Emmanuel,
On 9/28/22 11:05, Emmanuel Bourg wrote:
The security manager has been deprecated for removal in Java 17 [1], and
at some point Tomcat will have to stop supporting it.
Do we want to wait until it's no longer available in the JDK to remove
it from Tomcat, or should we remove it earlier, maybe in Tomcat 10.1 or 11?
I tend to think there are better solutions at the OS level to isolate a
Tomcat instance nowadays, and I lean toward dropping it before its
removal from the JDK.
What do you think?
My only concern is that it may cause some headaches for anything we want
to back-port.
Mark has a separate thread about Loom and there will obviously be some
significant changes and incompatibilities introduced by that as well.
Doing them together makes sense to me.
But the SM code permeates all of Tomcat where the Loom stuff is likely
to be much more isolated. I think it will have farther-reaching impacts.
-chris
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
