Oracle Java SE 8u221 fixes an unspecified vulnerability in the JavaFX component (CVE-2020-2585). Upstream has CVSS scored this issue as: 5.9/CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N External Reference: https://www.oracle.com/security-alerts/cpujan2020.html#AppendixJAVA