Enable the hardened java security manager

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • The glide.security.manager property contains the Java classname of the current Java security manager.

    The glide.security.manager system property contains Java classname of current Java security manager. ServiceNow has standardized on the Contextual Security Manager. If glide.security.manager is not set to the recommended value of com.glide.sys.security.ContextualSecurityManager, then the instance may be using an obsolete Java security manager, which is missing expected hardening policies.

    Ensure the property glide.security.manager is set to com.glide.sys.security.ContextualSecurityManager.

    Warning:
    This is a safe harbor property, meaning the value can't be altered once it's changed. It is non-revertible.

    More information

    Attribute Description
    Configuration name glide.security.manager
    Configuration type System Properties (/sys_properties_list.do)
    Data type string
    Recommended value com.glide.sys.security.ContextualSecurityManager
    Default value <none>
    Fallback valye com.glide.sys.security.ContextualSecurityManager
    Category Validation, sanitization, and encoding
    Security risk
    • Severity score: 7.2
    • CVSS score: High
    • Security risk details:Without this hardening, it may be possible for a malicious actor with script execution access to achieve remote code execution on the instance.
    Dependencies and prerequisites None