.security.manager=allow` on its `@run` line even it they need to > install a `SecurityManager` at runtime. This pull request has now been integrated. Changeset: d589b664 Author: Weijun Wang <wei...@openjdk.org> URL: https://git.openjdk.java.net/jdk/commit/d589b664cc809aea39ec094e99b1898df1bf3c19 Stats: 30 lines in 6 files changed: 5 ins; 8 del; 17 mod 8270380: Change the default value of the java.security.manager system property to disallow Reviewed-by: lancea, mullan, rriggs ------------- PR: https://git.openjdk.java.net/jdk/pull/5204
