Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

System::setSecurityManager is deprecated and will be removed in a future JDK release #1579

Closed
KengoTODA opened this issue Jun 13, 2021 · 13 comments · Fixed by #2123
Closed

Comments

@KengoTODA
Copy link
Member

We have several usage of System::setSecurityManager in SpotBugs implementation.

https://github.com/spotbugs/spotbugs/search?q=setSecurityManager&type=

spotbugs/src/main/java/edu/umd/cs/findbugs/PluginLoader.java:                System.setSecurityManager(null);
spotbugs/src/main/java/edu/umd/cs/findbugs/ba/jsr305/TypeQualifierValue.java:                        System.setSecurityManager(ValidationSecurityManager.INSTANCE);
spotbugs/src/main/java/edu/umd/cs/findbugs/ba/jsr305/TypeQualifierValue.java:                    System.setSecurityManager(ValidationSecurityManager.INSTANCE);
@KengoTODA KengoTODA changed the title System::setSecurityManager is deprecated and will be removed in a future release System::setSecurityManager is deprecated and will be removed in a future JDK release Jun 13, 2021
@jglick
Copy link

jglick commented Jul 30, 2021

See also #1515 (not a duplicate).

@famod
Copy link

famod commented Nov 4, 2021

People start shifting to Java 17 (latest LTS), me and my project included. So, any ETA on this? Thanks!

@DanySK
Copy link

DanySK commented Dec 10, 2021

I can confirm that Java 17 is pretty angry about that:

WARNING: A terminally deprecated method in java.lang.System has been called

WARNING: System::setSecurityManager has been called by edu.umd.cs.findbugs.ba.jsr305.TypeQualifierValue (file:/Users/runner/.gradle/caches/modules-2/files-2.1/com.github.spotbugs/spotbugs/4.5.1/7550ccc52981cb741fef57829763dec869c9b392/spotbugs-4.5.1.jar)
> Task :alchemist-swingui:spotbugsMain
WARNING: Please consider reporting this to the maintainers of edu.umd.cs.findbugs.ba.jsr305.TypeQualifierValue
WARNING: System::setSecurityManager will be removed in a future release

@josephjthomas
Copy link

Is there an update on this issue? I'm slowly shifting projects to Java 17 and notice the warning nagging me to report the issue.

@stolsvik
Copy link

This is pretty frustrating now that we're moving over to Java 17. Our builds output 12 lines of "WARNING:..." due to this.
Such problems leads to warning-fatigue. A build shall have zero warnings. But now a bug-warning system dumps a heap of warnings in our lap, which are hard to remove.

@KengoTODA
Copy link
Member Author

so we welcome your contribution :)

wborn added a commit to wborn/spotbugs that referenced this issue Mar 17, 2022
The Security Manager is deprecated and subject to removal in a future release. There is no replacement for the Security Manager.

See also spotbugs#1579
@wborn
Copy link
Contributor

wborn commented Mar 17, 2022

My proposal is to stop using the ValidationSecurityManager, see #1983. Looks like it is only there to help with troubleshooting certain issues. WDYT? 🙂

wborn added a commit to wborn/spotbugs that referenced this issue Mar 17, 2022
The Security Manager is deprecated and subject to removal in a future release. There is no replacement for the Security Manager.

See also spotbugs#1579
wborn added a commit to wborn/spotbugs that referenced this issue Mar 22, 2022
The Security Manager is deprecated and subject to removal in a future release. There is no replacement for the Security Manager.

See also spotbugs#1579
@mcandre
Copy link

mcandre commented Mar 31, 2022

At the very least would do well to have an option available to exclude.xml to disable the security manager.

