On January 17, Oracle published a Critical Patch Update Advisory for January 2017. The advisory lists Java 8 Update 111 as an ‘affected product’ but says nothing at all about a new version or what has changed. For that information, you have to dig around on the Oracle site: a good starting point is the main page for Java SE. There you’ll find links to news, release notes, and downloads for new Java versions.
The new version — Java 8 Update 121 — includes fixes for seventeen security vulnerabilities and eleven other bugs in previous versions. If you use a web browser with an enabled Java add-on, you should install the new version as soon as possible.
Mystery solved
On a related note: I missed the previous Java update (October 18, 2016) because the Oracle Security Advisory RSS feed stopped working in my RSS reader, Feedly. In Feedly, the last post shown from that feed is from July 2016.
To rule out a problem with the feed itself, I checked it in another RSS reader, The Old Reader, where it worked perfectly.
Feedly provides support via Uservoice, so I headed over there and looked for anyone reporting similar issues. And found someone with the exact same problem, which he reported in the form of a suggestion. Rather than create my own report, I added a comment with my observations, and applied as many upvotes as I could to the existing suggestion.
Hopefully the Feedly folks will see this and do something about it. I depend on RSS feeds to stay on top of technology news, and if my RSS reader is unreliable, I can’t use it.
Meanwhile, I’ll continue to rely on other sources for Java update news, including the CERT feed, which is how I learned of the January 2017 Oracle advisory.
Update 2017Jan20: I reported the feed problem to Feedly, and they immediately responded, saying that Oracle appears to be blocking Feedly for some reason. They are working on the problem.