Java Platform, Standard Edition 6

Update Release Notes

  Update Release Notes Index JDK Documentation

Update Release Notes Index

Update Release Notes Index

Changes in 1.6.0_22 (6u22)

The full internal version number for this update release is 1.6.0_22-b04 (where "b" means "build"). The external version number is 6u22.

OlsonData 2010l

Java SE 6u22 contains Olson time zone data version 2010l. For more information, refer to Timezone Data Versions in the JRE Software

Security Baseline

Java SE 6u22 specifies the following security baselines for use with Java Plug-in technology:

JRE Family Version Java SE
Security Baseline
Java for Business
Security Baseline
6 1.6.0_22 1.6.0_22
5.0 1.5.0_22 1.5.0_26
1.4.2 1.4.2_19 1.4.2_28


On October 30, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Java SE 5.0 reached its end of service life on November 3, 2009, with the release of 5.0u22. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) and Java SE 5.0 (5.0u23 and above) include the Access Only option and are available to Java for Business subscribers.

For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .

 

Root Certificates

Added new Entrust Root CA-G2 and updated Entrust.net CA (2048) root certificates. (Refer to 6959911.)

CVE-2010-3560

The fix for CVE-2010-3560 could cause certain Java applets running in the new Java Plug-in to stop working if they are embedded in web pages which contain JavaScript that calls into Java in order to perform actions which require network security permissions. These applets may fail with a network security exception under some circumstances if the name service which resolved the original web page URL host name does not return a matching name as the result of a reverse address lookup. This is most likely to occur for the new Java Plug-in running on Solaris and Linux when configured to use NIS for host to network address resolution with maps containing host names which are in short form (rather than as a fully qualified domain name).

If an applet is suspected of failing due to this change you can verify that by setting the logging level of the Java Console to 5 and looking for logging strings beginning with "socket access restriction" which will describe the specific cause of the mismatch and will help in identifying the correct workaround to use as described below:

  • Add a new host name forward map entry (in /etc/hosts, NIS, or DNS) in a special form which is recognized by Java for the purpose of validating IPv4 and IPv6 name service mappings.
  • The IPv4 general name form followed by an /etc/hosts file fragment example for IP address 10.11.12.13 is:

     

        host.auth.ddd.ccc.bbb.aaa.in-addr.arpa
    
        # /etc/hosts example
        10.11.12.13    foo.bar.com.auth.13.12.11.10.in-addr.arpa
    

     

    There is an equivalent form for IPv6 addresses which uses the IP6.ARPA domain root format defined in RFC 3596.

    For DNS, these would be A (IPv4) or AAAA (IPv6) entries.

  • Pre-pend a fully qualified host name before other mappings to the same address. For example, in /etc/hosts format:

     

        #10.11.12.13   foo loghost
        10.11.12.13    foo.bar.com foo loghost
    

     

    As an alternative to updating name service records, it may be possible to safely modify the applet to perform the network action using only it's own permissions independent of the web page which contains it by using the doPrivileged() method of the java.security.AccessController class.

    Transport Layer Security (TLS) Man-In-The-Middle Renegotiation Issue Resolved

    For more information, please see the TLS Renegotiation Issue README.

    Related information on the solution to the TLS Renegotiation issue:

    Bug Fixes
    This release contains fixes for security vulnerabilities. For more information, please see Oracle Java SE and Java for Business Critical Patch Update advisory.

     

    Other Bug Fixes

    BugId Category Subcategory Description
    6897143 hotspot garbage_collector Stress test crashes during HeapInspection using ParallelGC
    6919638 hotspot garbage_collector CMS: ExplicitGCInvokesConcurrent misinteracts with gc locker
    6837842 hotspot jni JNI_CreateJavaVM crashes under impersonation
    6948223 idl orb Corba issue, fail to reload object
    6969236 java build Regression: JRE identification fails due to Oracle rebranding in java.exe
    6893325 java classes_awt JComboBox and dragging to an item outside the bounds of the containing JFrame is not selecting that
    6974093 java classes_lang Thread.clone should NOT invoke addUnstarted on started threads
    6959911 java classes_security Update Entrust.net CA (2048) root and add new Entrust Root CA-G2
    6725789 java classes_util_concurrent ScheduledExecutorService does not work as expected in jdk7/6/5
    6547241 java imageio JPEGImageReader.readImage crash
    6557086 java imageio Attempt to dispose jpeg reader form another thread may cause crash
    6944981 java_deployment general Name field missing in mix code security warning dialog for Java Webstart application
    6869937 java_plugin plugin2 New Plugin - Vista&XP Focus never returned to browser
    6846148 jaxb-xsd runtime Namespace gets lost for null scope while using RetQName
    6946312 jaxp sax XML parser omits characters callback to ContentHandler since 6u18
    6957378 jmx classes JMX memory leak