JDK 18 Security Enhancements

23 Mar 2022

JDK 18 was released on March 22, 2022! As with my previous blogs, I have compiled a list of what I think are the most interesting and useful security enhancements in this release. I have also grouped them into appropriate categories (crypto, PKI, etc) which should make it easier to find out what has changed in each specific area. The JDK 18 release notes also contain further details on these and other enhancements.

Highlights of this release include further improvements that strengthen the default security of the Java Platform, support for new crypto algorithms, and new alternative JAAS APIs that do not depend on deprecated Security Manager APIs. See below for more details on these and other enhancements.

Several performance improvements have also been made in the crypto, TLS and JAAS/Kerberos components. See JDK-8270317, JDK-8276660, JDK-8273299, JDK-8268427, JDK-8267125, and JDK-8273026 for more details.

Also, one other important JDK 18 feature that is not part of the security libraries area but is definitely worth mentioning is:

Table of Contents

  1. Crypto
  2. PKI
  3. Kerberos
  4. Security Manager
  5. Tools
  6. Signed JARs

Crypto

PKI

Kerberos

Security Manager

Tools

Signed JARs