Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: [rest-dev] [External] : [jakartaee-platform-dev] Fwd: [ec] JSR 399 (Java SE 24): JEP Proposed to Target: 486: Permanently Disable the Security Manager

May I ask why? The security manager still exists, it's just deprecated. I think it's fine to remove it for 5.0, but I see no reason to do a service release to remove it.


James R. Perkins

Principal Software Engineer

Red Hat



On Fri, Nov 8, 2024 at 12:54 AM Gurunandan Rao via rest-dev <rest-dev@xxxxxxxxxxx> wrote:
Hi Ivar,

Jakarta Rest API 4.0.0 has dependency on Security Manager as per issue - https://github.com/jakartaee/rest/issues/1262

IMO, Service release of Rest API 4.0.0 will be required to address the issue.

regards,
Guru


From: jakartaee-platform-dev <jakartaee-platform-dev-bounces@xxxxxxxxxxx> on behalf of Ivar Grimstad via jakartaee-platform-dev <jakartaee-platform-dev@xxxxxxxxxxx>
Sent: 02 November 2024 12:40
To: jakartaee-platform-dev@xxxxxxxxxxx <jakartaee-platform-dev@xxxxxxxxxxx>
Cc: Ivar Grimstad <ivar.grimstad@xxxxxxxxxxxxxxxxxxxxxx>
Subject: [External] : [jakartaee-platform-dev] Fwd: [ec] JSR 399 (Java SE 24): JEP Proposed to Target: 486: Permanently Disable the Security Manager
 
It looks like we made the right choice by removing all references to the Security Manager in Jakarta EE 11.

Ivar

---------- Forwarded message ---------
From: Iris Clark <iris.clark@xxxxxxxxxx>
Date: Sat, Nov 2, 2024 at 12:16 AM
Subject: [ec] JSR 399 (Java SE 24): JEP Proposed to Target: 486: Permanently Disable the Security Manager
To: java-se-spec-experts@xxxxxxxxxxx <java-se-spec-experts@xxxxxxxxxxx>


The following JEP with scope "SE" has been proposed to target JDK 24:

  486: Permanently Disable the Security Manager
       https://openjdk.org/jeps/486

  Summary: The Security Manager has not been the primary means of
  securing client-side Java code for many years, it has rarely been used
  to secure server-side code, and it is costly to maintain.  We therefore
  deprecated it for removal in Java 17 via JEP 411 (2021).  As the next
  step toward removing the Security Manager, we will revise the Java
  Platform specification so that developers cannot enable it and other
  Platform classes do not refer to it.  This change will have no impact
  on the vast majority of applications, libraries, and tools.  We will
  remove the Security Manager API in a future release.

The announced deadline for feedback to jdk-dev is Fri 8 Nov 20:00 UTC:

    https://mail.openjdk.org/pipermail/jdk-dev/2024-November/009601.html

If there are no unresolved objections at that time, then the JEP will be moved
to the Targeted state, indicating that the feature is expected to appear in
the specified release of the JDK Project.  For more information about states,
see the JEP Process document:

    https://openjdk.org/jeps/1

A dashboard that lists JEPs with "SE" scope may be found via a link on this
page:

    https://openjdk.org/projects/jdk/24/spec/

Thanks,
Iris


--

Ivar Grimstad

Jakarta EE Developer Advocate | Eclipse Foundation Eclipse Foundation - Community. Code. Collaboration. 

_______________________________________________
rest-dev mailing list
rest-dev@xxxxxxxxxxx
To unsubscribe from this list, visit https://accounts.eclipse.org

Back to the top