Copilot commented on code in PR #3153: URL: https://github.com/apache/solr/pull/3153#discussion_r2332698204
########## solr/solr-ref-guide/modules/upgrade-notes/pages/major-changes-in-solr-9.adoc: ########## @@ -74,6 +74,9 @@ Due to changes in Lucene 9, that isn't possible any more. SolrJ users not using SolrClients that use Apache HttpClient can safely exclude those dependencies. SolrJ users not using SolrClients that use Jetty HttpClient can safely exclude those dependencies. +=== Java Security Manager +Java removed support for the Security Manager starting with Java 24, therefore Solr will disable the feature when run with Java 24 or later. + Review Comment: [nitpick] The documentation should clarify what this means for users. Consider adding information about whether this affects security posture, if there are alternative security measures, or if users need to take any action when upgrading to Java 24+. ```suggestion The Java Security Manager was historically used to restrict the actions that code could perform at runtime, providing an additional layer of security. With its removal in Java 24+, Solr will no longer be able to leverage this mechanism for sandboxing or limiting permissions. This may affect the overall security posture of Solr deployments, especially in environments where the Security Manager was used to enforce stricter controls. Users upgrading to Java 24 or later should review their security practices and consider alternative measures, such as running Solr in containers, using operating system-level controls (e.g., SELinux, AppArmor), or following the principle of least privilege for Solr processes. There is no direct replacement for the Security Manager in Java 24+, so it is important to ensure that your deployment is otherwise secured. No action is required for most users unless you previously relied on the Security Manager for additional protection. If so, you should plan to migrate to alternative security controls before upgrading to Java 24 or later. ``` -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
