JDK 20 Security Enhancements

22 Mar 2023

JDK 20 was released on March 21, 2023! As with my previous blogs, I have compiled a list of what I think are the most interesting and useful security enhancements in this release. I have also grouped them into appropriate categories (crypto, TLS, etc) which should make it easier to find out what has changed in each specific area. The JDK 20 release notes also contain further details on these and other enhancements.

Highlights of this release include further improvements that strengthen the default security of the Java Platform, improved crypto performance, and new JFR events for security monitoring.

One other important JDK 20 feature that is related to security but not part of the security libraries area is the introduction of new system and security properties to control what object factory classes are allowed to reconstruct Java objects from JNDI/LDAP and JNDI/RMI contexts. See the release note for more details on these new properties.

Table of Contents

  1. General
  2. Crypto
  3. TLS
  4. Tools