"We have updated the JEP with a few changes to the "Issue Warnings"
section [1], summarized as follows:

If the Java runtime is started without setting the system property
'java.security.manager' then a custom Security Manager can be installed
dynamically by calling System::setSecurityManager, just as in Java 16.
No UnsupportedOperationException will be thrown. This call will,
however, issue a warning message explaining that the Security Manager is
deprecated and will be removed in a future release.

We plan to change the default value of the 'java.security.manager'
system property to "disallow" in the next release, i.e., Java 18. That
will cause System::setSecurityManager to throw an
UnsupportedOperationException in Java 18.

With these changes, the process of deprecating and eventually removing
the Security Manager will be consistent with our treatment of past
breaking changes such as, e.g., the strong encapsulation of internal
APIs. Maintainers of libraries and applications will be given fair
warning before any existing code is broken."