On Fri, 16 Apr 2021 at 04:05, <mark.reinh...@oracle.com> wrote: > https://openjdk.java.net/jeps/411 > > Summary: Deprecate the Security Manager for removal in a future > release. The Security Manager dates from Java 1.0. It has not been the > primary means of securing client-side Java code for many years, and it > has rarely been used to secure server-side code. To move Java forward, > we intend to deprecate the Security Manager for removal in concert with > the legacy Applet API (JEP 398). > > - Mark >
Hi, How can those interested in the JEP get involved? (I am asking because Atlassian makes use of a custom java security manager, based on the manas security manager[0], to help mitigate SSRF attacks[1]) [0] - https://code.google.com/archive/p/manas-java-security/ [1] - https://github.com/asecurityteam/ssrf-protection-example-manas-security-manager/blob/master/example-security-manager-core/src/main/java/com/google/security/manas/ManasSecurityManager.java#L410
