Oracle.com Documentation Security Community

Java Runtime Environment Update Available

A new security update is available for Java SE. Update now to stay protected.

Released January 21, 2025 · Downloads are available through your Oracle Account

Security Advisory: Java SE 8 Update 411 and earlier versions contain multiple security vulnerabilities. Oracle strongly recommends upgrading to Java SE 8 Update 421 (Critical Patch Update - January 2025).

Current Release Information

ProductJava SE Runtime Environment 8
Version8 Update 421 (JRE 1.8.0_421-b09)
Release DateJanuary 21, 2025
Patch TypeCritical Patch Update (CPU)
Security Baseline1.8.0_421
IANA Data2024i
Bundled Agentjavax.exe v2.4.1

What's New in This Update

This release contains fixes for security vulnerabilities and bug fixes. Oracle strongly recommends that all Java SE users upgrade to this release.

System Requirements

  • Windows 10, 11 (x64) or Windows Server 2016+
  • macOS 12 (Monterey) or later, Apple Silicon supported
  • Oracle Linux 7.x+ / Red Hat Enterprise Linux 7.x+
  • Ubuntu 20.04 LTS+ / Debian 10+
  • 128 MB RAM minimum (256 MB recommended)
  • 180 MB available disk space
  • TCP/IP networking for applet and application connectivity

Important Notes

Starting with Java SE 8 Update 401, Oracle has implemented enhanced security defaults for TLS connections. Applications relying on TLS 1.0 or 1.1 may need configuration changes.

The Java Control Panel has been updated to reflect new telemetry preferences. See Usage Tracker for details.

For enterprise deployments, refer to the Deployment Rule Set documentation for managing Java security in your organization.