Java Logo


 


Java SE 6 Advanced and Java SE 6 Support
(formerly known as Java SE for Business 6)
Release Notes


Documentation

The Java SE 6 Advanced is based on the current Java Platform, Standard Edition 6.

For more information on installation and licensing of Java Suite and Java SE Advanced, please visit Java SE Products Overview.

Information on Java SE Support can be found here.

See the following links to release notes including bug fixes, installation information, required licenses, supported configurations, and documentation links contained in this page.


Changes in Java SE 6u161 b31

 

Please note that fixes from prior BPR (6u151 b32) are included in this version.


Java™ SE Development Kit 6, Update 161 (JDK 6u161)

July 18, 2017

The full version string for this update release is 1.6.0_161-b13 (where "b" means "build"). The version number is 6u151.

IANA Data 2017b

JDK 6u161 contains IANA time zone data version 2017b. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u161 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_161-b13


Known Issues


deploy/webstart
JAR file validation changes

After upgrading to the JDK July CPU release (8u141/7u151/6u161), when executing Java Webstart applications, customers may encounter an exception like
“java.lang.SecurityException: digest missing for …” that prevents the application from loading.

The issue is observed in signed JAR files whose manifest contains package version information[1] and does not have a trailing "/" in the name of the package (e.g.: Name: org/apache/xml/resolver). While we work towards resolving this issue, in the interim, users can work-around the issue as follows:

NOTE: We recommend use of this workaround only if the distributor of the JAR files can "re-sign" the JAR files.


1. Extract the contents of the signed JAR file (e.g.: jar xf jar-file ).
2. Modify META-INF/MANIFEST.MF file and add a trailing “/” to the name of the package ( e.g.: Name: org/apache/xml/resolver/).
3. Remove the current signature files ( e.g.: rm -f META-INF/*.SF META-INF/*.RSA META-INF/*.DSA ).
4. Recreate the JAR file ( e,g.: jar cfm jar-file META-INF/MANIFEST.MF input-file(s) ).

NOTE: You must use the jar utility. Do not use other JAR creation tools.

5. Re-sign the JAR file.

[1] https://docs.oracle.com/javase/8/docs/technotes/guides/versioning/spec/versioning2.html#wp91706

 

See JDK-8184993


New Features


security-libs/java.security
Disable SHA-1 TLS Server Certificates

Any TLS server certificate chain containing a SHA-1 certificate (end-entity or intermediate CA) and anchored by a root CA certificate included by default in Oracle's JDK is now blocked by default. TLS Server certificate chains that are anchored by enterprise or private CAs are not affected. Only X.509 certificate chains that are validated by the PKIX implementation of the CertPathValidator and CertPathBuilder APIs and the SunX509 and PKIX implementations of the TrustManagerFactory API are subject to the restrictions. Third-party implementations of these APIs are directly responsible for enforcing their own restrictions.

To implement this restriction and provide more flexibility for configuring your own restrictions, additional features have been added to the jdk.certpath.disabledAlgorithms and jdk.jar.disabledAlgorithms Security Properties in the java.security file, as follows:

  • jdk.certpath.disabledAlgorithms:

    Three new constraints have been added to this Security Property:

    A new constraint named jdkCA, that when set, restricts the algorithm if it is used in a certificate chain that is anchored by a trust anchor that is pre-installed in the JDK cacerts keystore. This condition does not apply to certificate chains that are anchored by other certificates, including those that are subsequently added to the cacerts keystore. Also, note that the restriction does not apply to trust anchor certificates, since they are directly trusted.

    A new constraint named denyAfter, that when set, restricts the algorithm if it is used in a certificate chain after the specified date. The restriction does not apply to trust anchor certificates, since they are directly trusted. Also, code signing certificate chains as used in signed JARs are treated specially as follows:

    • if the certificate chain is used with a signed JAR that is not timestamped, it will be restricted after the specified date

    • if the certificate chain is used with a signed JAR that is timestamped, it will not be restricted if it is timestamped before the specified date. If the JAR is timestamped after the specified date, it will be restricted.

    A new constraint named usage, that when set, restricts the algorithm if it is used in a certificate chain for the specified use(s). Three usages are initially supported: TLSServer for TLS/SSL server certificate chains, TLSClient for TLS/SSL client certificate chains, and SignedJAR for certificate chains used with signed JARs.

Multiple constraints can be combined to constrain an algorithm when delimited by '&'. For example, to disable SHA-1 TLS Server certificate chains that are anchored by pre-installed root CAs, the constraint is "SHA1 jdkCA & usage TLSServer".

  • jdk.jar.disabledAlgorithms:

    A new constraint has been added named denyAfter, that when set, restricts the algorithm if it is used in a signed JAR after the specified date, as follows:

    • if the JAR is not timestamped, it will be restricted (treated as unsigned) after the specified date

    • if the JAR is timestamped, it will not be restricted if it is timestamped before the specified date. If the JAR is timestamped after the specified date, it will be restricted.

    For example, to restrict SHA1 in JAR files signed after January 1st 2018, add the following to the property: "SHA1 denyAfter 2018-01-01". The syntax is the same as the certpath property, however certificate checking will not be performed by this property.


See JDK-8176536


Changes


core-svc/java.lang.management
JMX Diagnostic improvements

com.sun.management.HotSpotDiagnostic::dumpHeap API is modified to throw IllegalArgumentException if the supplied file name does not end with “.hprof” suffix. Existing applications which do not provide a file name ending with the “.hprof” extension will fail with IllegalArgumentException. In that case, applications can either choose to handle the exception or restore old behaviour by setting system property 'jdk.management.heapdump.allowAnyFileSuffix' to true.

JDK-8176055 (not public)


security-libs/java.security
Message digest algorithm for jarsigner -tsadigestalg option now defaults to SHA-256

If not specified, the message digest algorithm for the -tsadigestalg option of jarsigner will default to SHA-256 (previously it was SHA-1). The -tsadigestalg option specifies the message digest algorithm that is used to generate the message imprint to be sent to the TSA server.