@stevenschlansker
Copy link

Now with Java 18, this is an error, not a warning:

[INFO] --- spotbugs-maven-plugin:4.5.3.0:spotbugs (spotbugs) @ service ---
[INFO] Fork Value is true
     [java] The following errors occurred during analysis:
     [java]   Unable to construct type qualifier checker javax/annotation/Nonnull$Checker
     [java]     java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release
     [java]       At java.base/java.lang.System.setSecurityManager(System.java:416)
     [java]       At edu.umd.cs.findbugs.ba.jsr305.TypeQualifierValue.<init>(TypeQualifierValue.java:157)
     [java]       At edu.umd.cs.findbugs.ba.jsr305.TypeQualifierValue.getValue(TypeQualifierValue.java:298)
     [java]       At edu.umd.cs.findbugs.ba.jsr305.TypeQualifierValue.getValue(TypeQualifierValue.java:306)
     [java]       At edu.umd.cs.findbugs.ba.npe.TypeQualifierNullnessAnnotationDatabase.<init>(TypeQualifierNullnessAnnotationDatabase.java:70)
     [java]       At edu.umd.cs.findbugs.ba.AnalysisContext.getNullnessAnnotationDatabase(AnalysisContext.java:1055)
     [java]       At edu.umd.cs.findbugs.ba.AnalysisContext.updateDatabases(AnalysisContext.java:1008)
     [java]       At edu.umd.cs.findbugs.FindBugs2.analyzeApplication(FindBugs2.java:1061)
     [java]       At edu.umd.cs.findbugs.FindBugs2.execute(FindBugs2.java:309)
     [java]       At edu.umd.cs.findbugs.FindBugs.runMain(FindBugs.java:395)
     [java]       At edu.umd.cs.findbugs.FindBugs2.main(FindBugs2.java:1231)

KengoTODA added a commit that referenced this issue Apr 8, 2022
The Security Manager is deprecated and subject to removal in a future release. There is no replacement for the Security Manager.

See also #1579

Co-authored-by: Kengo TODA <[email protected]>
raphw added a commit to raphw/spotbugs that referenced this issue Jul 27, 2022
raphw added a commit to raphw/spotbugs that referenced this issue Jul 27, 2022
… deprecated for removal.

This fixes spotbugs#1579. If needed, disabling the security manager can still be requested on Java 17
and newer by setting the 'edu.umd.cs.findbugs.securityManagerDisabled' property to 'false'.
Using this property also allows to disable this functionality on older VMs.
raphw added a commit to raphw/spotbugs that referenced this issue Jul 31, 2022
… deprecated for removal.

This fixes spotbugs#1579. If needed, disabling the security manager can still be requested on Java 17
and newer by setting the 'edu.umd.cs.findbugs.securityManagerDisabled' property to 'false'.
Using this property also allows to disable this functionality on older VMs.
raphw added a commit to raphw/spotbugs that referenced this issue Aug 29, 2022
… deprecated for removal.

This fixes spotbugs#1579. If needed, disabling the security manager can still be requested on Java 17
and newer by setting the 'edu.umd.cs.findbugs.securityManagerDisabled' property to 'false'.
Using this property also allows to disable this functionality on older VMs.
raphw added a commit to raphw/spotbugs that referenced this issue Aug 29, 2022
… deprecated for removal.

This fixes spotbugs#1579. If needed, disabling the security manager can still be requested on Java 17
and newer by setting the 'edu.umd.cs.findbugs.securityManagerDisabled' property to 'false'.
Using this property also allows to disable this functionality on older VMs.
KengoTODA added a commit that referenced this issue Sep 5, 2022
… deprecated for removal. (#2123)

* Do not disable the security manager on Java 17 VMs and newer as it is deprecated for removal.

This fixes #1579. If needed, disabling the security manager can still be requested on Java 17
and newer by setting the 'edu.umd.cs.findbugs.securityManagerDisabled' property to 'false'.
Using this property also allows to disable this functionality on older VMs.

