IBM Java SE version 8 includes the IBM Java Runtime Environment and the IBM Java Software Development Kit. This update upgrades IBM Java SE 8 to version 8 SR5-FP40. Security Fix: * IBM JDK: Out-of-bounds access in the String.getBytes method * IBM JDK: Failure to privatize a value pulled out of the loop by versioning * OpenJDK: Insufficient checks of suppressed exceptions in deserialization * OpenJDK: Unbounded memory allocation during deserialization in Collections * OpenJDK: Missing URL format validation * OpenJDK: Insufficient restriction of privileges in AccessController * libpng: use-after-free in png_image_free in png.c For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.