I agree to go ahead with the proposal. because with each new release of the JDK, something breaks. and we also ensure that the project is adapting to modernity. about the website, I think it would be worth putting a notice as to how far TomEE works with a certain version. congratulations on the analysis.
On Fri, Jun 27, 2025, 11:58 Alex The Rocker <alex.m3...@gmail.com> wrote: > Hello Richard, > > I fully agree with your proposal, and even if Java 24 is not LTS, the > changes which you are mentionning will help supporting Java 25 which > is the "next LTS to come" (in September 2025, so that's pretty close > from now). > > IHMO, the earlier we could get TomEE compatible with Java 24+, the better. > > Thanks this great heads-up ! > > Alex > > Le jeu. 26 juin 2025 à 09:02, Richard Zowalla <r...@apache.org> a écrit : > > > > Mistyped: 24 is not LTS :) > > > > > Am 26.06.2025 um 08:50 schrieb Richard Zowalla <r...@apache.org>: > > > > > > Hi all, > > > > > > I've created a branch here: https://github.com/apache/tomee/tree/jdk24 > that includes the same changes as shown in [1], allowing TomEE to run on > Java 24. This is necessary due to the removal and deprecation of several > SecurityManager-related classes. Some of these now throw exceptions in Java > 24, preventing TomEE from running / starting altogether. > > > > > > I completed a full build with Java 24 [2], and the only failures > observed were related to EJB method permission tests. Since Java 21, most > of the affected classes have become no-ops, meaning EJB method permissions > are no longer effectively enforced (as confirmed by running tests on Java > 21+). > > > > > > Given this, I propose we merge these changes after careful review. > > > > > > We can keep other SecurityManager-related logic, like > Subject.doAsPrivileged, for now—especially since EE10 still targets Java > 17, where these are deprecated but functional. In the longer term, we can > look into bridging/adapting these, as other ASF projects have done. It > would also be important to add a note on our download page that running > TomEE on Java 21+ currently does not guarantee EJB method security. > > > > > > From my perspective, merging these changes would benefit users who > aren’t relying on EJB method security, enabling them to run TomEE on Java > 24 (an LTS release). > > > > > > I'd like to open a discussion on how best to move forward with this. > > > > > > Gruß > > > Richard > > > > > > [1] > https://github.com/apache/tomee/commit/6d779321ddb9111cb46e7cd7f8e27929ff8bc3cc > > > [2] > https://ci-builds.apache.org/job/Tomee/job/pull-request-manual-jdk24/7/ > > > > > >
