GraxCode / threadtear

Multifunctional java deobfuscation tool suite
GNU General Public License v3.0
899 stars 123 forks source link

Security Manager Deprecation #62

Open x4e opened 3 years ago

x4e commented 3 years ago

Hello.

A new JEP was recently submitted to the security-dev mailing list proposing the depreciation of the Security Manager (for removal): https://openjdk.java.net/jeps/411.

I think that going forward the combination of lack of support for the Security Manager in the openjdk, as well as the lack of security it actually offers, make it unsuitable for continued use sandboxing code execution in threadtear.

There are some alternatives that should be considered: