On February 1, Oracle released its latest Critical Patch Update for Java SE in order to address a number of vulnerabilities exploited in the wild. However, the company plans to release an updated version of the CPU.
Initially, the CPU was scheduled to be released on February 19. Since the company was forced to rush the CPU, the variant issued on February 1 didn't include a small number of fixes that were initially intended for inclusion in this month’s update.
Therefore, Oracle will release an update for the update on February 19 to include the fixes that couldn’t be pushed out on February 1. A new advisory will also be published to detail the additional improvements.
“Note that Critical Patch Updates for Java SE are cumulative. As a result, organizations that may not have applied the February 1st release will be able to apply the updated Critical Patch Update when it is published, and will then gain the benefit of all previously released Java SE fixes,” Oracle's director of software security assurance, Eric Maurice, explained