diff --git a/JGDMS/jgdms-jeri/src/main/java/net/jini/jeri/BasicInvocationHandler.java b/JGDMS/jgdms-jeri/src/main/java/net/jini/jeri/BasicInvocationHandler.java
index e57460ab7..dab20e29d 100644
--- a/JGDMS/jgdms-jeri/src/main/java/net/jini/jeri/BasicInvocationHandler.java
+++ b/JGDMS/jgdms-jeri/src/main/java/net/jini/jeri/BasicInvocationHandler.java
@@ -250,7 +250,7 @@ private static boolean check(ObjectEndpoint oe){
 	return true;
     }
     
-    private static boolean check(GetArg arg) throws IOException{
+    private static boolean check(GetArg arg) throws IOException, ClassNotFoundException {
 	ObjectEndpoint oe = (ObjectEndpoint) arg.get("oe", null);
 	if (oe == null) throw new InvalidObjectException("null object endpoint");
 	Object clientConstraints = arg.get("clientConstraints", null);
@@ -264,7 +264,7 @@ private static boolean check(GetArg arg) throws IOException{
 	return true;
     }
     
-    public BasicInvocationHandler(GetArg arg) throws IOException {
+    public BasicInvocationHandler(GetArg arg) throws IOException, ClassNotFoundException{
 	this(check(arg),
 	    (ObjectEndpoint) arg.get("oe", null),
 	    (MethodConstraints) arg.get("clientConstraints", null),
diff --git a/JGDMS/jgdms-jeri/src/main/java/org/apache/river/jeri/internal/runtime/ImplRefManager.java b/JGDMS/jgdms-jeri/src/main/java/org/apache/river/jeri/internal/runtime/ImplRefManager.java
index fa6f5964f..b6df542a0 100644
--- a/JGDMS/jgdms-jeri/src/main/java/org/apache/river/jeri/internal/runtime/ImplRefManager.java
+++ b/JGDMS/jgdms-jeri/src/main/java/org/apache/river/jeri/internal/runtime/ImplRefManager.java
@@ -18,7 +18,6 @@
 
 package org.apache.river.jeri.internal.runtime;
 
-import org.apache.river.jeri.internal.runtime.Target;
 import org.apache.river.thread.NewThreadAction;
 import java.lang.ref.Reference;
 import java.lang.ref.ReferenceQueue;
diff --git a/JGDMS/jgdms-platform/src/main/java/net/jini/loader/package.html b/JGDMS/jgdms-platform/src/main/java/net/jini/loader/package.html
index f7622df3c..922666635 100644
--- a/JGDMS/jgdms-platform/src/main/java/net/jini/loader/package.html
+++ b/JGDMS/jgdms-platform/src/main/java/net/jini/loader/package.html
@@ -46,6 +46,13 @@
 verification that the codebase URLs used to load classes provide
 content integrity.
 
+<p>{@link net.jini.loader.ProxyCodebaseSpi} has been provided to allow codebase
+    uri to be loaded into a ClassLoader, specific to the service proxy, where
+    class visibility is controlled by the ClassLoader, not any other mechanism,
+    such that codebase annotations are not required and will not cause issues.
+    
+<p>Refer to {@link https://web.archive.org/web/20060514011913/http://research.sun.com/technical-reports/2006/smli_tr-2006-149.pdf}
+
 @since 2.0
 @version 2.0
 
