[ https://issues.jboss.org/browse/JBWS-4133?page=com.atlassian.jira.plugin.... ] r searls commented on JBWS-4133: -------------------------------- There are a handful of classes that import one or both of following security APIs deprecated in jdk-9. java.security.acl.Group java.security.Principal Both of these classes are used as building blocks (i.e input and output parameters) to apache classes which jbossws-cxf uses. org.apache.cxf.security.SecurityContext org.apache.cxf.common.security.SimplePrincipal org.apache.cxf.interceptor.security.DefaultSecurityContext Because of this we need to wait until cxf changes their classes before we make corresponding changes to jbossws-cxf. Sean Mullan states in https://issues.apache.org/jira/browse/CXF-7815 in a 7/Nov18 comment ... they are deferring removal of java.security.acl APIs to jdk-13 cxf-3.3.1 has no changes on this issue. We should wait on CXF. -- This message was sent by Atlassian Jira (v7.12.1#712002)