Hi all,
The security manager has been deprecated for removal in Java 17 [1], and
at some point Tomcat will have to stop supporting it.
Do we want to wait until it's no longer available in the JDK to remove
it from Tomcat, or should we remove it earlier, maybe in Tomcat 10.1 or 11?
I tend to think there are better solutions at the OS level to isolate a
Tomcat instance nowadays, and I lean toward dropping it before its
removal from the JDK.
What do you think?
Emmanuel Bourg
[1] https://openjdk.org/jeps/411
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
