Security

2026

• JEP targeted to JDK 27: 538: PEM Encodings of Cryptographic Objects (3rd Preview) by Anthony Scarpino on June 5, 2026
• Quality Outreach Heads-up - JDK 27: Post-Quantum Hybrid Key Exchange for TLS 1.3 by Ana-Maria Mihalceanu on May 17, 2026
• Java Gets Post-Quantum TLS - Inside Java Newscast #112 by Ana-Maria Mihalceanu on May 14, 2026
• Java and Post-Quantum Cryptography by Sean Mullan on April 8, 2026
• JDK 26 Security Enhancements by Sean Mullan on March 19, 2026
• Secure, Scalable JVM Diagnostics for Kubernetes with JMS by Praveen Srivastava on March 13, 2026
• Post-Quantum Hybrid Key Exchange for TLS 1.3 by Jamil Nimeh on February 17, 2026
• JEP targeted to JDK 27: 527: Post-Quantum Hybrid Key Exchange for TLS 1.3 by Jamil Nimeh on February 12, 2026

2025

• Quality Outreach Heads-up - JDK 26: HttpClient Supports TLS Named Groups & Signature Schemes by Ana-Maria Mihalceanu on November 26, 2025
• JEP targeted to JDK 26: 524: PEM Encodings of Cryptographic Objects (Second Preview) by Anthony Scarpino on November 17, 2025
• Reviewing the JDK 25 Release Notes - Inside Java Newscast #98 by Billy Korando on September 25, 2025
• JDK 25 Security Enhancements by Sean Mullan on September 24, 2025
• How to Handle Security Changes in Java 25 #RoadTo25 by Ana-Maria Mihalceanu on September 7, 2025
• Episode 39 “Deprecations & Removals” with Stuart Marks by Stuart Marks, Nicolai Parlog on July 28, 2025
• Java Security Evolution - Out with the Old, In with the New by Sean Mullan on July 20, 2025
• Java 25 Encodes PEM - Inside Java Newscast #93 by Nicolai Parlog on June 19, 2025
• JEP targeted to JDK 25: 470: PEM Encodings of Cryptographic Objects (Preview) by Anthony Scarpino on June 11, 2025
• JEP targeted to JDK 25: 510: Key Derivation Function API by Kevin Driver on May 26, 2025
• Announcing Jipher: Java Cryptographic Service Provider for FIPS Environments by Poonam Parhar on April 30, 2025
• JDK 24 Security Enhancements by Sean Mullan on April 8, 2025
• Java 24 Release Notes Overview - Security Updates by Billy Korando on April 5, 2025
• Java Resists Quantum Attacks - Inside Java Newscast #85 by Ana-Maria Mihalceanu on February 13, 2025

2024

• Detoxifying the JDK Source Code by Stuart Marks on December 13, 2024
• Quality Outreach Heads-up - JDK 24: Retiring the Security Manager by Ana-Maria Mihalceanu on December 11, 2024
• Quality Outreach Heads-up - JDK 24: Security Properties Files Inclusion by Ana-Maria Mihalceanu on December 10, 2024
• JEP targeted to JDK 24: 497: Quantum-Resistant Module-Lattice-Based Digital Signature Algorithm by Weijun Wang on November 24, 2024
• JEP targeted to JDK 24: 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism by Weijun Wang on November 23, 2024
• Monitoring Java Application Security with JDK tools and JFR Events by Ana-Maria Mihalceanu on November 17, 2024
• JEP targeted to JDK 24: 486: Permanently Disable the Security Manager by Sean Mullan, Alex Buckley on November 12, 2024
• JEP targeted to JDK 24: 478: Key Derivation Function API (Preview) by Kevin Driver on November 2, 2024
• Serialization - A New Hope by Viktor Klang, Brian Goetz on October 13, 2024
• JDK 23 Security Enhancements by Sean Mullan on September 23, 2024
• Tutorial: Leveraging JDK Tools and Updates to Help Safeguard Java Applications by Dalibor Topić on August 7, 2024
• Quality Outreach Heads-up - JDK 23: Re-Specified Subject.getSubject API by Ana-Maria Mihalceanu on July 8, 2024
• How to Build Custom Java Runtimes with Jlink by Billy Korando on June 21, 2024
• JDK 22 Security Enhancements by Sean Mullan on March 20, 2024
• Java 17 to 21: A Showcase of JDK Security Enhancements by Ana-Maria Mihalceanu on March 3, 2024
• Java's Custom Runtime Builder - jlink - Stack Walker #5 by Billy Korando on February 25, 2024

2023

• Java SE Security Developer’s Guide on December 13, 2023
• Open sourcing Jipher for FIPS regulated environments by Denis Gauthier (guest) on November 11, 2023
• JDK 21 Security Enhancements by Sean Mullan on September 22, 2023
• Java 21 Security #RoadTo21 by Ana-Maria Mihalceanu on September 13, 2023
• Strengthen your Java App's Defenses with Key Encapsulation Mechanism API - Inside Java Newscast #54 by Ana-Maria Mihalceanu on August 3, 2023
• KDF JEP for the Java Platform by Kevin Driver on July 30, 2023
• JEP proposed to target JDK 21: 452: Key Encapsulation Mechanism API by Weijun Wang on May 20, 2023
• Evolving the Security of the Java Platform by Frances Ho, Brad Wetmore on April 11, 2023
• JDK 20 Security Enhancements by Sean Mullan on March 22, 2023
• Tutorial - Introduction to Java Encryption/Decryption by Ana-Maria Mihalceanu on February 22, 2023
• Quality Outreach Heads-up - JDK 20: JMX Connections Use an ObjectInputFilter by Default by David Delabassee on February 20, 2023
• From Java Security with Love - Inside Java Newscast #42 by Ana-Maria Mihalceanu on February 14, 2023
• Future Java - Prepare Your Codebase Now! - Inside Java Newscast #41 by Nicolai Parlog on February 2, 2023
• Secure Coding Guidelines for Java SE by Chris Ries on January 4, 2023

