On 28/09/2022 16:05, Emmanuel Bourg wrote:
Hi all,
The security manager has been deprecated for removal in Java 17 [1], and
at some point Tomcat will have to stop supporting it.
Do we want to wait until it's no longer available in the JDK to remove
it from Tomcat, or should we remove it earlier, maybe in Tomcat 10.1 or 11?
I tend to think there are better solutions at the OS level to isolate a
Tomcat instance nowadays, and I lean toward dropping it before its
removal from the JDK.
What do you think?
I was thinking of proposing its removal for Tomcat 11. I think 10.1 is a
little early.
Mark
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
