Daniel (dB.) Doubrovkine

[Catch All Triage - Attendees [1](https://github.com/dblock/), [2](https://github.com/krisfreedain), [3](https://github.com/andrross), [4](https://github.com/gkamat), [5](https://github.com/getsaurabh02)]

This might be of interest for the list of the APIs, https://github.com/opensearch-project/opensearch-api-specification/issues/236.

[Catch All Triage - Attendees [1](https://github.com/dblock/), [2](https://github.com/krisfreedain), [3](https://github.com/andrross), [4](https://github.com/gkamat), [5](https://github.com/getsaurabh02)]

@nknize suggested we remove security manager in 2.0, labelling issue as such - once we have agreed here on what to do for this issue let's open a campaign parent...

> @dblock would you mind if I submit a small patch for 1.3.x+ so it could be run on JDK 18? Thank you > > PS: To clarify why, JDK...

@davidlago Do you have a list of CVEs that were mitigated since the fork by JSM? For example, for the log4j RCE Security Manager + JDK >8 prevented LDAP/RMI connections....

> I general, like in Lucene core, we should keep support for SecurityManager/AccessController as long as possible. My question is still *why*? That's why I asked @davidlago of what actual...

[Catch All Triage - Attendees [1](https://github.com/dblock/), [2](https://github.com/krisfreedain), [3](https://github.com/andrross), [4](https://github.com/gkamat), [5](https://github.com/getsaurabh02)]

[Catch All Triage - Attendees [1](https://github.com/dblock/), [2](https://github.com/krisfreedain), [3](https://github.com/andrross), [4](https://github.com/gkamat), [5](https://github.com/getsaurabh02)]

[Catch All Triage - Attendees [1](https://github.com/dblock/), [2](https://github.com/krisfreedain), [3](https://github.com/andrross), [4](https://github.com/gkamat), [5](https://github.com/getsaurabh02)]