On 07/04/2026 01:19, Peter Firmstone wrote:
Previously when a SecurityManager wasn't enabled Permission::checkGuard didn't throw a SecurityException. The new behaviour is to throw a SecurityException when SecurityManager is not enabled. I understand that OpenJDK wishes to expedite the removal of these methods from existing code, however this method has not been deprecated and the new behaviour breaks backward compatibility. Code that runs on Java 8 or 11 containing these methods cannot run unmodified on Java 26.
See JEP 486 [1], specifically the section starting "A very small number of libraries use advanced parts of the Security Manager API to implement a custom execution environment" where it explains that these methods have had to be changed to "implement an execution environment that disallows access to all resources".
-Alan [1] https://openjdk.org/jeps/486