2022

• JDK 19 Security Enhancements by Sean Mullan on September 22, 2022
• Why Write an Empty finalize() Method? by Stuart Marks on April 28, 2022
• Quality Outreach Heads-up - Java Cryptographic Extension Survey by David Delabassee on April 21, 2022
• Oracle JRE and JDK Cryptographic Roadmap Update on April 19, 2022
• Java Cryptographic Extension Survey by Anthony Scarpino on April 12, 2022
• JDK 18 Security Enhancements by Sean Mullan on March 22, 2022
• Episode 21 “JEP 421 and Finalization Deprecation” by Brent Christian, David Delabassee on January 12, 2022

2021

• Quality Outreach Heads-up - JDK 18: JEP 411 by David Delabassee on December 6, 2021
• Record Serialization - Sip of Java by Billy Korando on October 21, 2021
• JDK 18 augmented `javac -Xlint:serial` checks by Joe Darcy on October 20, 2021
• Oracle JRE and JDK Cryptographic Roadmap update by Aurelio García-Ribeyro on October 19, 2021
• Serialization Filters - Sip of Java by Billy Korando on October 14, 2021
• JDK 17 Security Enhancements by Sean Mullan on September 15, 2021
• A few updates to JEP 411: Deprecate the Security Manager for Removal by Sean Mullan on July 16, 2021
• Episode 18 “Java's steady march towards strong encapsulation” with Alan Bateman by Alan Bateman, Chad Arimura on June 29, 2021
• Oracle JRE and JDK Cryptographic Roadmap by Aurelio García-Ribeyro on June 11, 2021
• JEP proposed to target JDK 17: 415: Context-Specific Deserialization Filters by Mark Reinhold on June 1, 2021
• Updates to JEP 411: Deprecate the Security Manager for Removal by Sean Mullan on May 29, 2021
• Inside Java Newscast #5 by Nicolai Parlog, José Paumard on May 27, 2021
• JEP proposed to target JDK 17: 411: Deprecate the Security Manager for Removal by Mark Reinhold on May 21, 2021
• Updates to JEP 411: Deprecate the Security Manager for Removal by Sean Mullan on May 19, 2021
• New candidate JEP: 415: Context-Specific Deserialization Filters by Mark Reinhold on May 6, 2021
• Security and Sandboxing Post SecurityManager by Ron Pressler on April 23, 2021
• New candidate JEP: 411: Deprecate the Security Manager for Removal by Mark Reinhold on April 15, 2021
• How Java Records Can Improve Serialization by Julia Boes, Chris Hegarty on April 13, 2021
• Record Serialization in Practice by Julia Boes, Chris Hegarty on April 6, 2021
• JDK 16 Security Enhancements by Sean Mullan on March 18, 2021
• JEP proposed to target JDK 17: 398: Deprecate the Applet API for Removal by Mark Reinhold on March 17, 2021
• Simpler Serialization with Records by Julia Boes, Chris Hegarty on March 12, 2021
• Episode 14 “Records Serialization” with Julia Boes and Chris Hegarty by Julia Boes, Chris Hegarty, David Delabassee on March 8, 2021
• New candidate JEP: 398: Deprecate the Applet API for Removal by Mark Reinhold on March 5, 2021
• Monitoring Deserialization to Improve Application Security by Chris Hegarty on March 2, 2021
• Reducing MD5 (and SHA) overheads by Claes Redestad on February 14, 2021
• JEP proposed to target JDK 17: 356: Enhanced Pseudo-Random Number Generators by Mark Reinhold on January 29, 2021
• Investigating MD5 overheads by Claes Redestad on January 4, 2021

2020

• Oracle JRE and JDK Cryptographic Roadmap by Aurelio García-Ribeyro on December 18, 2020
• Oracle JRE and JDK Cryptographic Roadmap by Aurelio García-Ribeyro on November 16, 2020
• JDK 15 Security Enhancements by Sean Mullan on October 13, 2020
• Oracle JRE and JDK Cryptographic Roadmap by Aurelio García-Ribeyro on October 9, 2020
• Keeping Your Java Applications Secure - Cryptographic Improvements and Best Practices by Sean Mullan, Chris Ries on September 17, 2020
• SHA-3 based digital signatures support by Valerie Peng on August 18, 2020
• Record Serialization by Chris Hegarty, Alex Buckley on July 20, 2020
• JDK 14 Security Enhancements by Sean Mullan on March 19, 2020

2019

• Why We Hate Java Serialization by Brian Goetz, Stuart Marks on November 7, 2019
• What’s New in Java Security? by Brad Wetmore on September 19, 2019
• JDK 13 Security Enhancements by Sean Mullan on August 5, 2019
• JDK 12 Security Enhancements by Sean Mullan on March 19, 2019
• Oracle's Plan for Distrusting Symantec TLS Certificates in the JDK by Aurelio García-Ribeyro on January 25, 2019

2015

• Safety First by Paul Sandoz on August 11, 2015
• The Secret History and Tragic Fate of sun.misc.Unsafe by Mark Reinhold on August 11, 2015
• Safety Not Guaranteed: sun.misc.Unsafe and the Quest for Safe Alternatives by Paul Sandoz on January 2, 2015