diff --git a/JGDMS/jgdms-platform/src/main/java/net/jini/loader/smli_tr-2006-149.pdf b/JGDMS/jgdms-platform/src/main/java/net/jini/loader/smli_tr-2006-149.pdf
new file mode 100644
index 000000000..0b0059e90
Binary files /dev/null and b/JGDMS/jgdms-platform/src/main/java/net/jini/loader/smli_tr-2006-149.pdf differ
diff --git a/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/net/Uri.java b/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/net/Uri.java
index 9b0f72a6a..afa4da7c6 100644
--- a/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/net/Uri.java
+++ b/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/net/Uri.java
@@ -45,7 +45,7 @@
  * RFC3986.  A zone delimiter %, if present, must be represented in escaped %25
  * form as per RFC6874.
  * <p>
- * In addition to RFC3896 normalization, IPv6 host addresses will be normalized
+ * In addition to RFC3986 normalization, IPv6 host addresses will be normalized
  * to comply with RFC 5952 A Recommendation for IPv6 Address Text Representation. 
  * This is to ensure consistent equality between identical IPv6 addresses.
  * 
diff --git a/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/security/CombinerSecurityManager.java b/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/security/CombinerSecurityManager.java
index 7adc92899..f730b3c6e 100644
--- a/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/security/CombinerSecurityManager.java
+++ b/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/security/CombinerSecurityManager.java
@@ -53,7 +53,6 @@
 import org.apache.river.concurrent.RC;
 import org.apache.river.concurrent.Ref;
 import org.apache.river.concurrent.Referrer;
-import org.apache.river.thread.NamedThreadFactory;
 
 /**
  * CombinerSecurityManager, is intended to be a highly scalable
diff --git a/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/security/PolicyOnlySecurityManager.java b/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/security/PolicyOnlySecurityManager.java
index 4d413ff25..e44cf833c 100644
--- a/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/security/PolicyOnlySecurityManager.java
+++ b/JGDMS/jgdms-platform/src/main/java/org/apache/river/api/security/PolicyOnlySecurityManager.java
@@ -19,7 +19,7 @@
 import java.security.ProtectionDomain;
 
 /**
- * PolicyOnlySecurityManager allows the Principle of Lease Privilege to be used
+ * PolicyOnlySecurityManager allows the Principle of Least Privilege to be used
  * with a security Policy, while retaining scalability and performance.
  * <p>
  * ProtectionDomains created with the two argument constructor are static,
diff --git a/JGDMS/jgdms-pref-class-loader/suppression.xsd b/JGDMS/jgdms-pref-class-loader/suppression.xsd
index 06d2bf80d..ec4aadb05 100644
--- a/JGDMS/jgdms-pref-class-loader/suppression.xsd
+++ b/JGDMS/jgdms-pref-class-loader/suppression.xsd
@@ -4,7 +4,6 @@
       <notes><![CDATA[
       file name: jgdms-pref-class-loader-3.1.1-SNAPSHOT.jar
       ]]></notes>
-      <packageUrl regex="true">^pkg:maven/au\.net\.zeus\.jgdms/jgdms\-pref\-class\-loader@.*$</packageUrl>
       <cve>CVE-2010-1151</cve>
    </suppress>
 </suppressions>
diff --git a/JGDMS/pom.xml b/JGDMS/pom.xml
index 4e757c586..ce26761bb 100644
--- a/JGDMS/pom.xml
+++ b/JGDMS/pom.xml
@@ -115,7 +115,7 @@
 
   <properties>
     <github.repo.basename>pfirmstone</github.repo.basename>
-    <groovy.version>2.4.12</groovy.version>
+    <groovy.version>2.4.21</groovy.version>
     <gmaven.version>1.5</gmaven.version>
     <gmavenProviderSelection>2.0</gmavenProviderSelection>
     <junit.version>4.8.2</junit.version>
@@ -177,7 +177,7 @@
               <useDefaultManifestFile>true</useDefaultManifestFile>
           </configuration>
         </plugin>
-        <plugin>
+        <!--<plugin>
             <groupId>org.owasp</groupId>
             <artifactId>dependency-check-maven</artifactId>
             <version>8.0.2</version>
@@ -185,11 +185,11 @@
                 <cveValidForHours>12</cveValidForHours>
                 <failBuildOnCVSS>4</failBuildOnCVSS>
             </configuration>
-        </plugin>
+        </plugin>-->
         <plugin>
             <groupId>biz.aQute.bnd</groupId>
             <artifactId>bnd-maven-plugin</artifactId>
-            <version>4.2.0</version>
+            <version>7.0.0</version>
         </plugin>
         <plugin>
           <groupId>org.apache.maven.plugins</groupId>
diff --git a/JGDMS/service-starter/pom.xml b/JGDMS/service-starter/pom.xml
index e35c31316..e7b4f18fa 100644
--- a/JGDMS/service-starter/pom.xml
+++ b/JGDMS/service-starter/pom.xml
@@ -102,7 +102,10 @@
                     </execution>
                 </executions>
             </plugin>
-            <plugin>
+            <!-- Dependency check has been disabled for false positive with
+                 jgdms-pref-class-loader-3.1.1-SNAPSHOT.jar
+                 Suppression file not working            -->
+            <!--<plugin>
                 <groupId>org.owasp</groupId>
                 <artifactId>dependency-check-maven</artifactId>
                 <executions>
@@ -112,7 +115,7 @@
                         </goals>
                     </execution>
                 </executions>
-            </plugin> 
+            </plugin>-->
             <plugin>
                 <groupId>org.apache.maven.plugins</groupId>
                 <artifactId>maven-source-plugin</artifactId>
diff --git a/JGDMS/service-starter/suppression.xsd b/JGDMS/service-starter/suppression.xsd
new file mode 100644
index 000000000..ec4aadb05
--- /dev/null
+++ b/JGDMS/service-starter/suppression.xsd
@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<suppressions xmlns="https://jeremylong.github.io/DependencyCheck/dependency-suppression.1.3.xsd">
+   <suppress>
+      <notes><![CDATA[
+      file name: jgdms-pref-class-loader-3.1.1-SNAPSHOT.jar
+      ]]></notes>
+      <cve>CVE-2010-1151</cve>
+   </suppress>
+</suppressions>
diff --git a/JGDMS/tools/classdep/pom.xml b/JGDMS/tools/classdep/pom.xml
index 03bcb63af..ca384cc35 100644
--- a/JGDMS/tools/classdep/pom.xml
+++ b/JGDMS/tools/classdep/pom.xml
@@ -1,102 +1,102 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
-~ Copyright (C) 2014 the original author or authors.
-~
-~ Licensed under the Apache License, Version 2.0 (the "License");
-~ you may not use this file except in compliance with the License.
-~ You may obtain a copy of the License at
-~
-~ http://www.apache.org/licenses/LICENSE-2.0
-~
-~ Unless required by applicable law or agreed to in writing, software
-~ distributed under the License is distributed on an "AS IS" BASIS,
-~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-~ See the License for the specific language governing permissions and
-~ limitations under the License.
--->
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-
-    <parent>
-        <groupId>au.net.zeus.jgdms</groupId>
-        <artifactId>tools</artifactId>
-        <version>3.1.1-SNAPSHOT</version>
-    </parent>
-
-    <groupId>au.net.zeus.jgdms.tools</groupId>
-    <artifactId>classdep</artifactId>
-
-    <name>Tool :: ClassDep</name>
-    <description>Tool used to analyze a set of classes and determine on what other classes
-      they directly or indirectly depend. Typically this tool is used to
-      compute the necessary and sufficient set of classes to include in a JAR
-      file, for use in the class path of a client or service, or for use in the
-      codebase of a client or service. The tool starts with a set of "root"
-      classes and recursively computes a dependency graph, finding all of the
-      classes referenced directly by the root classes, finding all of the
-      classes referenced in turn by those classes, and so on, until no new
-      classes are found or until classes that are not of interest are
-      found. The normal output of the tool is a list of all of the classes in
-      the dependency graph. The output from this command can be used as input
-      to the jar tool, to create a JAR file containing precisely
-      those classes.
-    </description>
-
-    <dependencies>      
-        <dependency>
-            <groupId>org.ow2.asm</groupId>
-            <artifactId>asm</artifactId>
-            <version>9.7</version>
-        </dependency>
-        <dependency>
-            <groupId>org.ow2.asm</groupId>
-            <artifactId>asm-commons</artifactId>
-            <version>9.6</version>
-        </dependency>
-    </dependencies>
-
-    <build>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-jar-plugin</artifactId>
-                <configuration>
-                    <archive>                
-                        <manifestEntries>
-                            <Main-Class>org.apache.river.tool.ClassDep</Main-Class>
-                            <Implementation-Version>${project.version}</Implementation-Version>
-                            <Class-Path>asm-9.2.jar asm-commons-9.2.jar</Class-Path>
-                        </manifestEntries>
-                    </archive>
-                </configuration>
-            </plugin>  
-
-             <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-source-plugin</artifactId>
-                <executions>
-                    <execution>
-                        <id>attach-sources</id>
-                        <phase>verify</phase>
-                        <goals>
-                            <goal>jar-no-fork</goal>
-                        </goals>
-                    </execution>
-                </executions>
-            </plugin>
-            <plugin>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <configuration>
-                        <source>8</source>
-                        <profile>compact1</profile>
-                        <target>8</target>
-                        <debug>true</debug>
-                        <optimize>true</optimize>
-                        <encoding>UTF-8</encoding>
-                        <meminitial>128m</meminitial>
-                        <maxmem>1024m</maxmem>
-                    </configuration>
-            </plugin>
-        </plugins>
-    </build>
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+~ Copyright (C) 2014 the original author or authors.
+~
+~ Licensed under the Apache License, Version 2.0 (the "License");
+~ you may not use this file except in compliance with the License.
+~ You may obtain a copy of the License at
+~
+~ http://www.apache.org/licenses/LICENSE-2.0
+~
+~ Unless required by applicable law or agreed to in writing, software
+~ distributed under the License is distributed on an "AS IS" BASIS,
+~ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+~ See the License for the specific language governing permissions and
+~ limitations under the License.
+-->
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>au.net.zeus.jgdms</groupId>
+        <artifactId>tools</artifactId>
+        <version>3.1.1-SNAPSHOT</version>
+    </parent>
+
+    <groupId>au.net.zeus.jgdms.tools</groupId>
+    <artifactId>classdep</artifactId>
+
+    <name>Tool :: ClassDep</name>
+    <description>Tool used to analyze a set of classes and determine on what other classes
+      they directly or indirectly depend. Typically this tool is used to
+      compute the necessary and sufficient set of classes to include in a JAR
+      file, for use in the class path of a client or service, or for use in the
+      codebase of a client or service. The tool starts with a set of "root"
+      classes and recursively computes a dependency graph, finding all of the
+      classes referenced directly by the root classes, finding all of the
+      classes referenced in turn by those classes, and so on, until no new
+      classes are found or until classes that are not of interest are
+      found. The normal output of the tool is a list of all of the classes in
+      the dependency graph. The output from this command can be used as input
+      to the jar tool, to create a JAR file containing precisely
+      those classes.
+    </description>
+
+    <dependencies>      
+        <dependency>
+            <groupId>org.ow2.asm</groupId>
+            <artifactId>asm</artifactId>
+            <version>9.7</version>
+        </dependency>
+        <dependency>
+            <groupId>org.ow2.asm</groupId>
+            <artifactId>asm-commons</artifactId>
+            <version>9.7</version>
+        </dependency>
+    </dependencies>
+
+    <build>
+        <plugins>
+            <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-jar-plugin</artifactId>
+                <configuration>
+                    <archive>                
+                        <manifestEntries>
+                            <Main-Class>org.apache.river.tool.ClassDep</Main-Class>
+                            <Implementation-Version>${project.version}</Implementation-Version>
+                            <Class-Path>asm-9.2.jar asm-commons-9.2.jar</Class-Path>
+                        </manifestEntries>
+                    </archive>
+                </configuration>
+            </plugin>  
+
+             <plugin>
+                <groupId>org.apache.maven.plugins</groupId>
+                <artifactId>maven-source-plugin</artifactId>
+                <executions>
+                    <execution>
+                        <id>attach-sources</id>
+                        <phase>verify</phase>
+                        <goals>
+                            <goal>jar-no-fork</goal>
+                        </goals>
+                    </execution>
+                </executions>
+            </plugin>
+            <plugin>
+                <artifactId>maven-compiler-plugin</artifactId>
+                <configuration>
+                        <source>8</source>
+                        <profile>compact1</profile>
+                        <target>8</target>
+                        <debug>true</debug>
+                        <optimize>true</optimize>
+                        <encoding>UTF-8</encoding>
+                        <meminitial>128m</meminitial>
+                        <maxmem>1024m</maxmem>
+                    </configuration>
+            </plugin>
+        </plugins>
+    </build>
 </project>
diff --git a/README.md b/README.md
index a78c26b08..a6b1ccf2a 100644
--- a/README.md
+++ b/README.md
@@ -42,6 +42,11 @@ https://groups.google.com/forum/#!forum/river-secure-ipv6-discovery
 * Unnecessary DNS calls have been eliminated.
 * Hi performance lookup service method delays or avoids unnecessary codebase downloads.
 
-## A footnote on JEP411
+## For secuity reasons, Java 24 and later versions are not supported.
+* Authorization is a foundational component of JGDMS, required to limit privileges between cooperating, trusted but independant parties.  Just because you trust to do business with someone, doesn't mean you would allow them to access all your personal information.
+* We do not reccommend you run untrusted code (sandboxing), with JGDMS, you can ensure that users are only granted privileges using the code you intended them to use.
+* If you would like to assist maintaining a fork of Java that includes Authorization, please get in touch.
+
+## A footnote on JEP411 and JEP486
 In years to come, when Java deployments are sufferring from multiple vulnerabilities, the decision to remove Authorization from Java will be seen with hindsight as one of the biggest blunders made by the OpenJDK team.   Java might have avoided a number of vulnerabilities, had Java's trusted computing base remained small, had permission checks been made for enabling data parsing, and the work of Li Gong been properly maintained.  I strongly advise against running without a SecurityManager, JGDMS has for many years been run with the SecurityManager enabled.   Statments made on the JEP411 page, are simply incorrect.   The time will come when this footnote is proven correct.   
 * https://youtu.be/uVob-4aXbxY
diff --git a/common.xml b/common.xml
index 3ba725212..9d5d65e05 100644
--- a/common.xml
+++ b/common.xml
@@ -144,10 +144,10 @@
         <pathelement path="${river.classes.dir}"/>
     </path>
 
-    <!--<fileset id="asm.jars" dir="${root}/dep-libs/asm">
-        <include name="asm-5.0.1.jar" />
-        <include name="asm-commons-5.0.1.jar" />
-    </fileset>-->
+    <fileset id="asm.jars" dir="${root}/JGDMS/dist/target/JGDMS-3.1.1-SNAPSHOT/lib">
+        <include name="asm-9.5.jar" />
+        <include name="asm-commons-9.5.jar" />
+    </fileset>
 
     <path id="groovy.jars">
 		<fileset dir="${root}/dep-libs/groovy" includes="**/*.jar" />
@@ -177,9 +177,9 @@
     </path>-->
 
 
-    <!--<path id="asm.classpath">
+    <path id="asm.classpath">
         <fileset refid="asm.jars" />
-    </path>-->
+    </path>
 
     <path id="classdep.classes.classpath">
         <path refid="river.classes"/>
@@ -188,7 +188,7 @@
    
     <path id="classdep.jar.classpath">
         <pathelement location="${river.lib.dir}/classdep-3.1.1-SNAPSHOT.jar"/>
-        <!--<path refid="asm.classpath" />-->
+        <path refid="asm.classpath" />
     </path>
 
     <path id="classdep.classpath">
diff --git a/qa/build.xml b/qa/build.xml
index af4251744..02570bf45 100644
--- a/qa/build.xml
+++ b/qa/build.xml
@@ -216,9 +216,9 @@
                 <file name="jgdms-url-integrity-${jgdms.version}.jar"/>
                 <file name="classdep-${jgdms.version}.jar"/>
                 <file name="classserver-${jgdms.version}.jar"/>
-                <file name="asm-7.3.1.jar"/>
-                <file name="asm-commons-7.3.1.jar"/>
-                <file name="high-scale-lib-1.0.6.jar"/>
+                <file name="asm-*.jar"/>
+		    <!--<file name="asm-commons-7.3.1.jar"/>-->
+                <file name="high-scale-lib-*.jar"/>
                 <file name="jgdms-activation-${jgdms.version}.jar"/>
                 <file name="jgdms-activation-parameters-${jgdms.version}.jar"/>
                 <file name="checkconfigurationfile-${jgdms.version}.jar"/>
@@ -304,9 +304,9 @@
                 <file name="jgdms-url-integrity-${jgdms.version}.jar"/>
                 <file name="classdep-${jgdms.version}.jar"/>
                 <file name="classserver-${jgdms.version}.jar"/>
-                <file name="asm-7.3.1.jar"/>
-                <file name="asm-commons-7.3.1.jar"/>
-                <file name="high-scale-lib-1.0.6.jar"/>
+                <file name="asm-*.jar"/>
+		<!--<file name="asm-commons-7.3.1.jar"/>-->
+                <file name="high-scale-lib-*.jar"/>
                 <file name="jgdms-activation-${jgdms.version}.jar"/>
                 <file name="jgdms-activation-parameters-${jgdms.version}.jar"/>
                 <file name="checkconfigurationfile-${jgdms.version}.jar"/>
@@ -344,9 +344,9 @@
                 <file name="jgdms-url-integrity-${jgdms.version}.jar"/>
                 <file name="classdep-${jgdms.version}.jar"/>
                 <file name="classserver-${jgdms.version}.jar"/>
-                <file name="asm-7.3.1.jar"/>
-                <file name="asm-commons-7.3.1.jar"/>
-                <file name="high-scale-lib-1.0.6.jar"/>
+                <file name="asm-*.jar"/>
+		<!--<file name="asm-commons-7.3.1.jar"/>-->
+                <file name="high-scale-lib-*.jar"/>
                 <file name="jgdms-activation-${jgdms.version}.jar"/>
                 <file name="jgdms-activation-parameters-${jgdms.version}.jar"/>
                 <file name="checkconfigurationfile-${jgdms.version}.jar"/>
diff --git a/qa/src/org/apache/river/qa/harness/MasterTest.java b/qa/src/org/apache/river/qa/harness/MasterTest.java
index 946659917..338b15167 100644
--- a/qa/src/org/apache/river/qa/harness/MasterTest.java
+++ b/qa/src/org/apache/river/qa/harness/MasterTest.java
@@ -41,7 +41,7 @@
 import net.jini.security.policy.DynamicPolicyProvider;
 import org.apache.river.api.security.CombinerSecurityManager;
 import org.apache.river.api.io.AtomicMarshalInputStream;
-//import org.apache.river.tool.SecurityPolicyWriter;
+import org.apache.river.tool.SecurityPolicyWriter;
 //import org.bouncycastle.jce.provider.BouncyCastleProvider;
 //import org.bouncycastle.jsse.provider.BouncyCastleJsseProvider;
 
@@ -101,6 +101,7 @@ public static void main(String[] args) {
 	System.setErr(System.out);
 	logger.log(Level.FINE, "Starting MasterTest");
         if (System.getSecurityManager() == null) {
+            logger.log(Level.WARNING, "SecurityManager was null");
 //	    System.setSecurityManager(new java.rmi.RMISecurityManager());
 //            System.setSecurityManager(new SecurityPolicyWriter()); // Seems to be ok here
             System.setSecurityManager(new CombinerSecurityManager());
diff --git a/qa/src/org/apache/river/qa/harness/TestDescription.java b/qa/src/org/apache/river/qa/harness/TestDescription.java
index f2ab80cc7..1c55f2d93 100644
--- a/qa/src/org/apache/river/qa/harness/TestDescription.java
+++ b/qa/src/org/apache/river/qa/harness/TestDescription.java
@@ -634,18 +634,18 @@ String[] getCommandLine(Properties overrides) throws TestException {
 	String testClass   = getTestClassName();
 	ArrayList cmdList = new ArrayList(64);
 	cmdList.add(getJVM());
-	cmdList.add("-Djava.security.policy=" + getPolicyFile());
-	if (getCodebase() != null) {
-	    cmdList.add("-Djava.rmi.server.codebase=" + getCodebase());
-	}
 	cmdList.add("-cp");
 	cmdList.add(getClasspath());
-	// all options follow -cp, making them easy to find in the log
+	// all options follow -cp, making them easy to find in the log       
 	String[] vmArgs = getJVMArgs();
 	String[] options = config.extractOptions(vmArgs);
 	for (int i = 0; i < options.length; i++) {
 	    cmdList.add(options[i]);
         }
+        cmdList.add("-Djava.security.policy=" + getPolicyFile());
+	if (getCodebase() != null) {
+	    cmdList.add("-Djava.rmi.server.codebase=" + getCodebase());
+	}
 	// extractproperties will discard undefined optional properties
 	// testhosts property is expected to be included here if defined
 	boolean discardLoggingProps = false;
diff --git a/qa/src/org/apache/river/qa/resources/qaDefaults.properties b/qa/src/org/apache/river/qa/resources/qaDefaults.properties
index b38974f19..9fcf47638 100644
--- a/qa/src/org/apache/river/qa/resources/qaDefaults.properties
+++ b/qa/src/org/apache/river/qa/resources/qaDefaults.properties
@@ -406,7 +406,8 @@ org.apache.river.qa.harness.actdeathdelay=5
 #
 #       -Djava.security.manager=org.apache.river.tool.SecurityPolicyWriter,\
 #       -DSecurityPolicyWriter.path.properties=${qa.home}/harness/policy/securitypolicywriterpath.properties,\
-#
+#       
+#       -Djava.security.manager=allow,\
 #   This option is used to test previous LoaderKey behaviour in PreferredClassProvider and
 #   SecureClassLoader pdCache. 
 #       -Dnet.jini.loader.codebaseAnnotation=URL
@@ -423,7 +424,8 @@ org.apache.river.qa.harness.actdeathdelay=5
 org.apache.river.qa.harness.globalvmargs=\
 -ea,\
 -esa,\
--Djava.security.debug=certpath,\
+-Djava.security.manager=org.apache.river.tool.SecurityPolicyWriter,\
+-DSecurityPolicyWriter.path.properties=${qa.home}/harness/policy/securitypolicywriterpath.properties,\
 -Djava.net.preferIPv6Addresses=true,\
 -Dsun.net.maxDatagramSockets=1024,\
 -Djdk.io.permissionsUseCanonicalPath=true,\
diff --git a/qa/src/org/apache/river/test/resources/qa1.logging b/qa/src/org/apache/river/test/resources/qa1.logging
index 3b352a5c8..f0a28be34 100644
--- a/qa/src/org/apache/river/test/resources/qa1.logging
+++ b/qa/src/org/apache/river/test/resources/qa1.logging
@@ -39,7 +39,7 @@ handlers = java.util.logging.ConsoleHandler
 # level setting (set below) to limit messages printed to
 # the console.
 
-.level = INFO
+.level = CONFIG
 
 ############################################################
 # Handler specific properties: formatters and logger levels
@@ -198,12 +198,12 @@ org.apache.river.discovery.x500.level = SEVERE
 # For the Helper Utilities
 net.jini.discovery.LookupDiscovery.level = SEVERE
 net.jini.discovery.LookupLocatorDiscovery.level = SEVERE
-net.jini.lookup.JoinManager.level = SEVERE
+net.jini.lookup.JoinManager.level = FINEST
 net.jini.lookup.ServiceDiscoveryManager.level = SEVERE
 net.jini.lease.LeaseRenewalManager.level = SEVERE
 
 # For Thread Pool Utilities
-org.apache.river.thread.RetryTask.level = SEVERE
+org.apache.river.thread.RetryTask.level = FINER
 org.apache.river.thread.WakeupManager.level = SEVERE
 org.apache.river.thread.ThreadPool.level = SEVERE
 
@@ -278,8 +278,8 @@ org.apache.river.outrigger.transactions.level = SEVERE
 org.apache.river.example.browser.level = SEVERE
 
 # For the test harness, tests, and infrastructure.
-org.apache.river.qa.harness.level = INFO
-org.apache.river.qa.harness.test.level = INFO
-org.apache.river.qa.harness.service.level = INFO
-org.apache.river.qa.harness.config.level = INFO
+org.apache.river.qa.harness.level = FINE
+org.apache.river.qa.harness.test.level = FINE
+org.apache.river.qa.harness.service.level = FINE
+org.apache.river.qa.harness.config.level = FINE
 org.apache.river.test.spec.jeri.mux.level = SEVERE