-bcc [email protected] On 4/18/21 7:50 PM, David Black wrote:
On Fri, 16 Apr 2021 at 04:05, <[email protected]
<mailto:[email protected]>> wrote:
https://openjdk.java.net/jeps/411 <https://openjdk.java.net/jeps/411>
Summary: Deprecate the Security Manager for removal in a future
release. The Security Manager dates from Java 1.0. It has not
been the
primary means of securing client-side Java code for many years,
and it
has rarely been used to secure server-side code. To move Java
forward,
we intend to deprecate the Security Manager for removal in
concert with
the legacy Applet API (JEP 398).
- Mark
Hi,
How can those interested in the JEP get involved?
Please provide feedback on the [email protected] list. --Sean
(I am asking because Atlassian makes use of a custom java security manager, based on the manas security manager[0], to help mitigate SSRF attacks[1])[0] - https://code.google.com/archive/p/manas-java-security/ <https://urldefense.com/v3/__https://code.google.com/archive/p/manas-java-security/__;!!GqivPVa7Brio!PsDzWY7_ryf1CEnmamjneeZGf1So0LpFHroUEuj1sM-l-SxcOLoUAXeSk_v4QMDV$> [1] - https://github.com/asecurityteam/ssrf-protection-example-manas-security-manager/blob/master/example-security-manager-core/src/main/java/com/google/security/manas/ManasSecurityManager.java#L410 <https://urldefense.com/v3/__https://github.com/asecurityteam/ssrf-protection-example-manas-security-manager/blob/master/example-security-manager-core/src/main/java/com/google/security/manas/ManasSecurityManager.java*L410__;Iw!!GqivPVa7Brio!PsDzWY7_ryf1CEnmamjneeZGf1So0LpFHroUEuj1sM-l-SxcOLoUAXeSkzkSdzNW$>
