JDK 8u74 Release Notes

Java SE 8u74 Bundled Patch Release (BPR) - Bug Fixes and Updates

The following sections summarize changes made in all Java SE 8u74 BPRs. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.

To determine the version of your JDK software, use the following command:

java -version

Changes in Java SE 8u74 b32

Bug Fixes

BugId Component Subcomponent Summary
6675699 hotspot compiler need comprehensive fix for unconstrained ConvI2L with narrowed typed
8130735 client-libs javax.swing javax.swing.TimerQueue: timer fires late when another timer starts
8038837 security-libs Add support to jarsigner for specifying timestamp hash algorithm
deploy plugin pac file returns wrong proxy with IE only due to broken wildcarding
deploy plugin .pac file returns wrong proxy
deploy webstart NPE is introduced by 8133458

Changes in Java SE 8u74 b31

Please note that fixes from the prior BPR (8u72 b31) are included in this version.

Bug Fixes

BugId Component Subcomponent Summary
8144963 deploy webstart Javaws checks jar files twice if JVM needs to be restarted
deploy webstart (JWS)LazyRootStore leak when calling getResourceAsStream on non-class resource
8142982 deploy webstart Race Condition can cause CacheEntry.getJarSigningData() to return null.

Java™ SE Development Kit 8, Update 74 (JDK 8u74)

The full version string for this update release is 1.8.0_74-b02 (where "b" means "build"). The version number is 8u74.

This update release contains several enhancements and changes including the following. 

IANA Data 2015g

JDK 8u74 contains IANA time zone data version 2015g. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 8u74 are specified in the following table:

JRE Family Version JRE Security Baseline (Full Version String)
8 1.8.0_71
7 1.7.0_95
6 1.6.0_111

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

JRE Expiration Date

The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 8u74) will expire with the release of the next critical patch update scheduled for April 19, 2016.

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 8u74) on May 19, 2016. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.


Oracle strongly recommends that Java users who have downloaded affected versions and plan future installations with these downloaded versions discard these old downloads. Java users who have installed the January 2016 Critical Patch Update versions of Java SE 6, 7, or 8 need take no action. Java users who have not installed the January 2016 Critical Patch Update versions of Java SE 6, 7, or 8 should upgrade to the Java SE 6, 7, or 8 releases from the Security Alert for CVE-2016-0603.

The demos, samples, and Documentation bundles for 8u74 are not impacted by the Security Alert for CVE-2016-0603, so version 8u72 demos, samples, and Documentation bundles remain the most up to-date version until the April Critical Patch Update release.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see the Oracle Java SE Critical Patch Update Advisory.