😒 More Work For Coders. Java 24 Ends With The Strictest Security Model

Java 24 was just released. Security Manager is gone. You have to block system.exit on your own

Open JDK, the open source reference implementation of Java reached version 24 on 18 March 2025.

It comes with 24 features, of which some, as usual, move throught the Java baking process.

The most interesting one is JEP 486 that permanently disables Security Manager.

Some coders express disappointment in this decision because they relied on this feature and now they have to find alternatives on their own.

Security Manager was always part of Java as an expression of the security rule of no permissions by default. It means that an app doesn’t have permissions to files, network, system.exit etc by default.

If a developer decides he needs some permissions he declared them in a policy file.

This approach is good for security because if the app will execute malcious code from a third party library, such malcious code has limited opportunities to express the desire to do bad things to good people.

It may come as surprise, just like every Elon Musk’s tweet, Java committee is getting rid of such useful…