JDK 17 Security Enhancements

14 Sep 2021

JDK 17 was released on September 14, 2021! As with my previous blogs, I have compiled a list of what I think are the most interesting and useful security enhancements in this release. I have also grouped them into appropriate categories (crypto, TLS, etc) which should make it easier to find out what has changed in each specific area. The JDK 17 release notes also contain further details on these and other enhancements.

Probably the most significant security related change in JDK 17 is JEP 411: Deprecate the Security Manager for Removal. JDK 17 begins that process by deprecating a number of Security Manager APIs and adding run time warnings for applications using the Security Manager. See the Security Manager section below for further details.

Also, three other important JDK 17 features that are not part of the security libraries area but have beneficial security benefits include:

Table of Contents

  1. Crypto
  2. PKI
  3. TLS
  4. Kerberos
  5. XML Signature
  6. Security Manager





XML Signature

Security Manager