See JDK-8177674


xml/jax-ws
Tighter secure checks on processing WSDL files by wsimport tool

The wsimport tool has been changed to disallow DTDs in Web Service descriptions, specifically:

  • DOCTYPE declaration is disallowed in documents
  • External general entities are not included by default
  • External parameter entities are not included by default
  • External DTDs are completely ignored

To restore the previous behavior:

  • Set the System property com.sun.xml.internal.ws.disableXmlSecurity to true
  • Use the wsimport tool command line option –disableXmlSecurity
    NOTE: JDK 7 and JDK 6 support for this option in wsimport will be provided via a Patch release post July CPU
JDK-8182054 (not public)


Bug Fixes


This release contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 6u161 Bug Fixes page.




Changes in Java SE 6u151 b32

 

Bug Fixes

BugId Category Subcategory Description
8175251 security-libs java.security Failed to load RSA private key from pkcs12
8177838
(Confidential)
security-libs java.security TestDSAModifiedSignatures.java fails with NPE after the bug fix
8177449 core-libs java.time (tz) Support tzdata2017b

Changes in Java SE 6u151 b31

 

Please note that fixes from prior BPR (6u141 b32) are included in this version.


Java™ SE Development Kit 6, Update 151 (JDK 6u151)

The full version string for this update release is 1.6.0_151-b10 (where "b" means "build"). The version number is 6u151.

IANA Data 2017a

JDK 6u151 contains IANA time zone data version 2017a. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u151 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_151-b10

 

Changes


security-libs/java.security
MD5 added to jdk.jar.disabledAlgorithms Security property
This JDK release introduces a new restriction on how MD5 signed JAR files are verified. If the signed JAR file uses MD5, signature verification operations will ignore the signature and treat the JAR as if it were unsigned. This can potentially occur in the following types of applications that use signed JAR files:

  • Applets or Web Start Applications
  • Standalone or Server Applications that are run with a SecurityManager enabled and are configured with a policy file that grants permissions based on the code signer(s) of the JAR file.

The list of disabled algorithms is controlled via the security property, jdk.jar.disabledAlgorithms, in the java.security file. This property contains a list of disabled algorithms and key sizes for cryptographically signed JAR files.

To check if a weak algorithm or key was used to sign a JAR file, one can use the jarsigner binary that ships with this JDK. Running "jarsigner -verify" on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key.

For example, to check a JAR file named test.jar, use the following command:

jarsigner -verify test.jar

If the file in this example was signed with a weak signature algorithm like MD5withRSA, the following output would be displayed:

The jar will be treated as unsigned, because it is signed with a weak algorithm that is now disabled. Re-run jarsigner with the -verbose option for more details.

More details can be displayed by using the verbose option:

jarsigner -verify -verbose test.jar

The following output would be displayed:
- Signed by "CN=weak_signer" 
    Digest algorithm: MD5 (weak) 
    Signature algorithm: MD5withRSA (weak), 512-bit key (weak) 
  Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016 
    Timestamp digest algorithm: SHA-256 
    Timestamp signature algorithm: SHA256withRSA, 2048-bit key

To address the issue, the JAR file will need to be re-signed with a stronger algorithm or key size. Alternatively, the restrictions can be reverted by removing the applicable weak algorithms or key sizes from the jdk.jar.disabledAlgorithms security property; however, this option is not recommended. Before re-signing affected JARs, the existing signature(s) should be removed from the JAR file. This can be done with the .zip utility, as follows:

zip -d test.jar 'META-INF/.SF' 'META-INF/.RSA' 'META-INF/*.DSA'

Please periodically check the Oracle JRE and JDK Cryptographic Roadmap at http://java.com/cryptoroadmap for planned restrictions to signed JARs and other security components.
JDK-8171121 (not public)

 

 

core-libs/java.net
New system property to control caching for HTTP SPNEGO connection.
A new JDK implementation specific system property to control caching for HTTP SPNEGO (Negotiate/Kerberos) connections is introduced. Caching for HTTP SPNEGO connections remains enabled by default, so if the property is not explicitly specified, there will be no behavior change.

When connecting to an HTTP server that uses SPNEGO to negotiate authentication, and when connection and authentication with the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP server using SPNEGO usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP SPNEGO (Negotiate/Kerberos) protocol in order to force requesting new authentication with each new request to the server.

With this change, we now provide a new system property that allows control of the caching policy for HTTP SPNEGO connections. If jdk.spnego.cache is defined and evaluates to false, then all caching will be disabled for HTTP SPNEGO connections. Setting this system property to false may, however, result in undesirable side effects:

  • Performance of HTTP SPNEGO connections may be severely impacted as the connection will need to be re-authenticated with each new request, requiring several communication exchanges with the server.
  • Credentials will need to be obtained again for each new request, which, depending on whether transparent authentication is available or not, and depending on the global Authenticator implementation, may result in a popup asking the user for credentials for every new request.
JDK-8170814 (not public)


core-libs/java.net
New system property to control caching for HTTP NTLM connection.
A new JDK implementation specific system property to control caching for HTTP NTLM connection is introduced. Caching for HTTP NTLM connection remains enabled by default, so if the property is not explicitly specified, there will be no behavior change.

On some platforms, the HTTP NTLM implementation in the JDK can support transparent authentication, where the system user credentials are used at system level. When transparent authentication is not available or unsuccessful, the JDK only supports getting credentials from a global authenticator. If connection to the server is successful, the authentication information will then be cached and reused for further connections to the same server. In addition, connecting to an HTTP NTLM server usually involves keeping the underlying connection alive and reusing it for further requests to the same server. In some applications, it may be desirable to disable all caching for the HTTP NTLM protocol in order to force requesting new authentication with each new requests to the server.

With this change, we now provide a new system property that allows control of the caching policy for HTTP NTLM connections. If jdk.ntlm.cache is defined and evaluates to false, then all caching will be disabled for HTTP NTLM connections. Setting this system property to false may, however, result in undesirable side effects:

  • Performance of HTTP NTLM connections may be severely impacted as the connection will need to be re-authenticated with each new request, requiring several communication exchanges with the server.
  • Credentials will need to be obtained again for each new request, which, depending on whether transparent authentication is available or not, and depending on the global Authenticator implementation, may result in a popup asking the user for credentials for every new request.
JDK-8163520 (not public)


Bug Fixes


The following are some of the notable bug fixes included in this release:

security-libs/javax.net.ssl
Correction of IllegalArgumentException from TLS handshake
A recent issue from the JDK-8173783 fix can cause issue for some TLS servers. The problem originates from an IllegalArgumentException thrown by the TLS handshaker code:

java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves

The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified.
See JDK-8173783


This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 6u151 Bug Fixes page.




