Inside Java

JDK 25 JDK 24 JDK 23 JDK 22 JDK 21 JDK 20 JDK 19 JDK 18 JDK 17 JDK 16 JDK 15 JDK 14 JDK 13 JDK 12 AI Amber Babylon Client Cloud Community Concurrency Core Libraries Education GC GraalVM HotSpot JFR Java Language Leyden Loom Modules Moved By Java Native Image Networking Oracle Panama Performance Security Serviceability Skara Valhalla

Security

2025

• Java Security Evolution - Out with the Old, In with the New by Sean Mullan on July 20, 2025
• Episode 38 “Integrity by Default” with Ron Pressler by Ron Pressler, Nicolai Parlog on June 24, 2025
• Java 25 Encodes PEM - Inside Java Newscast #93 by Nicolai Parlog on June 19, 2025
• JEP targeted to JDK 25: 470: PEM Encodings of Cryptographic Objects (Preview) by Anthony Scarpino on June 11, 2025
• JEP targeted to JDK 25: 510: Key Derivation Function API by Kevin Driver on May 26, 2025
• Announcing Jipher: Java Cryptographic Service Provider for FIPS Environments by Poonam Parhar on April 30, 2025
• JDK 24 Security Enhancements by Sean Mullan on April 8, 2025
• Java 24 Release Notes Overview - Security Updates by Billy Korando on April 5, 2025
• Java Resists Quantum Attacks - Inside Java Newscast #85 by Ana-Maria Mihalceanu on February 13, 2025
• Peaceful and Bright Future of Integrity by Default in Java by Ana-Maria Mihalceanu on January 3, 2025

2024

• Detoxifying the JDK Source Code by Stuart Marks on December 13, 2024
• Quality Outreach Heads-up - JDK 24: Retiring the Security Manager by Ana-Maria Mihalceanu on December 11, 2024
• Quality Outreach Heads-up - JDK 24: Security Properties Files Inclusion by Ana-Maria Mihalceanu on December 10, 2024
• Quality Outreach Heads-up - JDK 24: Prepares Restricted Native Access by Nicolai Parlog on December 9, 2024
• JEP targeted to JDK 24: 497: Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm by Weijun Wang on November 24, 2024
• JEP targeted to JDK 24: 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism by Weijun Wang on November 23, 2024
• Monitoring Java Application Security with JDK tools and JFR Events by Ana-Maria Mihalceanu on November 17, 2024
• JEP targeted to JDK 24: 486: Permanently Disable the Security Manager by Sean Mullan, Alex Buckley on November 12, 2024
• JEP targeted to JDK 24: 478: Key Derivation Function API (Preview) by Kevin Driver on November 2, 2024
• Serialization - A New Hope by Viktor Klang, Brian Goetz on October 13, 2024
• JDK 23 Security Enhancements by Sean Mullan on September 23, 2024
• Integrity by Default #JVMLS by Ron Pressler on September 12, 2024
• Tutorial: Leveraging JDK Tools and Updates to Help Safeguard Java Applications by Dalibor Topić on August 7, 2024
• Quality Outreach Heads-up - JDK 23: Re-Specified Subject.getSubject API by Ana-Maria Mihalceanu on July 8, 2024
• How to Build Custom Java Runtimes with Jlink by Billy Korando on June 21, 2024
• JDK 22 Security Enhancements by Sean Mullan on March 20, 2024
• Java 17 to 21: A Showcase of JDK Security Enhancements by Ana-Maria Mihalceanu on March 3, 2024
• Java's Custom Runtime Builder - jlink by Billy Korando on February 25, 2024
• Quality Outreach Heads-up - Deprecate the Memory-Access Methods in sun.misc.Unsafe for Removal in a Future Release by David Delabassee on January 29, 2024

2023

• Java SE Security Developer’s Guide by December 13, 2023
• Open sourcing Jipher for FIPS regulated environments by Denis Gauthier (guest) on November 11, 2023
• JDK 21 Security Enhancements by Sean Mullan on September 22, 2023
• Java 21 Security #RoadTo21 by Ana-Maria Mihalceanu on September 13, 2023
• Strengthen your Java App's Defenses with Key Encapsulation Mechanism API - Inside Java Newscast #54 by Ana-Maria Mihalceanu on August 3, 2023
• KDF JEP for the Java Platform by Kevin Driver on July 30, 2023
• JEP proposed to target JDK 21: 452: Key Encapsulation Mechanism API by Weijun Wang on May 20, 2023
• Evolving the Security of the Java Platform by Frances Ho, Brad Wetmore on April 11, 2023
• JDK 20 Security Enhancements by Sean Mullan on March 22, 2023
• Tutorial - Introduction to Java Encryption/Decryption by Ana-Maria Mihalceanu on February 22, 2023
• Quality Outreach Heads-up - JDK 20: JMX Connections Use an ObjectInputFilter by Default by David Delabassee on February 20, 2023
• From Java Security with Love - Inside Java Newscast #42 by Ana-Maria Mihalceanu on February 14, 2023
• Future Java - Prepare Your Codebase Now! - Inside Java Newscast #41 by Nicolai Parlog on February 2, 2023
• Secure Coding Guidelines for Java SE by Chris Ries on January 4, 2023

