Memory Leak in javax.crypto.JceSecurity

Article ID:360038788332
1 minute readKnowledge base


  • I am experiencing a memory leak related to the javax.crypto.JceSecurity class. Jenkins JVM heap utilization is unexpectedly climbing over time.

Example of Heap Dump Analysis:

The class "javax.crypto.JceSecurity", loaded by "<system class loader>", occupies 6,209,610,104 (91.15%) bytes. The memory is accumulated in one instance of "java.util.concurrent.ConcurrentHashMap$Node[]" loaded by "<system class loader>"



This issue was recently reported by a CloudBees customer who was running an unsupported JDK, Azul Zulu JDK. The issue looks similar to an earlier reported issue within the JDK issue tracker: which appears to have been recently resolved as part of Azul Zulu’s January 2020 release notes which incorporates a fix for

Using either OpenJDK or Oracle JDK resolves this issue.


At this time, CloudBees does not support Azul Zulu JDK. Vendors like Azul Zulu go through a certification performed by the Java Community Process (JCP), which provides a Technology Compatibility Kit (TCK) and essentially marks them as compatible, but that doesn’t mean they are not different, or come with their own inherent issues.

Therefore it is recommended to always use a supported Java JDK.