Changes in Java SE 6u141 b32

 

Bug Fixes

BugId Category Subcategory Description
8173783 security-libs javax.net.ssl IllegalArgumentException: jdk.tls.namedGroups

Correction of IllegalArgumentException from TLS handshake
A recent issue from the JDK-8173783 fix can cause issue for some TLS servers. The problem originates from an IllegalArgumentException thrown by the TLS handshaker code:

java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves

The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified.
See JDK-8173783

 



Changes in Java SE 6u141 b31

 

Please note that fixes from prior BPR (6u131 b32) are included in this version.


Java™ SE Development Kit 6, Update 141 (JDK 6u141)

The full version string for this update release is 1.6.0_141-b12 (where "b" means "build"). The version number is 6u141.

IANA Data 2016i

JDK 6u141 contains IANA time zone data version 2016i. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u141 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_141-b12

 

Notes


core-libs/javax.naming
Improved protection for JNDI remote class loading
Remote class loading via JNDI object factories stored in naming and directory services is disabled by default. To enable remote class loading by the RMI Registry or COS Naming service provider, set the following system property to the string "true", as appropriate:

    com.sun.jndi.rmi.object.trustURLCodebase
    com.sun.jndi.cosnaming.object.trustURLCodebase
JDK-8158997 (not public)


security-libs/java.security
jarsigner -verbose -verify should print the algorithms used to sign the jar
The jarsigner tool has been enhanced to show details of the algorithms and keys used to generate a signed JAR file and will also provide an indication if any of them are considered weak.

Specifically, when jarsigner -verify -verbose filename.jar is called, a separate section is printed out showing information of the signature and timestamp (if it exists) inside the signed JAR file, even if it is treated as unsigned for various reasons. If any algorithm or key used is considered weak, as specified in the Security property jdk.jar.disabledAlgorithms, it will be labeled with "(weak)".

For example:

- Signed by "CN=weak_signer"
   Digest algorithm: MD2 (weak) 
   Signature algorithm: MD2withRSA (weak), 512-bit key (weak)
 Timestamped by "CN=strong_tsa" on Mon Sep 26 08:59:39 CST 2016
   Timestamp digest algorithm: SHA-256 
   Timestamp signature algorithm: SHA256withRSA, 2048-bit key 
See JDK-8163304

 


New Features


security-libs/javax.xml.crypto
Added security property to configure XML Signature secure validation mode
A new security property named jdk.xml.dsig.secureValidationPolicy has been added that allows you to configure the individual restrictions that are enforced when the secure validation mode of XML Signature is enabled. The default value for this property in the java.security configuration file is:

jdk.xml.dsig.secureValidationPolicy=\
    disallowAlg http://www.w3.org/TR/1999/REC-xslt-19991116,\
    disallowAlg http://www.w3.org/2001/04/xmldsig-more#rsa-md5,\
    disallowAlg http://www.w3.org/2001/04/xmldsig-more#hmac-md5,\
    disallowAlg http://www.w3.org/2001/04/xmldsig-more#md5,\
    maxTransforms 5,\
    maxReferences 30,\
    disallowReferenceUriSchemes file http https,\
    noDuplicateIds,\
    noRetrievalMethodLoops
Please refer to the definition of the property in the java.security file for more information.
See JDK-8151893
 
 

core-libs/java.io:serialization
Serialization Filter Configuration
Serialization Filtering introduces a new mechanism which allows incoming streams of object-serialization data to be filtered in order to improve both security and robustness. Every ObjectInputStream applies a filter, if configured, to the stream contents during deserialization. Filters are set using either a system property or a configured security property. The value of the jdk.serialFilter patterns are described in JEP 290 Serialization Filtering and in <JRE>/lib/security/java.security. Filter actions are logged to the java.io.serialization logger, if enabled.
See JDK-8155760



core-libs/java.rmi
RMI Better constraint checking
RMI Registry and Distributed Garbage Collection use the mechanisms of JEP 290 Serialization Filtering to improve service robustness. RMI Registry and DGC implement built-in white-list filters for the typical classes expected to be used with each service. Additional filter patterns can be configured using either a system property or a security property. The sun.rmi.registry.registryFilter and sun.rmi.transport.dgcFilter property pattern syntax is described in JEP 290 and in <JRE>/lib/security/java.security.
JDK-8156802 (not public)



security-libs
Add mechanism to allow non-default root CAs to not be subject to algorithm restrictions

*New certpath constraint: jdkCA*
In the java.security file, an additional constraint named jdkCA is added to the jdk.certpath.disabledAlgorithms property. This constraint prohibits the specified algorithm only if the algorithm is used in a certificate chain that terminates at a marked trust anchor in the lib/security/cacerts keystore. If the jdkCA constraint is not set, then all chains using the specified algorithm are restricted. jdkCA may only be used once in a DisabledAlgorithm expression.

Example: To apply this constraint to SHA-1 certificates, include the following:

SHA1 jdkCA


See See JDK-8140422



Changes


security-libs/javax.net.ssl
Make 3DES as a legacy algorithm in the JSSE provider
For SSL/TLS/DTLS protocols, the security strength of 3DES cipher suites is not sufficient for persistent connections. By adding 3DES_EDE_CBC to the jdk.tls.legacyAlgorithms security property by default in JDK, 3DES cipher suites will not be negotiated unless there are no other candidates during the establishing of SSL/TLS/DTLS connections.

