apache · sboorlagadda · Oct 3, 2025 · Dec 11, 2025 · Dec 11, 2025 · Dec 11, 2025
diff --git a/geode-logging/src/main/java/org/apache/geode/logging/internal/OSProcess.java b/geode-logging/src/main/java/org/apache/geode/logging/internal/OSProcess.java
@@ -135,8 +135,6 @@ private static native int bgexecInternal(String[] cmdarray, String workdir, Stri
    *        inherited from the parent process and will overwrite same keys
    * @return the process id of the created process; -1 on failure
    * @exception SecurityException if the current thread cannot create a subprocess.
-   * @see java.lang.SecurityException
-   * @see java.lang.SecurityManager#checkExec(java.lang.String)
    */
   public static int bgexec(String[] cmdarray, File workdir, File logfile, boolean inheritLogfile,
       Map<String, String> env) throws IOException {
@@ -197,10 +195,6 @@ public static int bgexec(String[] cmdarray, File workdir, File logfile, boolean
       throw new IOException(String.format("the executable %s does not exist",
           cmd.getPath()));
     }
-    SecurityManager security = System.getSecurityManager();
-    if (security != null) {
-      security.checkExec(cmdarray[0]);
-    }
     if (workdir != null && !workdir.isDirectory()) {
       String curDir = new File("").getAbsolutePath();
       System.out.println(

diff --git a/proposals/GEODE-10479/GEODE-10531.md b/proposals/GEODE-10479/GEODE-10531.md
@@ -0,0 +1,76 @@
+h2. Summary
+
+Remove deprecated SecurityManager APIs from {{OSProcess.java}} that were marked for removal in Java 17 and already removed in Java 21. This issue blocks Java 21 migration.
+h2. Description
+
+The {{geode-logging}} module contains usage of {{java.lang.SecurityManager}} and {{System.getSecurityManager()}} APIs that have been deprecated for removal in Java 17 (JEP 411) and subsequently removed in Java 21.
+
+*Affected File:*
+{code:java}
+geode-logging/src/main/java/org/apache/geode/logging/internal/OSProcess.java:200
+{code}
+*Current Warnings:*
+{code:java}
+warning: [removal] SecurityManager in java.lang has been deprecated and marked for removal
+warning: [removal] getSecurityManager() in System has been deprecated and marked for removal
+{code}
+h2. Technical Details
+
+*Deprecated APIs:*
+ * {{java.lang.SecurityManager}} (class)
+ * {{java.lang.System.getSecurityManager()}} (method)
+
+*Deprecation Timeline:*
+ * Deprecated: Java 17 (JEP 411 - September 2021)
+ * Status: REMOVED in Java 21
+
+*Package:* {{org.apache.geode.logging.internal}}
+*Module:* {{geode-logging}}
+*Warning Type:* {{[removal]}}
+*Priority:* CRITICAL - Blocks Java 21 migration
+h2. Required Actions
+ # Remove all {{SecurityManager}} references from {{OSProcess.java}}
+ # Replace {{System.getSecurityManager()}} calls with modern security patterns
+ # Refactor security checks to use alternative approaches (context-specific permissions, Java Security API, or application-level security)
+ # Verify the code compiles with Java 17 without warnings
+ # Ensure functionality is preserved after removal
+
+h2. How to Verify Warnings
+
+*Step 1:* Enable warnings in {{{}build-tools/scripts/src/main/groovy/warnings.gradle{}}}:
+{code:groovy}
+tasks.withType(JavaCompile) {
+  options.compilerArgs << '-Xlint:unchecked' << '-Xlint:deprecation' << '-Xlint:removal'
+  options.deprecation = true
+}
+{code}
+*Step 2:* Build and check warnings:
+{code:bash}
+./gradlew clean :geode-logging:compileJava --no-build-cache 2>&1 | grep "warning:"
+{code}
+*Step 3:* After fixing, restore original configuration:
+{code:bash}
+git checkout build-tools/scripts/src/main/groovy/warnings.gradle
+{code}
+h2. References
+ * [JEP 411: Deprecate the Security Manager for Removal|https://openjdk.org/jeps/411]
+ * [Java 17 Release Notes - Security Manager Deprecation|https://www.oracle.com/java/technologies/javase/17-relnote-issues.html#JDK-8199704]
+ * [Migration Guide: Removing SecurityManager Usage|https://docs.oracle.com/en/java/javase/17/migrate/migrating-jdk-8-later-jdk-releases.html#GUID-7BB28E4D-99B3-4078-BDC4-FC24180CE82F]
+
+h2. Acceptance Criteria
+ * All {{SecurityManager}} and {{System.getSecurityManager()}} references removed from {{OSProcess.java}}
+ * Code compiles without {{[removal]}} warnings in Java 17
+ * Code compiles successfully in Java 21
+ * All existing tests pass
+ * Security functionality is preserved or replaced with modern alternatives
+ * No new security vulnerabilities introduced
+
+h2. Estimated Effort
+
+*Story Points:* 3
+*Time Estimate:* 2-4 hours
+h2. Impact
+
+*Risk:* CRITICAL - This is a Java 21 blocker. The code will not compile in Java 21 without this fix.
+*Scope:* 1 file, 1 location, 2 API references
+*Related Work:* Part of Java 17 warning cleanup effort (36 total warnings across 6 modules)
diff --git a/proposals/GEODE-10479/GEODE-10532.md b/proposals/GEODE-10479/GEODE-10532.md
@@ -0,0 +1,102 @@
+h2. Summary
+
+Replace deprecated {{ClientHttpResponse.getRawStatusCode()}} method with {{getStatusCode().value()}} in {{{}HttpRequester.java{}}}. This API is marked for removal in Spring Framework 7.0.
+h2. Description
+
+The {{geode-gfsh}} module contains 3 usages of {{ClientHttpResponse.getRawStatusCode()}} that has been deprecated for removal in Spring Framework 6.0 and will be removed in Spring Framework 7.0 (estimated 2026).
+
+*Affected File:*
+{code:java}
+geode-gfsh/src/main/java/org/apache/geode/management/internal/web/http/support/HttpRequester.java
+{code}
+*Affected Lines:* 113, 115, 117
+
+*Current Warnings:*
+{code:java}
+Line 113: warning: [removal] getRawStatusCode() in ClientHttpResponse has been deprecated and marked for removal
+Line 115: warning: [removal] getRawStatusCode() in ClientHttpResponse has been deprecated and marked for removal
+Line 117: warning: [removal] getRawStatusCode() in ClientHttpResponse has been deprecated and marked for removal
+{code}
+h2. Technical Details
+
+*Deprecated API:*
+ * {{org.springframework.http.client.ClientHttpResponse.getRawStatusCode()}}
+
+*Method Signature:*
+{code:java}
+int getRawStatusCode() throws IOException
+{code}
+*Deprecation Timeline:*
+ * Deprecated: Spring Framework 6.0
+ * Removal Target: Spring Framework 7.0 (estimated 2026)
+ * Status: Marked for removal
+
+*Replacement API:*
+ * {{org.springframework.http.HttpStatusCode.value()}}
+
+*Package:* {{org.apache.geode.management.internal.web.http.support}}
+*Module:* {{geode-gfsh}}
+*Warning Type:* {{[removal]}}
+*Priority:* HIGH - Blocks Spring Framework 7.0 migration
+h2. Migration Pattern
+
+*Before:*
+{code:java}
+int statusCode = response.getRawStatusCode();
+{code}
+*After:*
+{code:java}
+int statusCode = response.getStatusCode().value();
+{code}
+h2. Required Actions
+ # Locate all 3 occurrences of {{getRawStatusCode()}} in {{HttpRequester.java}} (lines 113, 115, 117)
+ # Replace {{response.getRawStatusCode()}} with {{response.getStatusCode().value()}}
+ # Verify the code compiles with Java 17 without warnings
+ # Run all GFSH-related tests to ensure HTTP status code handling works correctly
+ # Verify error handling and exception paths still function properly
+
+h2. How to Verify Warnings
+
+*Step 1:* Enable warnings in {{{}build-tools/scripts/src/main/groovy/warnings.gradle{}}}:
+{code:groovy}
+tasks.withType(JavaCompile) {
+  options.compilerArgs << '-Xlint:unchecked' << '-Xlint:deprecation' << '-Xlint:removal'
+  options.deprecation = true
+}
+{code}
+*Step 2:* Build and check warnings:
+{code:bash}
+./gradlew clean :geode-gfsh:compileJava --no-build-cache 2>&1 | grep "warning:"
+{code}
+*Step 3:* After fixing, restore original configuration:
+{code:bash}
+git checkout build-tools/scripts/src/main/groovy/warnings.gradle
+{code}
+h2. References
+ * [Spring Framework 6.0 Release Notes|https://github.com/spring-projects/spring-framework/wiki/What%27s-New-in-Spring-Framework-6.x]
+ * [ClientHttpResponse API Documentation|https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/http/client/ClientHttpResponse.html]
+ * [HttpStatusCode API Documentation|https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/http/HttpStatusCode.html]
+ * [Spring Framework Migration Guide|https://github.com/spring-projects/spring-framework/wiki/Upgrading-to-Spring-Framework-6.x]
+
+h2. Acceptance Criteria
+ * All 3 occurrences of {{getRawStatusCode()}} replaced with {{getStatusCode().value()}}
+ * Code compiles without {{[removal]}} warnings in Java 17
+ * All existing GFSH tests pass
+ * HTTP status code handling verified (success, error, and edge cases)
+ * No changes to public API behavior
+ * Exception handling remains consistent
+
+h2. Test Coverage
+
+Ensure the following scenarios are tested:
+ * Successful HTTP responses (200, 201, etc.)
+ * Client errors (400, 404, etc.)
+ * Server errors (500, 503, etc.)
+ * Edge cases (redirects, custom status codes)
+
+h2. Impact
+
+*Risk:* HIGH - This API will be removed in Spring Framework 7.0. The code will not compile without this fix when upgrading to Spring 7.x.
+*Scope:* 1 file, 3 locations (lines 113, 115, 117)
+*Related Work:* Part of Java 17 warning cleanup effort (36 total warnings across 6 modules)
+*Reusability:* Same fix pattern applies to all 3 occurrences - straightforward replacement