Java is a programming language and software platform. Examples of applications that use Java are numerous and widespread but include web browsers, office applications, and even games like Minecraft are based on Java.

The full version string for this update release is 21.0.10+8 (where "+" means "build"). The version number is 21.0.10. Complete release notes for Java 21.0.10 can be found here.

If you need to run Java applications, downloading and installing the JRE (Java Runtime Environment) is enough. If you're developing Java applications, you'll want to download the JDK, which also includes the JRE.

For full information and terms, refer to the OTN License Agreement for Java SE. The OTN License Agreement for Java SE for current Oracle Java SE releases allows them to be used, without cost:

  • (i) For personal use on a desktop or laptop computer, such as to play games or run other personal applications.
  • (ii) For development, testing, prototyping, and demonstrating applications, including to use by/with profilers, debuggers, and Integrated Development Environment tools.
  • (iii) For use with some approved products, such as Oracle SQL Developer, or as an end user of a software application created by an approved product. (referred to as "Schedule A" and "Schedule B" Products in the OTN License Agreement for Java SE)
  • (iv) With identified Oracle Cloud Infrastructure products.

The latest version of Java is Java 26 or JDK 26 released on March 2026. However, many versions of Java are actively maintained for compatibility purposes. Java 8, Java 11, Java 17, Java 21, and Java 25 are the five long-term support versions recommended by Oracle alongside the latest release. You can download the version you need below:

Java 8 is the last free software public update for commercial use, which explains why it remains popular even though it was released back in 2014. Oracle plans to maintain it until at least 2030. Also, you should know that some applications might refer to Java 8 as version 1.8.0.

What is Java JDK?

The Java Development Kit (JDK) is the full-featured software development kit for Java developers. It has everything the JRE has, but adds the compiler (javac) and tools (like javadoc and jdb). The JDK allows you to create and compile Java programs.

Is Java free to use?

Yes, Java is free to use under the jdk.java.net license. This means anyone can download it for personal or development use at no cost. Oracle does charge for long term support, but this is optional.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 11.0.22 are specified in the following table:

JRE Family Version = JRE Security Baseline (Full Version String)

  • 21 = 21.0.10+8

Keeping the JDK up to Date

Oracle recommends that the JDK is updated with each Critical Patch Update. In order to determine if a release is the latest, the Security Baseline page can be used to determine which is the latest version for each release family.

Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Bulletins. It is not recommended that this JDK (version 21.0.4) be used after the next critical patch update scheduled for October 15, 2024.

Java Management Service, available to all users, can help you find vulnerable Java versions in your systems. Java SE Subscribers and customers running in Oracle Cloud can use Java Management Service to update Java Runtimes and to do further security reviews like identifying potentially vulnerable third party libraries used by your Java programs. Existing Java Management Service user click here to log in to your dashboard. The Java Management Service Documentation provides a list of features available to everyone and those available only to customers. Learn more about using Java Management Service to monitor and secure your Java Installations.

What's New

Oracle JDK 21 LTS, released in September 2023, has been permissively licensed under the free Java license and will continue to be so until one year after the subsequent LTS release. Oracle designated Oracle JDK 25, released in September of 2025, as a Long Term Support (LTS) release. Therefore, update releases of Oracle JDK 21 after September of 2026 will switch to the Java SE OTN license, the same license under which we offer updates to Java 8, 11, and 17. Users wishing to receive updates of the Oracle JDK under the free Java license should migrate to Oracle JDK 25.