At their own risk, applications can update this restriction in the security property (jdk.tls.legacyAlgorithms) if 3DES cipher suites are really preferred.
JDK-8165071 (not public)



security-libs/javax.net.ssl
Improve the default strength of EC in JDK
To improve the default strength of EC cryptography, EC keys less than 224 bits have been deactivated in certification path processing (via the jdk.certpath.disabledAlgorithms Security Property) and SSL/TLS connections (via the jdk.tls.disabledAlgorithms Security Property) in JDK. Applications can update this restriction in the Security Properties and permit smaller key sizes if really needed (for example, "EC keySize < 192"). EC curves less than 256 bits are removed from the SSL/TLS implementation in JDK. The new System Property, jdk.tls.namedGroups, defines a list of enabled named curves for EC cipher suites in order of preference. If an application needs to customize the default enabled EC curves or the curves preference, please update the System Property accordingly. For example:

 

    jdk.tls.namedGroups="secp256r1, secp384r1, secp521r1"

 

Note that the default enabled or customized EC curves follow the algorithm constraints. For example, the customized EC curves cannot re-activate the disabled EC keys defined by the Java Security Properties.
See JDK-8148516



tools/javadoc(tool)
New --allow-script-in-comments option for javadoc
The javadoc tool will now reject any occurrences of JavaScript code in the javadoc documentation comments and command-line options, unless the command-line option, --allow-script-in-comments is specified.

With the --allow-script-in-comments option, the javadoc tool will preserve JavaScript code in documentation comments and command-line options. An error will be given by the javadoc tool if JavaScript code is found and the command-line option is not set.
JDK-8138725 (not public)




security-libs/javax.xml.crypto

Increase the minimum key length to 1024 for XML Signatures
The secure validation mode of the XML Signature implementation has been enhanced to restrict RSA and DSA keys less than 1024 bits by default as they are no longer secure enough for digital signatures. Additionally, a new security property named jdk.xml.dsig.SecureValidationPolicy has been added to the java.security file and can be used to control the different restrictions enforced when the secure validation mode is enabled.

The secure validation mode is enabled either by setting the xml signature property org.jcp.xml.dsig.secureValidation to true with the javax.xml.crypto.XMLCryptoContext.setProperty method, or by running the code with a SecurityManager.

If an XML Signature is generated or validated with a weak RSA or DSA key, an XMLSignatureException will be thrown with the message, "RSA keys less than 1024 bits are forbidden when secure validation is enabled" or "DSA keys less than 1024 bits are forbidden when secure validation is enabled".
JDK-8140353 (not public)



docs/release_notes
Restrict certificates with DSA keys less than 1024 bits.
DSA keys less than 1024 bits are not strong enough and should be restricted in certification path building and validation. Accordingly, DSA keys less than 1024 bits have been deactivated by default by adding "DSA keySize < 1024" to the jdk.certpath.disabledAlgorithms security property. Applications can update this restriction in the security property (jdk.certpath.disabledAlgorithms) and permit smaller key sizes if really needed (for example, "DSA keySize < 768").
JDK-8139565 (not public)



core-libs/java.net
Additional access restrictions for URLClassLoader.newInstance
Class loaders created by the java.net.URLClassLoader.newInstance methods can be used to load classes from a list of given URLs. If the calling code does not have access to one or more of the URLs, and the URL artifacts that can be accessed do not contain the required class, then a ClassNotFoundException, or similar, will be thrown. Previously, a SecurityException would have been thrown when access to a URL was denied. If required to revert to the old behavior, this change can be disabled by setting the jdk.net.URLClassPath.disableRestrictedPermissions system property.
JDK-8151934 (not public)



security-libs/javax.net.ssl
Add TLS v1.1 and v1.2 to the client list of default-enabled protocols
TLSv1.2 and TLSv1.1 are now enabled by default on the TLS client end-points. This is similar behavior to what already happens in JDK 8 releases.

See details from crypto roadmap for more details.
See JDK-7093640



security-libs
More checks added to DER encoding parsing code
More checks are added to the DER encoding parsing code to catch various encoding errors. In addition, signatures which contain constructed indefinite length encoding will now lead to IOException during parsing. Note that signatures generated using JDK default providers are not affected by this change.
JDK-8168714 (not public)



Bug Fixes


This release contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 6u141 Bug Fixes page.



Known Issues


security-libs/javax.net.ssl
IllegalArgumentException from TLS handshake
A recent issue from the JDK-8148516 fix can cause issue for some TLS servers. The problem originates from an *IllegalArgumentException* thrown by the TLS handshaker code:

java.lang.IllegalArgumentException: System property jdk.tls.namedGroups(null) contains no supported elliptic curves

The issue can arise when the server doesn't have elliptic curve cryptography support to handle an elliptic curve name extension field (if present). Users are advised to upgrade to this release. By default, JDK 7 Updates and later JDK families ship with the SunEC security provider which provides elliptic curve cryptography support. Those releases should not be impacted unless security providers are modified.
See JDK-8173783




Changes in 6u131 b32

 

Bug Fixes

BugId Category Subcategory Description
8163164
(Confidential)
install install [Verify Failed] 6u131 Command Line install fails w/ Win msiexec usage popup, if space in path

Changes in Java SE 6u131 b31

 

Please note that fixes from prior BPR (6u121 b31) are included in this version.

Bug Fixes

BugId Category Subcategory Description
8166875 core-libs java.time (tz) Support tzdata2016g

Java™ SE Development Kit 6, Update 131 (JDK 6u131)

October 18, 2016

The full version string for this update release is 1.6.0_131-b14 (where "b" means "build"). The version number is 6u131.

IANA Data 2016f

JDK 6u131 contains IANA time zone data version 2016f. For more information, refer to Timezone Data Versions in the JRE Software.
See JDK-8159684

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u131 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_131-b14

 

Certificate Changes


New JCE Code Signing Root CA
In order to support longer key lengths and stronger signature algorithms, a new JCE Provider Code Signing root certificate authority has been created and its certificate added to Oracle JDK. New JCE provider code signing certificates issued from this CA will be used to sign JCE providers at a date in the near future. By default, new requests for JCE provider code signing certificates will be issued from this CA.

Existing certificates from the current JCE provider code signing root will continue to validate. However, this root CA may be disabled at some point in the future. We recommend that new certificates be requested and existing provider JARs be re-signed.

