Quality Outreach Heads-up - JDK 18: JEP 411

The OpenJDK Quality Group is promoting the testing of FOSS projects with OpenJDK builds as a way to improve the overall quality of the release. This heads-up is part of a regular communication sent to the projects involved. To learn more about the program, and how-to join, please check here.

JEP 411 - Deprecate the Security Manager for Removal

JEP 411 deprecates the Security Manager for removal in a future release. Starting JDK 18 EA b21, the default value of the java.security.manager system property is set to “disallow”. This means that any application or library that enables the Security Manager by calling System.setSecurityManager will now have to specify -Djava.security.manager=allow on the command-line in order for that code to continue working as expected. This change was originally targeted for JDK 17, but after some discussion and feedback from the community, the change was postponed to JDK 18.

Call to Action

This change is now effective so we encourage developers to test their codebase using the latest JDK 18 Early-Access build espcialy if it uses the Security Manager. Questions and proper feedback should be sent to the security-dev mailing list.