JDK 21, released on September 19, 2023, introduces several interesting and useful security enhancements. Some highlights include a new API for Key Encapsulation Mechanism (KEM) that will help Java applications withstand large-scale quantum computer attacks, and the support for signature verification of the Leighton-Micali Signature (LMS) system with the Hierarchical Signature System (HSS). The release also includes enhancements for PBES2 password-based cryptography algorithms, XML Signature support for the EdDSA algorithm, and the ability to toggle XML Signature secure validation mode. Additionally, new root CA certificates have been added to the cacerts keystore, and the default Diffie-Hellman group size for TLS has been increased to 2048 bits.
https://seanjmullan.org/blog/2023/09/22/jdk21