For details on the JCE provider signing process, please refer to the How to Implement a Provider in the Java Cryptography Architecture documentation.
JDK-8141340 (not public)



Changes


client-libs/java.awt
Service Menu services
The lifecycle management of AWT menu components exposed problems on certain platforms. This fix improves state synchronization between menus and their containers.
JDK-8158993 (not public)



core-libs/java.net
Disable Basic authentication for HTTPS tunneling
In some environments certain authentication schemes may be undesirable when proxying HTTPS. Accordingly, the Basic authentication scheme has been deactivated, by default, in the Oracle Java Runtime, by adding Basic to the jdk.http.auth.tunneling.disabledSchemes networking property in the net.properties file. Now, proxies requiring Basic authentication when setting up a tunnel for HTTPS will no longer succeed by default. If required, this authentication scheme can be reactivated by removing Basic from the jdk.http.auth.tunneling.disabledSchemes networking property, or by setting a system property of the same name to "" ( empty ) on the command line.

Additionally, the jdk.http.auth.tunneling.disabledSchemes and jdk.http.auth.proxying.disabledSchemes networking properties, and system properties of the same name, can be used to disable other authentication schemes that may be active when setting up a tunnel for HTTPS, or proxying plain HTTP, respectively.
JDK-8160838 (not public)



security-libs/java.security
Restrict JARs signed with weak algorithms and keys
This JDK release introduces new restrictions on how signed JAR files are verified. If the signed JAR file uses a disabled algorithm or key size less than the minimum length, signature verification operations will ignore the signature and treat the JAR file as if it were unsigned. The list of disabled algorithms is controlled via a new security property, jdk.jar.disabledAlgorithms, in the java.security file. This property contains a list of disabled algorithms and key sizes for cryptographically signed JAR files.

The following algorithms and key sizes are restricted in this release:

  1. MD2 (in either the digest or signature algorithm)
  2. RSA keys less than 1024 bits 

NOTE: We are planning to restrict MD5-based signatures in signed JARs in the April 2017 CPU.

To check if a weak algorithm or key was used to sign a JAR file, you can use the jarsigner binary that ships with this JDK. Running jarsigner -verify -J-Djava.security.debug=jar on a JAR file signed with a weak algorithm or key will print more information about the disabled algorithm or key.

For example, to check a JAR file named test.jar, use the following command:
jarsigner -verify -J-Djava.security.debug=jar test.jar

If the file in this example was signed with a weak signature algorithm like MD2withRSA, the following output would be displayed:
jar: beginEntry META-INF/my_sig.RSA
jar: processEntry: processing block
jar: processEntry caught: java.security.SignatureException: Signature check failed. Disabled algorithm used: MD2withRSA
jar: done with meta!

The updated jarsigner command will exit with the following warning printed to standard output:
"Signature not parsable or verifiable. The jar will be treated as unsigned. The jar may have been signed with a weak algorithm that is now disabled. For more information, rerun jarsigner with debug enabled (-J-Djava.security.debug=jar)"

To address the issue, the JAR file will need to be re-signed with a stronger algorithm or key size.
Alternatively, the restrictions can be reverted by removing the applicable weak algorithms or key sizes from the jdk.jar.disabledAlgorithms security property; however, this option is not recommended. Before re-signing affected JAR files, the existing signature(s) should be removed from the JAR. This can be done with the zip utility, as follows:

zip -d test.jar 'META-INF/*.SF' 'META-INF/*.RSA' 'META-INF/*.DSA'

Please periodically check the Oracle JRE and JDK Cryptographic Roadmap at http://java.com/cryptoroadmap for planned restrictions to signed JAR files and other security components. In particular, please note the current plan is to restrict MD5-based signatures in signed JAR files in the April 2017 CPU.

To test if your JARs have been signed with MD5, add MD5 to the jdk.jar.disabledAlgorithms security property, ex:

jdk.jar.disabledAlgorithms=MD2, MD5, RSA keySize < 1024

and then run jarsigner -verify -J-Djava.security.debug=jar on your JAR files as described above.
JDK-8155973 (not public)



Bug Fixes


This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory. For a more complete list of the bug fixes included in this release, see the JDK 6u131 Bug Fixes page.


Changes in Java SE 6u121 b31

 

Please note that fixes from prior BPR (6u115 b32) are included in this version.

Bug Fixes

BugId Category Subcategory Description
7008595 core-libs java.net Class loader leak caused by keepAliveTimer thread in KeepAliveCache

Java™ SE Development Kit 6, Update 121 (JDK 6u121)

July 19, 2016

The full version string for this update release is 1.6.0_121-b09 (where "b" means "build"). The version number is 6u121.

IANA Data 2016d

JDK 6u121 contains IANA time zone data version 2016d. For more information, refer to Timezone Data Versions in the JRE Software.
See JDK-8151876

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u121 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_121-b09

 

Certificate Changes


Comodo Root CA removed
The Comodo "UTN - DATACorp SGC" root CA certificate has been removed from the cacerts file.
See JDK-8141540


Sonera Class1 CA Removed
The "Sonera Class1 CA" root CA certificate has been removed from the cacerts file.
See JDK-8141276



Enhancements


security-libs/javax.net.ssl
TLS v1.2 support now available
TLS v1.2 is now a TLS protocol option with the release of JDK 6u121. By default, TLSv1.0 will remain the default enabled protocol on client sockets.

As an example, both the TLSv1.1 and TLSv1.2 protocols can be enabled for use on SSL/TLS connections via SSLSocket/SSLEngine/SSLServerSocket APIs:
e.g.
sslSocket.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2"});

or by setting up and using a TLSv1.2 based SSLContext :
e.g.
SSLContext ctx = SSLContext.getInstance("TLSv1.2");

or by using the SSLParameters API:
e.g.
sslParameters.setProtocols(new String[] {"TLSv1.1", "TLSv1.2"});

The new jdk.tls.client.protocols System Property may also be used to control the protocols in use for a TLS connection (JDK-8151183).
One may launch their application with this property. E.g. java -Djdk.tls.client.protocols="TLSv1.2" will enable only TLSv1.2 on client SSLSockets.

Note that protocol versions specified via the new jdk.tls.client.protocols property will suppress any value set via the jdk.tls.client.enableSSLv2Hello property. SSLv2Hello can be passed to the jdk.tls.client.protocols value if necessary.
See JDK-8133817



security-libs/javax.net.ssl
Server Name Indication (SNI) extension support
Support for the Server Name Indication (SNI) extension has been added to the JSSE client in the SunJSSE provider. See the JSSE ReferenceGuide for details.
See JDK-6985179



security-libs/javax.net.ssl
jdk.tls.client.protocols system property added to JDK 6u
The jdk.tls.client.protocols system property is now available with the release of JDK 6u121. This property was originally introduced in JDK 8 and behaves in the same way. See JSSE UserGuide
JDK-8151159 (not public)



Changes


other-libs/corba
Improve access control to javax.rmi.CORBA.ValueHandler
The javax.rmi.CORBA.Util class provides methods that can be used by stubs and ties to perform common operations. It also acts as a factory for ValueHandlers. The javax.rmi.CORBA.ValueHandler interface provides services to support the reading and writing of value types to GIOP streams. The security awareness of these utilities has been enhanced with the introduction of a permission java.io.SerializablePermission("enableCustomValueHanlder"). This is used to establish a trust relationship between the users of the javax.rmi.CORBA.Util and javax.rmi.CORBA.ValueHandler APIs.

The required permission is "enableCustomValueHanlder" SerializablePermission. Third party code running with a SecurityManager installed, but not having the new permission while invoking Util.createValueHandler(), will fail with an AccessControlException.

This permission check behaviour can be overridden, in JDK8u and previous releases, by defining a system property, "jdk.rmi.CORBA.allowCustomValueHandler".

As such, external applications that explicitly call javax.rmi.CORBA.Util.createValueHandler require a configuration change to function when a SecurityManager is installed and neither of the following two requirements is met:

1. The java.io.SerializablePermission("enableCustomValueHanlder") is not granted by SecurityManager.

2. In the case of applications running on JDK8u and before, the system property "jdk.rmi.CORBA.allowCustomValueHandler" is either not defined or is defined equal to "false" (case insensitive).

Please note that the "enableCustomValueHanlder" typo will be corrected in the October 2016 releases. In those and future JDK releases, "enableCustomValueHandler" will be the correct SerializationPermission to use.
JDK-8079718 (not public)



security-libs/javax.net.ssl
Disable MD5withRSA signature algorithm in the JSSE provider
The MD5withRSA signature algorithm is now considered insecure and should no longer be used. Accordingly, MD5withRSA has been deactivated by default in the Oracle JSSE implementation by adding "MD5withRSA" to the jdk.tls.disabledAlgorithms security property. Now, both TLS handshake messages and X.509 certificates signed with MD5withRSA algorithm are no longer acceptable by default. This change extends the previous MD5-based certificate restriction (jdk.certpath.disabledAlgorithms) to also include handshake messages in TLS version 1.2. If required, this algorithm can be reactivated by removing "MD5withRSA" from the jdk.tls.disabledAlgorithms security property.
JDK-8144773 (not public)



security-libs/java.security
Support added to jarsigner for specifying timestamp hash algorithm
A new -tsadigestalg option is added to jarsigner to specify the message digest algorithm that is used to generate the message imprint to be sent to the TSA server. In older JDK releases, the message digest algorithm used was SHA-1. If this new option is not specified, SHA-256 will be used on JDK 7 Updates and later JDK family versions. On JDK 6 Updates, SHA-1 will remain the default but a warning will be printed to the standard output stream.
See JDK-8038837



security-libs/java.security
DomainCombiner will no longer consult runtime policy for static ProtectionDomain objects when combining ProtectionDomain objects
Applications which use static ProtectionDomain objects (created using the 2-arg constructor) with an insufficient set of permissions may now get an AccessControlException with this fix. They should either replace the static ProtectionDomain objects with dynamic ones (using the 4-arg constructor) whose permission set will be expanded by the current Policy or construct the static ProtectionDomain object with all the necessary permissions.
JDK-8147771 (not public)



Bug Fixes

The following are some of the notable bug fixes included in this release:


security-libs/javax.net.ssl
Fix to resolve "Unable to process PreMasterSecret, may be too big" issue
Recent JDK updates introduced an issue for applications that depend on having a delayed provider selection mechanism. The issue was introduced in
JDK 8u71, JDK 7u95, and JDK 6u111. The main error seen corresponded to an exception like the following:

handling exception: javax.net.ssl.SSLProtocolException: Unable to process PreMasterSecret, may be too big

See JDK-8149017

This release also contains fixes for security vulnerabilities described in the Oracle Java SE Critical Patch Update Advisory.  For a more complete list of the bug fixes included in this release, see the JDK 6u121 Bug Fixes page.


Java SE 6 Advanced - Bundled Patch Release (BPR) - Bug Fixes and Updates


The following tables summarize changes made in all Java SE 6 Advanced BPR. Bug fixes and any other changes are listed below in date order, most current BPR first. Note that bug fixes in previous BPR are also included in the current BPR.

To determine the version of your JDK software, use the following command:

java -version


  • The OS, processor architecture, server, and other hardware in use must be supported by the virtualization product.
As of Java for Business 6u16, support is available for VirtualBox, Solaris Containers and Solaris LDOMs. 

Changes in 6u115 b32


TLS v1.2 support now available

TLS v1.2 is now a TLS protocol option with this release. By default, TLSv1.0 will remain the default enabled protocol on client sockets.

As an example, both the TLSv1.1 and TLSv1.2 protocols can be enabled for use on SSL/TLS connections via SSLSocket/SSLEngine/SSLServerSocket APIs:

```
e.g.
sslSocket.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2"});
or by setting up and using a TLSv1.2 based SSLContext:
e.g.
SSLContext ctx = SSLContext.getInstance("TLSv1.2");
or by using the SSLParameters API:
e.g.
sslParameters.setProtocols(new String[] {"TLSv1.1", "TLSv1.2"});

```

The new jdk.tls.client.protocols System Property may also be used to control the protocols in use for a TLS connection. (JDK-8151183)
One may launch their application with this property. E.g. java -Djdk.tls.client.protocols="TLSv1.2" will enable only TLSv1.2 on client SSLSockets.

