Free Java Update 8

Version 8 Update 491

Release date: April 21, 2026

Your system currently has an older version of Java and you are receiving this update notification because a newer version has been automatically detected.

This release addresses security concerns. Oracle strongly recommends that all Java SE 8 users upgrade to this release.

Please install this free Java Update by clicking on the Update button on the Java Update window.


Installing this update will ensure that your Java applications continue to run as safely and efficiently as always.


Release Highlights
  • JDK 8u491 contains IANA time zone data 2026a .
    For more information, refer to Timezone Data Versions in the JRE Software.
  • New Features: Enhanced keytool Password Handling When Output Is Redirected
    The keytool command reads passwords from the system console to prevent them from being displayed on the screen. However, the console is usually available only when both the standard input and output streams are not redirected. Previously, if the standard output stream was redirected into a file or another command, the console was unavailable and the input password was echoed on the screen. This enhancement improves password handling to ensure that the password is not displayed on the screen even if the standard output stream is redirected. This enhancement has also been made to the jarsigner command and the JAAS TextCallbackHandler API.
    JDK-8354469
  • Other Notes: Oracle JDK 8 Includes JavaFX for a Limited Time
    JavaFX is again included with JDK 8, although it has a shorter support timeline than JDK 8. Update releases of JDK 8 after March 2028 will not include JavaFX. Visit www.oracle.com/javase/javafx for details.
    JDK-8371301 (not public)
  • Other Notes: Distrust TLS Server Certificates Anchored by Chunghwa Root Certificates and Issued After March 17, 2026
    The JDK will stop trusting TLS server certificates issued after March 17, 2026 and anchored by Chunghwa root certificates, in line with similar plans announced by Google and Mozilla. TLS server certificates issued on or before March 17, 2026 will continue to be trusted until they expire. Certificates issued after that date, and anchored by the Certificate Authority listed in the table below, will be rejected. The restrictions are enforced in the JDK implementation (the SunJSSE Provider) of the Java Secure Socket Extension (JSSE) API. A TLS session will not be negotiated if the server's certificate chain is anchored by any of the Certificate Authorities in the table below and the certificate has been issued after March 17, 2026. An application will receive an exception with a message indicating the trust anchor is not trusted, for example: "TLS Server certificate issued after 2026-03-17 and anchored by a distrusted legacy Chunghwa root CA: OU=ePKI Root Certification Authority, O="Chunghwa Telecom Co., Ltd." C=TW"
    The JDK can be configured to trust these certificates again by removing "CHUNGHWA_TLS" from the jdk.security.caDistrustPolicies security property in the java.security configuration file.
    See JDK-8369282
» More information on 8u481

Bug Fixes

This release also contains fixes for security vulnerabilities described in the Oracle Critical Patch Update. For a more complete list of the bug fixes included in this release, see 8u491 Release notes.

Java Expiration Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 8u491) be used after the next critical patch update scheduled for July 21, 2026.

Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u491) on 2026-08-21. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see 23.1.2 JRE Expiration Date in the Java Platform, Standard Edition Deployment Guide.


Related Information

» More information on Java Update
» Detailed technical information about this release can be found in the Java 8 Release Notes.
» Previous release changes FAQ