Posted on April 15, 2021
Deprecate the Security Manager for removal in a future release. The Security Manager dates from Java 1.0. It has not been the primary means of securing client-side Java code for many years, and it has rarely been used to secure server-side code. To move Java forward, we intend to deprecate the Security Manager for removal in concert with the legacy Applet API (JEP 398).
More at https://mail.openjdk.java.net/pipermail/jdk-dev/2021-April/005298.html