-bcc jdk-...@openjdk.java.net
On 4/18/21 7:50 PM, David Black wrote:
On Fri, 16 Apr 2021 at 04:05, <mark.reinh...@oracle.com
<mailto:mark.reinh...@oracle.com>> wrote:
https://openjdk.java.net/jeps/411 <https://openjdk.java.net/jeps/411>
Summary: Deprecate the Security Manager for removal in a future
release. The Security Manager dates from Java 1.0. It has not
been the
primary means of securing client-side Java code for many years,
and it
has rarely been used to secure server-side code. To move Java
forward,
we intend to deprecate the Security Manager for removal in
concert with
the legacy Applet API (JEP 398).
- Mark
Hi,
How can those interested in the JEP get involved?
Please provide feedback on the security-dev@openjdk.java.net list.
--Sean
(I am asking because Atlassian makes use of a custom java security
manager, based on the manas security manager[0], to help mitigate SSRF
attacks[1])
[0] - https://code.google.com/archive/p/manas-java-security/
<https://urldefense.com/v3/__https://code.google.com/archive/p/manas-java-security/__;!!GqivPVa7Brio!PsDzWY7_ryf1CEnmamjneeZGf1So0LpFHroUEuj1sM-l-SxcOLoUAXeSk_v4QMDV$>
[1] -
https://github.com/asecurityteam/ssrf-protection-example-manas-security-manager/blob/master/example-security-manager-core/src/main/java/com/google/security/manas/ManasSecurityManager.java#L410
<https://urldefense.com/v3/__https://github.com/asecurityteam/ssrf-protection-example-manas-security-manager/blob/master/example-security-manager-core/src/main/java/com/google/security/manas/ManasSecurityManager.java*L410__;Iw!!GqivPVa7Brio!PsDzWY7_ryf1CEnmamjneeZGf1So0LpFHroUEuj1sM-l-SxcOLoUAXeSkzkSdzNW$>
