Java Platform, Standard Edition 6
Update Release Notes
Changes in 1.6.0_22 (6u22)
The full internal version number for this update release is 1.6.0_22-b04 (where "b" means "build"). The external version number is 6u22.
Java SE 6u22 contains Olson time zone data version 2010l. For more information, refer toTimezone Data Versions in the JRE Software.
Java SE 6u22 specifies the following security baselines for use with Java Plug-in technology:
| JRE Family Version | Java SESecurity Baseline | Java for BusinessSecurity Baseline |
|---|---|---|
| 6 | 1.6.0_22 | 1.6.0_22 |
| 5.0 | 1.5.0_22 | 1.5.0_26 |
| 1.4.2 | 1.4.2_19 | 1.4.2_28 |
For more information about the security baseline, seeDeploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .
Added new Entrust Root CA-G2 and updated Entrust.net CA (2048) root certificates. (Refer to6959911.)
The fix for CVE-2010-3560 could cause certain Java applets running in the new Java Plug-in to stop working if they are embedded in web pages which contain JavaScript that calls into Java in order to perform actions which require network security permissions. These applets may fail with a network security exception under some circumstances if the name service which resolved the original web page URL host name does not return a matching name as the result of a reverse address lookup. This is most likely to occur for the new Java Plug-in running on Solaris and Linux when configured to use NIS for host to network address resolution with maps containing host names which are in short form (rather than as a fully qualified domain name).
If an applet is suspected of failing due to this change you can verify that by setting the logging level of the Java Console to 5 and looking for logging strings beginning with "socket access restriction" which will describe the specific cause of the mismatch and will help in identifying the correct workaround to use as described below:
- Add a new host name forward map entry (in /etc/hosts, NIS, or DNS) in a special form which is recognized by Java for the purpose of validating IPv4 and IPv6 name service mappings.
- The IPv4 general name form followed by an /etc/hosts file fragment example for IP address 10.11.12.13 is:
host.auth.ddd.ccc.bbb.aaa.in-addr.arpa # /etc/hosts example 10.11.12.13 foo.bar.com.auth.13.12.11.10.in-addr.arpaThere is an equivalent form for IPv6 addresses which uses the IP6.ARPA domain root format defined in RFC 3596.
For DNS, these would be A (IPv4) or AAAA (IPv6) entries.
- Pre-pend a fully qualified host name before other mappings to the same address. For example, in /etc/hosts format:
#10.11.12.13 foo loghost 10.11.12.13 foo.bar.com foo loghostAs an alternative to updating name service records, it may be possible to safely modify the applet to perform the network action using only it's own permissions independent of the web page which contains it by using the doPrivileged() method of the java.security.AccessController class.
Transport Layer Security (TLS) Man-In-The-Middle Renegotiation Issue Resolved
For more information, please see theTLS Renegotiation Issue README.
Related information on the solution to the TLS Renegotiation issue:
- The JSSE Reference Guide
- Standard Names: Supported Cipher Suites
- Sun Providers Documentation: Supported Cipher Suites
BugId Category Subcategory Description 6897143 hotspot garbage_collector Stress test crashes during HeapInspection using ParallelGC 6919638 hotspot garbage_collector CMS: ExplicitGCInvokesConcurrent misinteracts with gc locker 6837842 hotspot jni JNI_CreateJavaVM crashes under impersonation 6948223 idl orb Corba issue, fail to reload object 6969236 java build Regression: JRE identification fails due to Oracle rebranding in java.exe 6893325 java classes_awt JComboBox and dragging to an item outside the bounds of the containing JFrame is not selecting that 6974093 java classes_lang Thread.clone should NOT invoke addUnstarted on started threads 6959911 java classes_security Update Entrust.net CA (2048) root and add new Entrust Root CA-G2 6725789 java classes_util_concurrent ScheduledExecutorService does not work as expected in jdk7/6/5 6547241 java imageio JPEGImageReader.readImage crash 6557086 java imageio Attempt to dispose jpeg reader form another thread may cause crash 6944981 java_deployment general Name field missing in mix code security warning dialog for Java Webstart application 6869937 java_plugin plugin2 New Plugin - Vista&XP Focus never returned to browser 6846148 jaxb-xsd runtime Namespace gets lost for null scope while using RetQName 6946312 jaxp sax XML parser omits characters callback to ContentHandler since 6u18 6957378 jmx classes JMX memory leak