Security news aggregator

Latest coverage for Java

Java is a programming language and runtime platform whose libraries and frameworks require secure configuration and timely patches to reduce vulnerabilities.

1 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Java is a class-based programming language and runtime ecosystem centered on the Java Virtual Machine (JVM), which executes compiled bytecode across operating systems. It powers server applications, desktop tools, and embedded software. A Java deployment commonly includes the JDK or runtime, application frameworks, third-party libraries, and build components; each layer can introduce security-relevant behavior or vulnerabilities.

Security issues may affect the JVM itself, bundled libraries, or application code. Untrusted Java deserialization, unsafe class loading, injection flaws, and incorrect TLS or cryptography configuration can create exploitable paths when present in a particular application. Defenders should inventory the exact JDK and dependencies, monitor applicable advisories, remove unnecessary components, and test and apply updates. Code review and testing should specifically examine deserialization and other handling of untrusted input rather than assuming the language’s security APIs make applications safe by default.

Showing 1 most recent headlines Filtered view

Most security practitioners are now aware of the Log4Shell vulnerability discovered toward the end of 2021. No one knows how long the vulnerability existed before it was discovered. The past couple of months have had security teams scrambling to patch the Log4Shell vulnerability found in Apache Log4j, a Java library widely used to log error messages in applications. Beyond patching, it's helpful