* make the field private and final

Co-authored-by: Kengo TODA <[email protected]>
Co-authored-by: Kengo TODA <[email protected]>
@io7m
Copy link

io7m commented Nov 14, 2022

This is marked as completed, and unless I'm mistaken, it's in the latest 4.7.3.0 release, however I'm seeing this error in the latest release that seems to be related to this but not quite the same:

2022-11-12T22:25:37.2078926Z [ERROR] Failed to execute goal com.github.spotbugs:spotbugs-maven-plugin:4.7.3.0:spotbugs (spotbugs) on project com.io7m.jintegers.core: Execution spotbugs of goal com.github.spotbugs:spotbugs-maven-plugin:4.7.3.0:spotbugs failed: java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release -> [Help 1]
2022-11-12T22:25:37.2080927Z org.apache.maven.lifecycle.LifecycleExecutionException: Failed to execute goal com.github.spotbugs:spotbugs-maven-plugin:4.7.3.0:spotbugs (spotbugs) on project com.io7m.jintegers.core: Execution spotbugs of goal com.github.spotbugs:spotbugs-maven-plugin:4.7.3.0:spotbugs failed: java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release
2022-11-12T22:25:37.2081955Z     at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:375)
2022-11-12T22:25:37.2082559Z     at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
2022-11-12T22:25:37.2125766Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
2022-11-12T22:25:37.2126771Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
2022-11-12T22:25:37.2128066Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
2022-11-12T22:25:37.2128916Z     at org.apache.maven.lifecycle.internal.MojoExecutor.executeForkedExecutions (MojoExecutor.java:508)
2022-11-12T22:25:37.2129656Z     at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:345)
2022-11-12T22:25:37.2130200Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
2022-11-12T22:25:37.2130737Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
2022-11-12T22:25:37.2133126Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
2022-11-12T22:25:37.2134256Z     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
2022-11-12T22:25:37.2135181Z     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
2022-11-12T22:25:37.2137097Z     at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
2022-11-12T22:25:37.2138118Z     at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
2022-11-12T22:25:37.2140535Z     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294)
2022-11-12T22:25:37.2142078Z     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
2022-11-12T22:25:37.2142767Z     at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
2022-11-12T22:25:37.2145223Z     at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
2022-11-12T22:25:37.2146101Z     at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
2022-11-12T22:25:37.2147557Z     at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
2022-11-12T22:25:37.2149033Z     at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:104)
2022-11-12T22:25:37.2149824Z     at java.lang.reflect.Method.invoke (Method.java:578)
2022-11-12T22:25:37.2151393Z     at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
2022-11-12T22:25:37.2152705Z     at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
2022-11-12T22:25:37.2155612Z     at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
2022-11-12T22:25:37.2156397Z     at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
2022-11-12T22:25:37.2168110Z Caused by: org.apache.maven.plugin.PluginExecutionException: Execution spotbugs of goal com.github.spotbugs:spotbugs-maven-plugin:4.7.3.0:spotbugs failed: java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release
2022-11-12T22:25:37.2169269Z     at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:148)
2022-11-12T22:25:37.2170121Z     at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370)
2022-11-12T22:25:37.2170693Z     at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
2022-11-12T22:25:37.2171392Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
2022-11-12T22:25:37.2172004Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
