Merge branch 'trunk' of https://github.com/pfirmstone/JGDMS into trunk

pfirmstone · pfirmstone · commit f0602844e517 · 2024-11-18T08:52:04.000+10:00
diff --git a/JGDMS/pom.xml b/JGDMS/pom.xml
@@ -115,7 +115,7 @@
 
   <properties>
     <github.repo.basename>pfirmstone</github.repo.basename>
-    <groovy.version>2.4.12</groovy.version>
+    <groovy.version>2.4.21</groovy.version>
     <gmaven.version>1.5</gmaven.version>
     <gmavenProviderSelection>2.0</gmavenProviderSelection>
     <junit.version>4.8.2</junit.version>
@@ -189,7 +189,7 @@
         <plugin>
             <groupId>biz.aQute.bnd</groupId>
             <artifactId>bnd-maven-plugin</artifactId>
-            <version>4.2.0</version>
+            <version>7.0.0</version>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
diff --git a/README.md b/README.md
@@ -42,6 +42,11 @@ https://groups.google.com/forum/#!forum/river-secure-ipv6-discovery
 * Unnecessary DNS calls have been eliminated.
 * Hi performance lookup service method delays or avoids unnecessary codebase downloads.
 
-## A footnote on JEP411
+## For secuity reasons, Java 24 and later versions are not supported.
+* Authorization is a foundational component of JGDMS, required to limit privileges between cooperating, trusted but independant parties.  Just because you trust to do business with someone, doesn't mean you would allow them to access all your personal information.
+* We do not reccommend you run untrusted code (sandboxing), with JGDMS, you can ensure that users are only granted privileges using the code you intended them to use.
+* If you would like to assist maintaining a fork of Java that includes Authorization, please get in touch.
+
+## A footnote on JEP411 and JEP486
 In years to come, when Java deployments are sufferring from multiple vulnerabilities, the decision to remove Authorization from Java will be seen with hindsight as one of the biggest blunders made by the OpenJDK team.   Java might have avoided a number of vulnerabilities, had Java's trusted computing base remained small, had permission checks been made for enabling data parsing, and the work of Li Gong been properly maintained.  I strongly advise against running without a SecurityManager, JGDMS has for many years been run with the SecurityManager enabled.   Statments made on the JEP411 page, are simply incorrect.   The time will come when this footnote is proven correct.   
 * https://youtu.be/uVob-4aXbxY
