Free Java Update 8
Version 8 Update 241
Release date January 14, 2020
Important Oracle Java License Update
The Oracle Java License has changed for releases starting April 16, 2019.
The new Oracle Technology Network License Agreement for Oracle Java SE
is substantially different from prior Oracle Java licenses. The new license permits certain uses, such as personal use and development use, at no cost -- but other uses authorized under prior Oracle Java licenses may no longer be available. Please review the terms carefully before downloading and using this product. An FAQ is available here
Commercial license and support is available with a low cost Java SE Subscription
Oracle also provides the latest OpenJDK release under the open source GPL License
Your system currently has an older version of Java and you are receiving this update notification because a newer version has been automatically detected.
This release addresses security concerns. Oracle strongly recommends that all Java SE 8 users upgrade to this release.
Please install this free Java Update by clicking on the Update button on the Java Update window.
Installing this update will ensure that your Java applications continue to run as safely and efficiently as always.
- IANA Data 2019c
JDK 8u241 contains IANA time zone data version 2019c. For more information, refer to Timezone Data Versions in the JRE Software.
- New Feature: Allow SASL Mechanisms to Be Restricted
A security property named
jdk.sasl.disabledMechanisms has been added that can be used to disable SASL mechanisms. Any disabled mechanism will be ignored if it is specified in the
mechanisms argument of
Sasl.createSaslClient or the
mechanism argument of
Sasl.createSaslServer. The default value for this security property is empty, which means that no mechanisms are disabled out-of-the-box.
- New Feature: SunPKCS11 Provider Upgraded with Support for PKCS#11 v2.40
The SunPKCS11 provider has been updated with support for PKCS#11 v2.40. This version adds support for more algorithms such as the AES/GCM/NoPadding cipher, DSA signatures using SHA-2 family of message digests, and RSASSA-PSS signatures when the corresponding PKCS11 mechanisms are supported by the underlying PKCS11 library.
- Other notes: New Checks on Trust Anchor Certificates
New checks have been added to ensure that trust anchors are CA certificates and contain proper extensions. Trust anchors are used to validate certificate chains used in TLS and signed code. Trust anchor certificates must include a Basic Constraints extension with the cA field set to true. Also, if they include a Key Usage extension, the keyCertSign bit must be set.
JDK-8230318 (not public)
- Other notes: Exact Match Required for Trusted TLS Server Certificate
A TLS server certificate must be an exact match of a trusted certificate on the client in order for it to be trusted when establishing a TLS connection.
JDK-8227758 (not public)
- Other notes: Added LuxTrust Global Root 2 Certificate
LuxTrust root certificate has been added to the cacerts truststore
- Other notes: Added 4 Amazon Root CA Certificates
Amazon root certificate has been added to the cacerts truststore
- Bug Fixes: Support for OpenType CFF Fonts
Previously, Oracle JDK 8 did not include OpenType CFF fonts (.otf fonts) into the standard logical fonts (such as "Dialog" and "SansSerif"). This resulted in missing glyphs when rendering text. In the most extreme cases where only CFF fonts were installed on the system, a Java exception could be thrown.
Several Linux distributions were affected by this issue because they rely on CFF fonts to support some languages, which is common for CJK (Chinese, Japanese, and Korean) languages.
Oracle JDK 8 now uses these CFF fonts, and this issue has been resolved.
- Bug Fixes: Better Serial Filter Handling
jdk.serialFilter system property can only be set on the command line. If the filter has not been set on the command line, it can be set can be set with
java.io.ObjectInputFilter.Config.setSerialFilter. Setting the
java.lang.System.setProperty has no effect.
JDK-8231422 (not public)
» More information on 8u241
This release contains fixes for security vulnerabilities. For more information, see the Oracle Java SE Critical Patch Update Advisory.
For a list of bug fixes included in this release, see JDK 8u241 Bug Fixes page.
Java Expiration Date
The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u241) will expire with the release of the next critical patch update scheduled for April 14, 2020.
For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u241) on May 14, 2020. After either condition is met (new release becoming available or expiration date reached), Java will provide additional warnings and reminders to users to update to the newer version.
» More information on Java Update
Detailed technical information about this release can be found in the Java 8 Release Notes
» Previous release changes FAQ