-
Bug
-
Resolution: Not an Issue
-
P3
-
None
-
24
-
generic
-
generic
ADDITIONAL SYSTEM INFORMATION :
This is related to the removal of the Security Manager and affects Java 24 and above.
A DESCRIPTION OF THE PROBLEM :
The java.security.Security class allows Security Providers to be added, removed, or reordered. Prior to Java 24, the Security Manager could be used to restrict this functionality. In Java 24 and above, there is no way to do this. This is critical for applications that use third party libraries, or for frameworks that allow third parties to add their own code to the application while still trying to maintain a security baseline. An application should be able to choose what Security Providers are allowed while still being able to use third party libraries.
This is related to the removal of the Security Manager and affects Java 24 and above.
A DESCRIPTION OF THE PROBLEM :
The java.security.Security class allows Security Providers to be added, removed, or reordered. Prior to Java 24, the Security Manager could be used to restrict this functionality. In Java 24 and above, there is no way to do this. This is critical for applications that use third party libraries, or for frameworks that allow third parties to add their own code to the application while still trying to maintain a security baseline. An application should be able to choose what Security Providers are allowed while still being able to use third party libraries.