Title: Wider MultiByte conversions Buffer overflow is possible due to incorrect byte count . Title: Improve NTLM support writeSecurityBuffer writes a serialized security buffer to be used for NTLM auth. One of the fields that are serialized is a hostname provided by the name resolver. If this hostname is very long, integer truncation occurs, which would allow a malicious hostname to be partially re-interpreted as something else following a hostname, once the security buffer is deserialized on the other size. Title: Improve JNDI lookups JNDI DNS port numbers can be easily guessed and should be more random. Title: Key X509 usages Decoding of X509 keys may use excessive amount of heap memory. Title: Better HttpServer service HttpServer eagerly accepts connections which may exceed the limit. Title: Improve HTTP/1.1 client usage The HTTP/2 connection cache caches connection based on the IP address but not the SNI which can allow spoofing for servers on the same IP