2022-11-12T22:25:37.2172577Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
2022-11-12T22:25:37.2173219Z     at org.apache.maven.lifecycle.internal.MojoExecutor.executeForkedExecutions (MojoExecutor.java:508)
2022-11-12T22:25:37.2173865Z     at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:345)
2022-11-12T22:25:37.2174427Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
2022-11-12T22:25:37.2175223Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
2022-11-12T22:25:37.2176031Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
2022-11-12T22:25:37.2176780Z     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
2022-11-12T22:25:37.2177604Z     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
2022-11-12T22:25:37.2178389Z     at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
2022-11-12T22:25:37.2179406Z     at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
2022-11-12T22:25:37.2180187Z     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294)
2022-11-12T22:25:37.2180967Z     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
2022-11-12T22:25:37.2181599Z     at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
2022-11-12T22:25:37.2188902Z     at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
2022-11-12T22:25:37.2189416Z     at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
2022-11-12T22:25:37.2189905Z     at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
2022-11-12T22:25:37.2190433Z     at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:104)
2022-11-12T22:25:37.2190933Z     at java.lang.reflect.Method.invoke (Method.java:578)
2022-11-12T22:25:37.2191441Z     at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
2022-11-12T22:25:37.2192250Z     at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
2022-11-12T22:25:37.2192894Z     at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
2022-11-12T22:25:37.2193475Z     at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
2022-11-12T22:25:37.2194132Z Caused by: org.apache.tools.ant.BuildException: java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release
2022-11-12T22:25:37.2194771Z     at org.apache.tools.ant.taskdefs.ExecuteJava.execute (ExecuteJava.java:194)
2022-11-12T22:25:37.2195227Z     at org.apache.tools.ant.taskdefs.Java.run (Java.java:891)
2022-11-12T22:25:37.2195665Z     at org.apache.tools.ant.taskdefs.Java.executeJava (Java.java:231)
2022-11-12T22:25:37.2196127Z     at org.apache.tools.ant.taskdefs.Java.executeJava (Java.java:135)
2022-11-12T22:25:37.2196687Z     at org.apache.tools.ant.taskdefs.Java.execute (Java.java:108)
2022-11-12T22:25:37.2197085Z     at org.apache.tools.ant.UnknownElement.execute (UnknownElement.java:299)
2022-11-12T22:25:37.2197686Z     at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:104)
2022-11-12T22:25:37.2199282Z     at java.lang.reflect.Method.invoke (Method.java:578)
2022-11-12T22:25:37.2199781Z     at org.apache.tools.ant.dispatch.DispatchUtils.execute (DispatchUtils.java:99)
2022-11-12T22:25:37.2200265Z     at groovy.ant.AntBuilder.performTask (AntBuilder.java:347)
2022-11-12T22:25:37.2200686Z     at groovy.ant.AntBuilder.nodeCompleted (AntBuilder.java:286)
2022-11-12T22:25:37.2201146Z     at groovy.util.BuilderSupport.doInvokeMethod (BuilderSupport.java:161)
2022-11-12T22:25:37.2201593Z     at groovy.ant.AntBuilder.doInvokeMethod (AntBuilder.java:219)
2022-11-12T22:25:37.2202045Z     at groovy.util.BuilderSupport.invokeMethod (BuilderSupport.java:75)
2022-11-12T22:25:37.2202765Z     at org.codehaus.groovy.vmplugin.v8.IndyGuardsFiltersAndSignatures.invokeGroovyObjectInvoker (IndyGuardsFiltersAndSignatures.java:149)
2022-11-12T22:25:37.2203514Z     at org.codehaus.groovy.vmplugin.v8.IndyInterface.fromCache (IndyInterface.java:318)
2022-11-12T22:25:37.2204099Z     at org.codehaus.mojo.spotbugs.SpotBugsMojo.executeSpotbugs (SpotBugsMojo.groovy:1184)
2022-11-12T22:25:37.2204670Z     at org.codehaus.groovy.vmplugin.v8.IndyInterface.fromCache (IndyInterface.java:318)
2022-11-12T22:25:37.2205247Z     at org.codehaus.mojo.spotbugs.SpotBugsMojo.canGenerateReport (SpotBugsMojo.groovy:673)
