We are aiming to do this in 24, but nothing is official until the JEP is
targeted to a specific release.
--Sean
On 10/3/24 6:28 AM, Peter Firmstone wrote:
Which release does this target?
I've been waiting to learn the affected Java release, so we can document
which versions of Java our software can and cannot support.
We'll continue to use Java beyond this release, but will need to
maintain our own fork, as it's not possible to build an Authorization
layer on top of Java without low level hooks, this is built into our
software at a foundational level and cannot be removed.
Thank you.
Peter.
On 26/09/2024 9:55 pm, Mark Reinhold wrote:
// Correcting Sean’s e-mail address
https://openjdk.org/jeps/486
Summary: The Security Manager has not been the primary means of
securing client-side Java code for many years, it has rarely been used
to secure server-side code, and it is costly to maintain. We
therefore
deprecated it for removal in Java 17 via JEP 411 (2021). As the next
step toward removing the Security Manager, we will revise the Java
Platform specification so that developers cannot enable it and other
Platform classes do not refer to it. This change will have no impact
on the vast majority of applications, libraries, and tools. We will
remove the Security Manager API in a future release.
- Mark
