JDK-8191138 : Remove deprecated java.security.acl APIs
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: java.security
  • Affected Version: 13
  • Priority: P3
  • Status: In Progress
  • Resolution: Unresolved
  • Submitted: 2017-11-13
  • Updated: 2019-05-15
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 14
Related Reports
CSR :  
Relates :  
Relates :  
The deprecated java.security.acl APIs were marked with forRemoval=true in JDK 10.
Re-targeting to 14. Also want to double-check a few projects that may still be using these APIs to make sure they have a plan in place to migrate away from these APIs if necessary.

Apache CXF also has dependencies on java.security.acl. See https://issues.apache.org/jira/browse/CXF-7815 (which has been resolved).

Re-targeting the removal to JDK 13. Although I believe usage of these APIs should be very rare, I would like to give the community more time to prepare for the removal, given that these were initially deprecated in JDK 9 and marked for removal in JDK 10. With the 6 month release cadence, the extra time will give us a higher level of confidence, especially as more developers and projects upgrade to JDK 11.

Re-targeting the removal of these APIs from JDK 11 to JDK 12. These APIs were initially deprecated in JDK 9 and marked for removal in JDK 10. Given the new 6 month release cadence, it may be too aggressive to deprecate and remove an API in 1 year. See also https://issues.apache.org/jira/browse/OAK-7024 for more info/progress on one project that is impacted by this removal.