2022-11-12T22:25:37.2205812Z     at org.codehaus.groovy.vmplugin.v8.IndyInterface.fromCache (IndyInterface.java:318)
2022-11-12T22:25:37.2206353Z     at org.codehaus.mojo.spotbugs.SpotBugsMojo.execute (SpotBugsMojo.groovy:799)
2022-11-12T22:25:37.2206963Z     at org.apache.maven.plugin.DefaultBuildPluginManager.executeMojo (DefaultBuildPluginManager.java:137)
2022-11-12T22:25:37.2207601Z     at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute2 (MojoExecutor.java:370)
2022-11-12T22:25:37.2208307Z     at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:351)
2022-11-12T22:25:37.2208868Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
2022-11-12T22:25:37.2209419Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
2022-11-12T22:25:37.2210076Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
2022-11-12T22:25:37.2210746Z     at org.apache.maven.lifecycle.internal.MojoExecutor.executeForkedExecutions (MojoExecutor.java:508)
2022-11-12T22:25:37.2211571Z     at org.apache.maven.lifecycle.internal.MojoExecutor.doExecute (MojoExecutor.java:345)
2022-11-12T22:25:37.2212263Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:215)
2022-11-12T22:25:37.2212814Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:171)
2022-11-12T22:25:37.2213376Z     at org.apache.maven.lifecycle.internal.MojoExecutor.execute (MojoExecutor.java:163)
2022-11-12T22:25:37.2214203Z     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:117)
2022-11-12T22:25:37.2214990Z     at org.apache.maven.lifecycle.internal.LifecycleModuleBuilder.buildProject (LifecycleModuleBuilder.java:81)
2022-11-12T22:25:37.2217759Z     at org.apache.maven.lifecycle.internal.builder.singlethreaded.SingleThreadedBuilder.build (SingleThreadedBuilder.java:56)
2022-11-12T22:25:37.2218547Z     at org.apache.maven.lifecycle.internal.LifecycleStarter.execute (LifecycleStarter.java:128)
2022-11-12T22:25:37.2219457Z     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:294)
2022-11-12T22:25:37.2219889Z     at org.apache.maven.DefaultMaven.doExecute (DefaultMaven.java:192)
2022-11-12T22:25:37.2220327Z     at org.apache.maven.DefaultMaven.execute (DefaultMaven.java:105)
2022-11-12T22:25:37.2220744Z     at org.apache.maven.cli.MavenCli.execute (MavenCli.java:960)
2022-11-12T22:25:37.2221148Z     at org.apache.maven.cli.MavenCli.doMain (MavenCli.java:293)
2022-11-12T22:25:37.2221536Z     at org.apache.maven.cli.MavenCli.main (MavenCli.java:196)
2022-11-12T22:25:37.2222197Z     at jdk.internal.reflect.DirectMethodHandleAccessor.invoke (DirectMethodHandleAccessor.java:104)
2022-11-12T22:25:37.2222816Z     at java.lang.reflect.Method.invoke (Method.java:578)
2022-11-12T22:25:37.2274170Z     at org.codehaus.plexus.classworlds.launcher.Launcher.launchEnhanced (Launcher.java:282)
2022-11-12T22:25:37.2274832Z     at org.codehaus.plexus.classworlds.launcher.Launcher.launch (Launcher.java:225)
2022-11-12T22:25:37.2275447Z     at org.codehaus.plexus.classworlds.launcher.Launcher.mainWithExitCode (Launcher.java:406)
2022-11-12T22:25:37.2276042Z     at org.codehaus.plexus.classworlds.launcher.Launcher.main (Launcher.java:347)
2022-11-12T22:25:37.2276618Z Caused by: java.lang.UnsupportedOperationException: The Security Manager is deprecated and will be removed in a future release
2022-11-12T22:25:37.2277126Z     at java.lang.System.setSecurityManager (System.java:425)
2022-11-12T22:25:37.2277634Z     at org.apache.tools.ant.types.Permissions.setSecurityManager (Permissions.java:103)
2022-11-12T22:25:37.2278291Z     at org.apache.tools.ant.taskdefs.ExecuteJava.run (ExecuteJava.java:216)
2022-11-12T22:25:37.2278671Z     at java.lang.Thread.run (Thread.java:1589)

@HaasJona
Copy link

That setSecurityManager call isn't directly called by SpotBugs, seems to have to do with ant Permissions. Maybe https://mail.openjdk.org/pipermail/security-dev/2021-June/026660.html helps.

@jglick
Copy link

jglick commented Nov 15, 2022

@io7m looks to be spotbugs/spotbugs-maven-plugin#423

@io7m
Copy link

io7m commented Nov 15, 2022

Ah, thanks. Didn't realize the Maven plugin was tracked in a different repos. 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet