Prior to VMware GemFire 9.9.2 there was a JMX security vulnerability in VMware GemFire. This vulnerability was addressed in VMware GemFire 9.9.2 by making it mandatory to implement security in case you need to create custom MBeans.

See the user's guide for more detail on implementing a SecurityManager: ttps://gemfire.docs.pivotal.io/99/geode/managing/security/implementing_authentication.html

The change is only mentioned in the documentation VMware GemFire 9.10 Release Notes at the moment: GEODE-7628, GEM-2747: Block JMX MBean creation when no SecurityManager interface is implemented.