Skip to main content

jGuard v0.2.0 Released

ยท 2 min read
Nicholas Knize
Nicholas Knize
CEO & Founder, Lucenia
jGuard Team
jGuard Team
jGuard Contributors

We're excited to announce the release of jGuard v0.2.0, a major update that makes jGuard production-ready for enterprise deployments.

What's New in v0.2.0โ€‹

Multi-Module Supportโ€‹

jGuard now supports JPMS applications with multiple modules, each with independent policies. Policies are auto-discovered from signed JARs:

# Policies automatically discovered from signed JARs
java -javaagent:jguard-agent.jar -jar your-app.jar

External Policies with Grant/Denyโ€‹

Deployers can now modify entitlements at deployment time without rebuilding applications:

security module com.vendor.library {
    // Remove dangerous capabilities from embedded policy
    deny module to network.outbound;
    deny module to native.load;
}

The merge logic is simple: denials always win.

Legacy Library Supportโ€‹

Apply jGuard security to third-party libraries that don't ship with policies:

security module legacy.untrusted.library {
    // Grant only what's needed
    entitle module to fs.read(config, "*.properties");
    // Everything else denied by default
}

CLI Toolsโ€‹

New command-line tools for policy management:

  • jguardc - Compile .jguard policy files
  • jguard inspect - Inspect policies in JARs
  • jguard list - List policies on a path
  • jguard diff - Compare two policies
  • jguard validate-override - Validate override policies

Policy Hot Reloadโ€‹

Update policies without restarting your application:

java -javaagent:jguard-agent.jar=policy.bin \
     -Djguard.reload=true \
     -Djguard.reload.interval=5 \
     -jar app.jar

Getting Startedโ€‹

Add jGuard to your Gradle project:

plugins {
    id "io.jguard.policy" version "0.2.0"
}

dependencies {
    implementation("io.jguard:jguard-core:0.2.0")
}

Create your policy in module-info.jguard:

security module com.example.myapp {
    entitle com.example.myapp.http.. to network.outbound;
    entitle com.example.myapp.io..   to fs.read(data, "**");
}

Run with enforcement:

./gradlew runWithAgent

Resourcesโ€‹

What's Nextโ€‹

We're already working on v0.3.0, which will focus on:

  • Prometheus/Micrometer metrics integration
  • IDE plugin for IntelliJ IDEA
  • Structured logging improvements

Thank you to all our contributors!