2022

• JDK 19 Security Enhancements by Sean Mullan on September 22, 2022
• Why Write an Empty finalize() Method? by Stuart Marks on April 28, 2022
• Quality Outreach Heads-up - Java Cryptographic Extension Survey by David Delabassee on April 21, 2022
• Oracle JRE and JDK Cryptographic Roadmap Update by April 19, 2022
• Java Cryptographic Extension Survey by Anthony Scarpino on April 12, 2022
• JDK 18 Security Enhancements by Sean Mullan on March 22, 2022
• Episode 21 “JEP 421 and Finalization Deprecation” by Brent Christian, David Delabassee on January 12, 2022

2021

• Quality Outreach Heads-up - JDK 18: JEP 411 by David Delabassee on December 6, 2021
• Record Serialization - Sip of Java by Billy Korando on October 21, 2021
• JDK 18 augmented `javac -Xlint:serial` checks by Joe Darcy on October 20, 2021
• Oracle JRE and JDK Cryptographic Roadmap update by Aurelio García-Ribeyro on October 19, 2021
• Serialization Filters - Sip of Java by Billy Korando on October 14, 2021
• JDK 17 Security Enhancements by Sean Mullan on September 15, 2021
• A few updates to JEP 411: Deprecate the Security Manager for Removal by Sean Mullan on July 16, 2021
• Episode 18 “Java's steady march towards strong encapsulation” with Alan Bateman by Alan Bateman, Chad Arimura on June 29, 2021
• Oracle JRE and JDK Cryptographic Roadmap by Aurelio García-Ribeyro on June 11, 2021
• JEP proposed to target JDK 17: 415: Context-Specific Deserialization Filters by Mark Reinhold on June 1, 2021
• Updates to JEP 411: Deprecate the Security Manager for Removal by Sean Mullan on May 29, 2021
• Inside Java Newscast #5 by Nicolai Parlog, José Paumard on May 27, 2021
• JEP proposed to target JDK 17: 411: Deprecate the Security Manager for Removal by Mark Reinhold on May 21, 2021
• Updates to JEP 411: Deprecate the Security Manager for Removal by Sean Mullan on May 19, 2021
• JEP proposed to target JDK 17: 403: Strongly Encapsulate JDK Internals by Mark Reinhold on May 18, 2021
• New candidate JEP: 415: Context-Specific Deserialization Filters by Mark Reinhold on May 6, 2021
• Security and Sandboxing Post SecurityManager by Ron Pressler on April 23, 2021
• New candidate JEP: 411: Deprecate the Security Manager for Removal by Mark Reinhold on April 15, 2021
• How Java Records Can Improve Serialization by Julia Boes, Chris Hegarty on April 13, 2021
• Record Serialization in Practice by Julia Boes, Chris Hegarty on April 6, 2021
• JDK 16 Security Enhancements by Sean Mullan on March 18, 2021
• JEP proposed to target JDK 17: 398: Deprecate the Applet API for Removal by Mark Reinhold on March 17, 2021
• Simpler Serialization with Records by Julia Boes, Chris Hegarty on March 12, 2021
• Episode 14 “Records Serialization” with Julia Boes and Chris Hegarty by Julia Boes, Chris Hegarty, David Delabassee on March 8, 2021
• New candidate JEP: 398: Deprecate the Applet API for Removal by Mark Reinhold on March 5, 2021
• Monitoring Deserialization to Improve Application Security by Chris Hegarty on March 2, 2021
• Reducing MD5 (and SHA) overheads by Claes Redestad on February 14, 2021
• JEP proposed to target JDK 17: 356: Enhanced Pseudo-Random Number Generators by Mark Reinhold on January 29, 2021
• Investigating MD5 overheads by Claes Redestad on January 4, 2021

2020

• Oracle JRE and JDK Cryptographic Roadmap by Aurelio García-Ribeyro on December 18, 2020
• Oracle JRE and JDK Cryptographic Roadmap by Aurelio García-Ribeyro on November 16, 2020
• JDK 15 Security Enhancements by Sean Mullan on October 13, 2020
• Oracle JRE and JDK Cryptographic Roadmap by Aurelio García-Ribeyro on October 9, 2020
• Keeping Your Java Applications Secure - Cryptographic Improvements and Best Practices by Sean Mullan, Chris Ries on September 17, 2020
• SHA-3 based digital signatures support by Valerie Peng on August 18, 2020
• Record Serialization by Chris Hegarty, Alex Buckley on July 20, 2020
• JDK 14 Security Enhancements by Sean Mullan on March 19, 2020

2019

• Why We Hate Java Serialization by Brian Goetz, Stuart Marks on November 7, 2019
• What’s New in Java Security? by Brad Wetmore on September 19, 2019
• JDK 13 Security Enhancements by Sean Mullan on August 5, 2019
• JDK 12 Security Enhancements by Sean Mullan on March 19, 2019
• Oracle's Plan for Distrusting Symantec TLS Certificates in the JDK by Aurelio García-Ribeyro on January 25, 2019

2015

• The Secret History and Tragic Fate of sun.misc.Unsafe by Mark Reinhold on August 11, 2015
• Safety First by Paul Sandoz on August 11, 2015
• Safety Not Guaranteed: sun.misc.Unsafe and the Quest for Safe Alternatives by Paul Sandoz on January 2, 2015