Java 17

[ThexXTURBOXx]

Java 17 deprecated the SecurityManager and so, we should plan to move on somehow... But how?

As far as I know, there is no real replacement for the SecurityManager, which will make this change pretty hard. Maybe, it's just best to ignore the warning?

For more information, here is the warning:

WARNING: A terminally deprecated method in java.lang.System has been called
WARNING: System::setSecurityManager has been called by the.bytecode.club.bytecodeviewer.BytecodeViewer (file:/F:/Misc/SelfBuilt/bytecode-viewer/target/classes/)
WARNING: Please consider reporting this to the maintainers of the.bytecode.club.bytecodeviewer.BytecodeViewer
WARNING: System::setSecurityManager will be removed in a future release

[Janmm14]

They plan on having some new api parts in other systems like Java Flight Recorder to cover this.

I wonder why this even has a security manager, i thought this would never load or execute untrusted code?

[ThexXTURBOXx]

The SecurityManager is not only for security purposes, but rather provides more functionality than that.

BCV uses this for example to block System#exits. APKTool does stuff like that, which wouldn't be very nice in normal environments :)

[Konloch]

From a security stand point I've done some recent updates to it to help sandbox the plugins (now that plugins are ran via files I figured I would try sandboxing it, currently theres a bug though so it's not working as intended.

You can also run the loaded class files (Ctrl + R I believe, or via EZ-Inject plugin), and some of the string decrypter plugins will run the init function after loading the classes into memory, so theres a couple ways to execute code via BCV.

I'm not sure what the best solution is but I figure until it's removed we could just keep it in.