Oracle has recently released a new version of Java 8, which is the Java 8 Update 271. This critical patch update addresses a total of 402 vulnerabilities that could have been exploited in older versions of Oracle products.
Oracle states the following:
Oracle continues to periodically receive reports of attempts to maliciously exploit vulnerabilities for which Oracle has already released security patches. In some instances, it has been reported that attackers have been successful because targeted customers had failed to apply available Oracle patches.Oracle critical patch advisory
This tells us that some attackers have been successful in infiltrating consumer PCs. Therefore, it is important to update your Java version to the latest update using the guide below.
Oracle has changed the Java Runtime license so that it is free for use only for non-commercial and personal usage. You will need to accept the license agreement before installing Java on your computer.
Table of Contents
- Latest Java Version: Java 8 Update 271-b09
- Release date: October 20th, 2020 (All version release dates here)
- Last stable version: Java 8 Update 261
- Compatible OS: Windows 10, Windows 8 and Windows 7, macOS, Linux, and Solaris
- License: Free
Please note that Java 8 only runs on Internet Explorer as a browser extension.
New features and bug fixes
Java 8 Update 271 comes with the following updates:
- A new security property, jdk.disabled.namedCurves, is implemented to list the named curves common to all of the
disabledAlgorithmsproperties at once. Use the new property in the disabledAlgorithms properties, precede the full property name with the keyword included.
- The Kerberos client can now take advantage of more dynamic environment configurations and do not necessarily need to know (in advance) how to reach the realm of a target principal, thanks to enhancements made to the Kerberos client with the support of principal name canonicalization and cross-realm referrals.
- A new environment property,
jdk.jndi.ldap.mechsAllowedToSendCredentials, has been added to control which LDAP authentication mechanisms are allowed to send credentials over
With this new update, Oracle has also started to remove the Java Plugin from JDK 8u for Linux, Solaris, and macOS platforms, since the NPAPI plugin is considered vulnerable and has been disabled by the majority of the browsers.
You can read the complete change log in the release notes here.
Here is the list of Oracle Java SE risk matrix that gives details about each vulnerability like affected Java version, affected component of Java, the type of exploit possible, and its scope.
You can read more about this matrix here.
How to update Java Runtime Environment to version 8 Update 271
Updating to the latest version is quite easy. But if you want to know what version of Java is already installed on your computer, you can follow our tutorial about Java here.
- Go to Oracle Java download page.
- Under the Java SE Runtime Environment 8u271 section, you will see a list of products. Click on the download link beside your desired product.
- Accept the license agreement in the pop-up and then click the Download button. Your download should now start.
- Now simply run the downloaded package and follow through with the installation wizard. You will not need to remove any older versions of Java as they are automatically overwritten.
Note that you will need to be logged in to Oracle’s website to download the latest Java update.
Although it is important to update your Java version as soon as possible to avoid any attacks, updates can cause some applications to stop working. Hence, it is recommended to create a restore point before doing so.