New Features

core-libs/java.rmi

➜ Endpoint Identification Enabled By Default for RMI Connections Over TLS (JDK-8341496 (not public))

RMI will use TLS connections if the javax.rmi.ssl.SslRMIClientSocketFactory class is used. These connections now have TLS endpoint identification enabled by default. This may cause some previously-working TLS connections to fail. If this occurs, ensure that the certificate presented by the server has a Subject Alternative Name that matches the server's hostname. Alternatively, endpoint identification for RMI TLS connections can be disabled on the client side by setting the jdk.rmi.ssl.client.enableEndpointIdentification system property to false.

security-libs/javax.net.ssl

➜ Mechanism to Disable Signature Schemes Based on Their TLS Scope (JDK-8349583)

security-libs/javax.net.ssl

➜ Mechanism to Disable TLS Cipher Suites by Pattern Matching (JDK-8341964)

security-libs/javax.xml.crypto

➜ Update XML Security for Java to 3.0.5 (JDK-8344137)

Bug Fixes

  • JDK-8355528client-libs/2dUpdate HarfBuzz to 11.2.0
  • JDK-8358452client-libs/java.awtJNI exception pending in Java_sun_awt_screencast_ScreencastHelper_remoteDesktopKeyImpl of screencast_pipewire.c:1214 (ID: 51119)
  • JDK-8360647client-libs/java.awt[XWayland] [OL10] NumPad keys are not triggered
  • JDK-8351907client-libs/java.awt[XWayland] [OL10] Robot.mousePress() is delivered to wrong place
  • JDK-8185429client-libs/java.awt[macos] After a modal dialog is closed, no window becomes active
  • JDK-8341311client-libs/javax.accessibility[Accessibility,macOS,VoiceOver] VoiceOver announces incorrect number of items in submenu of JPopupMenu
  • JDK-8365375client-libs/javax.swingMethod SU3.setAcceleratorSelectionForeground assigns to acceleratorForeground
  • JDK-8348760client-libs/javax.swingRadioButton is not shown if JRadioButtonMenuItem is rendered with ImageIcon in WindowsLookAndFeel
  • JDK-8322512core-libs/java.langStringBuffer.repeat does not work correctly after toString() was called
  • JDK-8319174core-libs/java.mathEnhance robustness of some j.m.BigInteger constructors
  • JDK-8358764core-libs/java.nio(sc) SocketChannel.close when thread blocked in read causes connection to be reset (win)
  • JDK-8314611core-libs/java.util:i18nProvide more explicative error message parsing Currencies
  • JDK-8343804core-libs/java.util:i18nShow the default time zone with -XshowSettings option
  • JDK-8353713core-libs/java.util:i18nImprove Currency.getInstance exception handling
  • JDK-8368308core-libs/java.util:i18nISO 4217 Amendment 180 Update - Bulgaria Adopts the Euro in 2026
  • JDK-8226919core-svc/toolsattach in linux hangs due to permission denied accessing /proc/pid/root
  • JDK-8347564hotspot/gcZGC: Crash in DependencyContext::clean_unloading_dependents
  • JDK-8364258hotspot/jfrThreadGroup constant pool serialization is not normalized
  • JDK-8332506hotspot/runtimeSIGFPE In ObjectSynchronizer::is_async_deflation_needed()
  • JDK-8350201hotspot/runtimeOut of bounds access on Linux aarch64 in os::print_register_info
  • JDK-8348402hotspot/runtimePerfDataManager stalls shutdown for 1ms
  • JDK-8347129hotspot/runtimecpuset cgroups controller is required for no good reason
  • JDK-8338154hotspot/testFix -Wzero-as-null-pointer-constant warnings in gtest framework
  • JDK-8315042security-libs/java.securityNPE in PKCS7.parseOldSignedData
  • JDK-8350830security-libs/java.securityValues converted incorrectly when reading TLS session tickets
  • JDK-8350582security-libs/javax.net.sslCorrect the parsing of the ssl value in javax.net.debug
  • JDK-8355779security-libs/javax.net.sslWhen no "signature_algorithms_cert" extension is present we do not apply certificate scope constraints to algorithms in "signature_algorithms" extension
  • JDK-8350807security-libs/javax.net.sslCertificates using MD5 algorithm that are disabled by default are incorrectly allowed in TLSv1.3 when re-enabled
  • JDK-8332106tools/javacVerifyError when using switch pattern in this(...) or super(...)