CSO Online

Critical sandbox bypass fixed in popular Thymeleaf Java template engine

The 9.1-CVSS vulnerability enables attackers to circumvent RCE protections in the de facto template engine for the Java ...
heise online

Java 26 with JVM optimizations, HTTP/3, and finally no Applet API

The current version, OpenJDK 25, was released in the fall of 2025, with many vendors offering Long-Term Support (LTS). Many companies use such releases as a stability anchor for migrations and ...