On Mon, 18 Nov 2024 17:08:21 GMT, Kevin Walls <kev...@openjdk.org> wrote:
>> Remove redundant SecurityManager, AccessController references >> (following on from JDK-8338411: Implement JEP 486: Permanently Disable the >> Security Manager). > > Kevin Walls has updated the pull request incrementally with one additional > commit since the last revision: > > add back checkClassLoader MBeanServerAccessController.java: The access controller will refuse to create an MBean that is a ClassLoader. Previously, setting a SecurityManager would bypass this check. Without SM, keeping this restriction is a compatible and reasonable thing to do. If there do exist any MBeans which are ClassLoaders, then they have always required a SecurityManager, and therefore have more migration work to do. ------------- PR Comment: https://git.openjdk.org/jdk/pull/22100#issuecomment-2483652181
