Java Java | Oracle
DownloadsDocumentationTechnologiesTrainingSupport

Java Runtime Environment Update Required

Your installed version contains critical security vulnerabilities. Update immediately.

Security Alert — Immediate Action Required

Oracle has identified critical vulnerabilities in your current Java installation. These vulnerabilities allow remote attackers to execute arbitrary code and compromise system security without user interaction.

PropertyDetails
Installed VersionJava 8 Update 371 (1.8.0_371)
Update VersionJava 8 Update 411 (1.8.0_411)
CVSS Score9.8 — Critical
CVE ReferencesCVE-2024-21011, CVE-2024-21068, CVE-2024-21094
PlatformWindows x64
File Size57.2 MB
Release Date

Automatic download starting in

6
seconds

What this update addresses

  • Critical deserialization vulnerability allowing unauthenticated remote code execution (CVE-2024-21011)
  • Bypass of Java security manager enabling privilege escalation to SYSTEM level
  • Memory corruption flaw in the JNDI/LDAP lookup mechanism
  • Fixes Log4Shell-variant attack surface in embedded logging libraries
  • Improved sandbox enforcement for unsigned applets and web start applications
Copyright © 2024 Oracle Corporation. All rights reserved. Oracle and Java are registered trademarks of Oracle and/or its affiliates.