Some customers expect to move to the latest version of the JRE product (N) or (N-1).
The version of JRE that comes with the Symantec DLP installer is older than N or N-1.
Is there any reason why DLP comes with a JRE version that is so out of date?

DLP release 15.7 ships with JRE 1.8.0_202 by default.
DLP release 15.8 ships with OpenJRE 1.8.0_262 by default.
DLP release 16.0 ships with OpenJRE 1.8.0_322 by default.
DLP release 16.0.1 ships with OpenJRE 1.8.0_352 by default

As long as we are supporting the DLP release in use we will continue to support the JRE version that it was shipped with.
All testing and certification done on each release was only with the JRE version we supplied at the time, we cannot foresee all future JRE vulnerabilities that might appear at a later date. 

You can upgrade the JRE version to the supported OpenJRE if required, for details see How to upgrade JRE (Java Runtime Environment) on DLP 15.7/15.8/16.0.

We now use a version of OpenJRE from https://adoptopenjdk.net/, you can find more details in the following guides:

Steps to update the JRE in DLP 16.0

Steps to Update the JRE in DLP 16.0.1

For 15.8, see the “About updating the JRE to the latest version” section in the Upgrade Guide:

Symantec_DLP_15.8_Upgrade_Guide_Win.pdf

Symantec_DLP_15.8_Upgrade_Guide_Lin.pdf