Note that protocol versions specified via the new jdk.tls.client.protocols property will suppress any value set via the jdk.tls.client.enableSSLv2Hello property. SSLv2Hello can be passed to the jdk.tls.client.protocols value if necessary.

Bug Fixes

BugId Category Subcategory Description
7146728 security-libs javax.crypto Inconsistent length for the generated secret using DH key agreement impl from SunJCE and PKCS11
8014618 security-libs javax.net.ssl Need to strip leading zeros in TlsPremasterSecret of DHKeyAgreement
5067458 security-libs javax.net.ssl Loopback SSLSocketImpl createSocket is throwing an exception.
7142172 security-libs javax.net.ssl Custom X509TrustManagers that return null for getAcceptedIssuers will NPE.
7113275 security-libs javax.net.ssl compatibility issue with MD2 trust anchor and old X509TrustManager
6996367 security-libs javax.net.ssl improve HandshakeHash
7027797 security-libs javax.net.ssl take care of ECDH_anon/DH_anon server key exchange for TLS 1.2
8076369 security-libs javax.net.ssl Introduce the jdk.tls.client.protocols system property for JDK 7u
6985179 security-libs javax.net.ssl To support Server Name Indication extension for JSSE client
8149377
(Confidential)
deploy plugin Include TLSv1.2 option in JDK 6 control panel
8133817
(Confidential)
security-libs javax.net.ssl Backport TLSv1.2 to JDK 6u
8151833
(Confidential)
security-libs javax.net.ssl testSSLContext_Protocol_TLSv12 test fails with jdk6 TLSv1.2-2016_03_11 build
8150684
(Confidential)
security-libs javax.net.ssl TLSv1.2 PIT testing :DH (Diffie-Hellman) key exchanging tests are failing
8151504
(Confidential)
security-libs javax.net.ssl JSSE/Interop/https/TestHttpsFalseHostnameVerifier test fails with jdk6 TLSv1.2
8151559
(Confidential)
security-libs javax.net.ssl TLSv1.2 PIT testing CheckCipherSuites.java failing on Solaris

 


Changes in 6u115 b31

 

Please note that fixes from prior BPR (6u105 b31) are included in this version.

Bug Fixes

BugId Category Subcategory Description
8149017 security-libs javax.net.ssl Delayed provider selection broken in RSA client key exchange.

 



Java™ SE Development Kit 6, Update 115 (JDK 6u115)

The full version string for this update release is 1.6.0_115-b12 (where "b" means "build"). The version number is 6u115.

This update release contains several enhancements and changes including the following: 

IANA Data 2016a

JDK 6u115 contains IANA time zone data version 2016a. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u115 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_115

New Features

Support customization of the default enabled cipher suites via system properties
The system property jdk.tls.client.cipherSuites can be used to customize the default enabled cipher suites for the client side of SSL/TLS connections. Similarly, the system property jdk.tls.server.cipherSuites is for the server side.

The system properties contain a comma-separated list of supported cipher suite names specifying the default enabled cipher suites. All other supported cipher suites are disabled for this default setting. Unrecognized or unsupported cipher suite names specified in the properties are ignored. Explicit setting of enabled cipher suites will override the system properties.

Please refer to the "Java Cryptography Architecture Standard Algorithm Name Documentation" for the standard JSSE cipher suite names, and the "Java Cryptography Architecture Oracle Providers Documentation" for the cipher suite names supported by the SunJSSE provider.

Note that the actual use of enabled cipher suites is restricted by algorithm constraints.

Note that these system properties are currently supported by the JDK Reference implementation. They are not guaranteed to be supported by other implementations.

Warning: these system properties can be used to configure weak cipher suites, or the configured cipher suites may become more weak over time. We do not recommend using the system properties unless you understand the security implications. Use them at your own risk.
See JDK-8162786



Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory. For a list of bug fixes included in this release, see the JDK 6u115 Bug Fixes page.

The following are some of the notable bug fixes included in this release:

DSA signature generation is now subject to a key strength check
For signature generation, if the security strength of the digest algorithm is weaker than the security strength of the key used to sign the signature (e.g. using (2048, 256)-bit DSA keys with SHA1withDSA signature), the operation will fail with the error message: "The security strength of SHA1 digest algorithm is not sufficient for this key size."

JDK-8138593 (not public)

New system property to control re-enabling of RC4-based ciphersuites in 7u101, 6u115 releases
Setting -Djdk.tls.enableRC4CipherSuites=true adds the following RC4 based ciphersuites back to the default enabled JSSE ciphersuite list:

  • TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDHE_RSA_WITH_RC4_128_SHA
  • TLS_ECDH_ECDSA_WITH_RC4_128_SHA
  • TLS_ECDH_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_SHA
  • SSL_RSA_WITH_RC4_128_MD5

This system property will only have impact from the JDK 7u101 and JDK 6u115 releases. By default, RC4-based ciphersuites are not in the default enabled list. They were removed in the JDK 6u101 and JDK 7u85 releases.

See JDK-8141050.

New attribute for JMX RMI JRMP servers specifies a list of class names to use when deserializing server credentials
A new java attribute has been defined for the environment to allow a JMX RMI JRMP server to specify a list of class names. These names correspond to the closure of class names that are expected by the server when deserializing credentials. For instance, if the expected credentials were a List<string>, then the closure would constitute all the concrete classes that should be expected in the serial form of a list of Strings.

By default, this attribute is used only by the default agent with the following:

 {   
   "[Ljava.lang.String;",   
   "java.lang.String" 
 } 

Only arrays of Strings and Strings will be accepted when deserializing the credentials.

The attribute name is:

"jmx.remote.rmi.server.credential.types"

The following is an example of a user starting a server with the specified credentials class names:

Map<String, Object> env = new HashMap<>(1);
 env.put ( 
 "jmx.remote.rmi.server.credential.types",
   new String[]{
   String[].class.getName(),
   String.class.getName()
   }
   );
   JMXConnectorServer server
   = JMXConnectorServerFactory.newJMXConnectorServer(url, env, mbeanServer);

The new feature should be used by directly specifying: 
  "jmx.remote.rmi.server.credential.types" 

JDK-8144430 (not public)

Java™ SE Development Kit 6, Update 113 (JDK 6u113)

The full version string for this update release is 1.6.0_113-b02 (where "b" means "build"). The version number is 6u113.

