The Common Vulnerabilities and Exposures (CVE®) Program is celebrating its 25th anniversary today! This marks a major milestone in global cybersecurity. Since 1999, the CVE Program has been critical in helping organizations identify, manage and mitigate cybersecurity vulnerabilities through worldwide collaboration. Today, with over 240,000 CVE Records and more than 400 CVE Numbering Authorities (CNAs) across 40 countries, CVE remains a vital resource for vulnerability management and a key component of cybersecurity defense.

The Eclipse Foundation is launching a new Open Regulatory Compliance Working Group on 24 September 2024. Payara Services is delighted to be a Participant member and the organization is keen to ensure as many development and security teams, small to medium-sized enterprises, and corporations as possible are aware of its work. And, of course, the more organizations that join the Open Regulatory Compliance Group, the stronger our impact can be. When we work together, we can better represent open-source software-related industries while the EU develops standards under the Cyber Resilience Act 2024 and subsequent data security compliance legislation.

In this blog post, we look at the history and development of the Eclipse Foundation as well as its new focus on cybersecurity compliance regulations through the new working group since July 2024.

Join us for an insightful webinar with Lenny Primak & Luqman Saeed, where we'll demystify security for your Jakarta EE applications using Apache Shiro.

Simplifying Security for Your Jakarta EE Applications with Apache Shiro

Wednesday, the the 4th of September, 4pm BST

Register: https://www.crowdcast.io/c/security-with-jakarta-and-apache-shiro

In an increasingly interconnected and digital world, it is no surprise that there has been a steady rise in the number and cost of security breaches over the last few years. To maximize the robustness and resilience of your applications and prevent any vulnerability from being exploited, it's important for companies to keep everything around their software up to date.

When it comes to application servers, it means using a modern, fully supported solution or upgrading to one quickly. With Java EE-based server runtime environments being outdated legacy software and lacking support, it is essential to migrate applications relying on these to favor an alternative, such as Jakarta EE, to safeguard your applications and data.

Introduction

Security is a paramount concern for modern web applications. Protecting sensitive data and user access necessitates a standardized approach. The OpenID Connect (OIDC) protocol, in conjunction with Identity Providers (IdPs) like Keycloak, and the Jakarta Security API integrated into Jakarta EE, offer a reliable solution. Together, they help streamline authentication and authorization in your Jakarta EE applications.

In the digital age, where data breaches are common and privacy is paramount, ensuring users use strong passwords is the first step to securing applications from never-ending threats. Passay, a Java password generation and policy management library helps enhance the security layer of any Java application. Let's dive into the core components of Passay in this blog post to see how you can employ it in your own applications. 

Securing applications is a critical aspect of modern software development, ensuring that only authorised users can access sensitive functionalities and data. In the realm of Java enterprise development, one of the robust solutions for securing applications is the use of MicroProfile JWT (JSON Web Tokens). This approach combines the strengths of Jakarta EE, with the agility and portability of MicroProfile standards, particularly for microservices architectures.

Download the Guide - 
Securing Jakarta EE Applications with MicroProfile JWT

Payara, a leading provider of Jakarta EE and MicroProfile runtimes, has been authorized by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA).

These days the world-wide open-source community celebrates the advent of Jakarta EE 10. It is then a good time to look at one of its most relevant and, at the same time, unknown parts: security!

In this blog, I'll give an introduction to Jakarta EE Security, and then explain how Payara Platform builds on Jakarta EE Security with built-in identity stores for RDBMS (Relational Database Management System) and LDAP (Lightweight Directory Access Protocol).

The April 2022 Payara Platform release is here! Payara Platform Community 5.2022.2 brings 13 bug fixes, 2 component upgrades, 3 improvements and 3 security fixes, whilst Payara Platform Enterprise 5.38.0 includes 2 bug fixes, 1 improvement and 4 security fixes. 

It includes the fix for "Spring4Shell", and improved support for Jakarta EE 9, as you can now run Jakarta EE 9 applications using PrimeFaces.

This release also gives Payara users the ability to use gRPC, the Google Remote Procedure Call Framework.

Please note: This is the penultimate Payara 5 Community release. Payara 6 Community will soon take its place, to be used with Jakarta EE 10. If you want to keep using earlier Java EE/Jakarta EE versions - we encourage you to move to Payara 5 Enterprise.