Download Bouncy Castle for Java LTS
Welcome to the download page for Bouncy Castle Java LTS. In addition to the available access options, including Maven Central, direct download, and GitHub, you will find searchable release notes and links to API and other documentation. Use the Java long-term support (LTS) version of the Bouncy Castle APIs when long-term stability is crucial for your application, providing a reliable and secure foundation over an extended period.
Maven
The Bouncy Castle Java LTS jars are mirrored on the Maven central repository.
Download from bouncycastle.org
We facilitate effortless downloads through bouncycastle.org, simplifying the process for our users.
GitHub
Access Bouncy Castle APIs Java LTS package on GitHub, where you can also report issues, join discussions, and contribute to the software.
Documentation
Check out the Bouncy Castle for Java documentation, including the LTS documentation for clear guidance and examples.
Join the discussion
You can ask questions and learn from specialists in the Bouncy Castle Java forum on GitHub Discussions. We highly appreciate and value your input.
Report an issue
If you encounter any issues that require attention, feel free to report them in our GitHub repository.
Release notes
Find out detailed information about the latest release and search in older release notes.
Beta testing
The current working betas, when available, for the next release for JDK 1.8 and later can be found here. If you need a beta to be made available for another version of Java please ask by emailing feedback-crypto@bouncycastle.org.
Donate to support the Bouncy Castle APIs
Supporting Bouncy Castle is now a substantial effort, the Java API is now over 300,000 lines, the C# one well past 140,000.
Bouncy Castle Java LTS Downloads
The LTS release is based off BC 1.73. Where possible it has been updated from the regular BC Java release, but avoiding changes which might break existing API. For this reason the LTS release does not currently include the PQC algorithms, although we expect to add them once they stabilize.
The 2.73.X Java LTS release will be updated in general until the end of 2027, with security only patches till the end of 2028. The next LTS cycle will begin in 2027. Users looking to extend the 2.73.X Java LTS release beyond 2028 can do so via our support program.
Except where otherwise stated, this software is distributed under the regular Bouncy Castle license. For full details of other licenses involved, see Third party licenses.
Distribution Files (JAR format)
The current release is BC-LTS 2.73.8.
Release notes
Find out detailed information about the Java LTS releases.
BC-LTS 2.73.8 is based off BC Java 1.81. It includes bug fixes and improvements from BC Java 1.80 and BC Java 1.81. Important changes include support for the IETF encoding mechanisms for ML-KEM and ML-DSA private keys, support for ML-KEM and ML-KEM Hybrid in TLS as well as fixes for the following CVEs:
- CVE‐2025‐9340: Cipher.doFinal() using the same input and output array could overwrite the input before reading, resulting in corrupted data.
- CVE‐2025‐9341: Fix for a garbage collection issue which has been showing up around AESNativeCBC ciphers. Previously use of a private local class appeared to slow down garbage collection on some JVMs to the point where an OutOfMemoryError could occur.