JDK 16 Security Enhancements

18 Mar 2021

JDK 16 was released on March 16, 2021! As with my previous blogs, I have compiled a list of what I think are the most interesting and useful security enhancements in this release. I have also grouped them into appropriate categories (crypto, TLS, etc) which should make it easier to find out what has changed in each specific area. The JDK 16 release notes also contain further details on these and other enhancements.

Also, one other feature in JDK 16 that is not specifically in the security libraries area but worth mentioning is JEP 396, Strongly Encapsulate JDK Internals by Default. With this change, “packages that existed in JDK 8 and do not contain critical internal APIs will no longer be open by default” meaning they cannot be accessed by code outside the JDK. This is a great improvement in out of the box security.

Table of Contents

  1. Crypto
  2. PKI
  3. TLS
  4. Signed JARs

Crypto

PKI

TLS

Signed JARs