On Wed, Sep 28, 2022 at 5:41 PM Mark Thomas <ma...@apache.org> wrote: > > On 28/09/2022 16:05, Emmanuel Bourg wrote: > > Hi all, > > > > The security manager has been deprecated for removal in Java 17 [1], and > > at some point Tomcat will have to stop supporting it. > > > > Do we want to wait until it's no longer available in the JDK to remove > > it from Tomcat, or should we remove it earlier, maybe in Tomcat 10.1 or 11? > > > > I tend to think there are better solutions at the OS level to isolate a > > Tomcat instance nowadays, and I lean toward dropping it before its > > removal from the JDK. > > > > What do you think? > > I was thinking of proposing its removal for Tomcat 11. I think 10.1 is a > little early.
+1 if we want to attempt it 11 would be a plan. 12 would be too far away (it's frustrating !). -1 for 10.1, it's released now. Rémy > Mark > > --------------------------------------------------------------------- > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org