Oracle has just released Java version 8u121, which contains important security fixes, and is a strongly recommended update for all using Java. It’s available from here.
Fixes listed include improved protection for JNDI remote class loading, and enhancement of the jarsigner tool. XML signatures now require a minimum key length of 1024 bits. Mac trackpad scrolling should be fixed too.
This release has a grand total of 17 new security fixes, of which 16 may be exploitable remotely without any need for authentication. That sounds like an urgent and essential update to me.