Hi, If it helps, commons weaver ( https://commons.apache.org/proper/commons-weaver/commons-weaver-parent/commons-weaver-modules-parent/commons-weaver-privilizer-parent/index.html) can help for the backport part (enable or not the run in build.xml).
Romain Le dim. 2 oct. 2022 à 06:42, Christopher Schultz < ch...@christopherschultz.net> a écrit : > Emmanuel, > > On 9/28/22 11:05, Emmanuel Bourg wrote: > > The security manager has been deprecated for removal in Java 17 [1], and > > at some point Tomcat will have to stop supporting it. > > > > Do we want to wait until it's no longer available in the JDK to remove > > it from Tomcat, or should we remove it earlier, maybe in Tomcat 10.1 or > 11? > > > > I tend to think there are better solutions at the OS level to isolate a > > Tomcat instance nowadays, and I lean toward dropping it before its > > removal from the JDK. > > > > What do you think? > > My only concern is that it may cause some headaches for anything we want > to back-port. > > Mark has a separate thread about Loom and there will obviously be some > significant changes and incompatibilities introduced by that as well. > Doing them together makes sense to me. > > But the SM code permeates all of Tomcat where the Loom stuff is likely > to be much more isolated. I think it will have farther-reaching impacts. > > -chris > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > >
