Confidential - Oracle Restricted \Including External Recipients
Lukasz,
Apologies. I should have mentioned the version that we are using. We
are on 6.8 at the moment.
Struts 7 running fine with jdk25 is good news though. We'll have the
option of upgrading to Struts 7 if Struts 6 gives us any issues.
Thanks
~Krishnaraj V
Confidential - Oracle Restricted \Including External Recipients
-----Original Message-----
From: Lukasz Lenart <[email protected]>
Sent: Monday, May 18, 2026 12:53 PM
To: Struts Users Mailing List <[email protected]>
Cc: Krishnaraj Viswanathan <[email protected]>
Subject: [External] : Re: JDK 25 support
pon., 18 maj 2026 o 06:33 Krishnaraj Viswanathan via user
<[email protected]> napisał(a):
>
> Confidential - Oracle Restricted \Including External Recipients
>
> I was checking if Struts would run with jdk25 and I see a possible issue with
> the usage of SecurityManager.
>
> getSecurityManager has been deprecated since Java24 and would return a null
> and setSecurityManager is removed. I see both these used in the Struts code.
> The getSecurityManager seems to be used with jasper and some security check
> and I assume there would not be an issue if I am not using jasper.
>
> The setSecurityManager seems to be used for some test
> classes(com.opensymphony.xwork2.inject.ContainerImplTest) and probably not
> used in run time.
>
> On the surface, I don't think there could be a runtime issue. Could anyone
> tell if I am right in my assumptions? Of course, a more detailed check would
> be required, but from an initial analysis perspective, am I in the right path?
We have a dedicated run on JDK25 and all looks good - Struts 7 should work on
Java 25 without an issue
https://urldefense.com/v3/__https://github.com/apache/struts/actions/runs/25915386346/job/76170649948__;!!ACWV5N9M2RV99hQ!Ltb_LRvARBKwrUDRaCY6meWSX9tAzMOc1TkQB1sZnae3jUShQCmB4-kMRPnUy_N834aok_kTZ-_oLpYi4kAgRXYCh9Oq0XMU$
Regards
Łukasz
