[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
Re: [jakartaee-platform-dev] [External] : Pending removal of security manager
|
The JEP only indicates that these APIs will begin the deprecation
process. Yes, we will need to address this, but the functionality
won't actually be removed, at the earliest, before the next
following LTS release (probably in the 20's).
If anyone has feedback, feel free to provide it via the JEP --
that is explicitly what this kind of notification process is
designed to solicit.
-- Ed
On 4/15/2021 1:37 PM, arjan tijms
wrote:
Hi,
Jakarta EE is specifically mentioned:
"Jakarta EE has several requirements on the Security
Manager. These must be either relaxed or removed in order
for compliant applications to run on future Java releases
after the Security Manager is degraded and then removed."
Now I've personally been arguing for not
using/depending on the security manager in server side
code for a long time. The idea of running potentially
untrusted code on your own server always struck me as
awkward and something you would not do anyway, even when
running multiple applications on a single server instance
was still somewhat of a thing.
The TCK and GlassFish use the security manager a lot,
so that would have to be removed depending on the final
outcome of JEP 411.
Kind regards,
Arjan
_______________________________________________
jakartaee-platform-dev mailing list
jakartaee-platform-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://urldefense.com/v3/__https://www.eclipse.org/mailman/listinfo/jakartaee-platform-dev__;!!GqivPVa7Brio!KRUFmjPeJ0n_GJjs6zgARB3Wzc1oJWADLIGbHn38hd92YjH_9Hg7etwr-0gjmRE$