This update release contains several enhancements and changes including the following: 

IANA Data 2015g

JDK 6u113 contains IANA time zone data version 2015g. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u113 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_111

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Notes

Oracle strongly recommends that Java users who have downloaded affected versions and plan future installations with these downloaded versions discard these old downloads. Java users who have installed the January 2016 Critical Patch Update versions of Java SE 6, 7, or 8 need take no action. Java users who have not installed the January 2016 Critical Patch Update versions of Java SE 6, 7, or 8 should upgrade to the Java SE 6, 7, or 8 releases from the Security Alert for CVE-2016-0603.

The demos, samples, and Documentation bundles for 6u113 are not impacted by the Security Alert for CVE-2016-0603, so version 6u111 demos, samples, and Documentation bundles remain the most up to-date version until the April Critical Patch Update release.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see the Oracle Java SE Critical Patch Update Advisory.


Java™ SE Development Kit 6, Update 111 (JDK 6u111)

The full version string for this update release is 1.6.0_111-b12 (where "b" means "build"). The version number is 6u111.

This update release contains several enhancements and changes including the following: 

IANA Data 2015g

JDK 6u111 contains IANA time zone data version 2015g. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u111 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_111

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

New Features and Changes

The following are some of the notable new features and changes in this release:

*MD5 now disabled for X509 Certificate validating*
MD5 must not be used for digital signatures where collision resistance is required. To prevent the use of X.509 certificates that include an MD5-based digital signature algorithm, MD5 has been added to the jdk.certpath.disabledAlgorithms security property. Applications should upgrade or replace certificates that include an MD5-based digital signature.

Reversing this change is possible by removing MD5 from the jdk.certpath.disabledAlgorithms security property in the java.security file. This is not recommended.

JDK-8141287 (not public)

TLS v1.1 now available
TLS v1.1 is now a TLS protocol option with the release of JDK 6u111. By default, TLSv1.0 will remain the default enabled protocol on both Client and Server sides.
As an example, TLSv1.1 can be enabled for use on SSL/TLS connections via SSLSocket/SSLEngine/SSLServerSocket APIs:

e.g.
sslSocket.setEnabledProtocols(new String[] {"TLSv1.1"});

or by setting up and using a TLSv1.1 based SSLContext :
e.g.
SSLContext ctx = SSLContext.getInstance("TLSv1.1");

or by using the SSLParameters API
e.g.
sslParameters.setProtocols(new String[] {"TLSv1.1"});

JDK-8074115 (not public)

*Modifications to jarsigner and keytool*

Modifications to jarsigner for this release
The default jarsigner signature algorithm has changed from SHA1withRSA to SHA256withRSA for RSA based keys. The default jarsigner signature algorithm has changed from SHA1withECDSA to SHA256withECDSA for EC based keys. The jarsigner default digest algorithm has been changed to SHA-256 from SHA1.

Users wishing to revert to the old behavior can use the -sigalg  <algorithm> and -digestalg  <alg> jarsigner options.

Modifications to keytool for this release
The default keysize has been increased to 2048 bits for RSA based keys. Users wishing to revert to the old behavior can use the -keysize option with the -genkeypair keytool option.

The default cert fingerprint algorithm (emitted by keytool -list, -printcert, and other subcommands) now uses SHA-1 instead of MD5.

The default keytool signature algorithm has changed from SHA1withRSA to SHA256withRSA for RSA based certificates. The default keytool signature algorithm has changed from SHA1withECDSA to SHA256withECDSA for EC based certificates.

Users wishing to revert to the old behavior can use the -sigalg  <sigalg> option with the -certreq and -genkeypair keytool options.

JDK-8139084 (not public). See JDK-6709758.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory. For a list of bug fixes included in this release, see the JDK 6u111 Bug Fixes page.

The following are some of the notable bug fixes included in this release:

 

Running jps as root does not show all information
After the fix of JDK-8050807 (fixed in 8u31, 7u75 and 6u91), running jps as root did not show all the information from Java processes started by other users on some systems. This has now been fixed.

See JDK-8075773.



Changes in 6u105 b31

 

Please note that fixes from prior BPR (6u101 b31) are included in this version.


Java™ SE Development Kit 6, Update 105 (JDK 6u105)

The full version string for this update release is 1.6.0_105-b15 (where "b" means "build"). The version number is 6u105.

This update release contains several enhancements and changes including the following:

IANA Data 2015f

JDK 6u105 contains IANA time zone data version 2015f. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u105 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_105

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

JRE Expiration Date

The JRE expires whenever a new release with security vulnerability fixes becomes available. Critical patch updates, which contain security vulnerability fixes, are announced one year in advance on Critical Patch Updates, Security Alerts and Third Party Bulletin. This JRE (version 6u105) will expire with the release of the next critical patch update scheduled for January 19, 2016.

For systems unable to reach the Oracle Servers, a secondary mechanism expires this JRE (version 6u105) on February 20, 2015. After either condition is met (new release becoming available or expiration date reached), the JRE will provide additional warnings and reminders to users to update to the newer version. For more information, see JRE Expiration Date.

 

New Features and Changes

The following are some of the notable new features and changes in this release:

xml/jaxp
A new property "maxXMLNameLimit" is added
A new property, maxXMLNameLimit, is added to limit the maximum size of XML names, including element name, attribute name and namespace prefix and URI. It is recommended that users set the limit to the smallest possible number so that malformed XML files can be caught quickly. For more about XML processing limits, please see The Java Tutorials, Processing Limits
JDK-8086733 (not public)


Support ISO 4217 "Current funds codes" table (A.2)
This enhancement adds support for ISO 4217 table A.2 fund codes. Previously the JDK only supported those currencies listed in table A.1.
See JDK-8074350.
 

DHKeyPairs with Bit Lengths Greater Than 1024
DHKeyPair generation now supports use of key sizes up to 2048 bits. Key size must be multiples of 64 if less than 1024 bits, or 2048 bits.
See JDK-8062834.

Weak DES based ciphersuites no longer enabled by default
Some weak DES based ciphersuites are known to be weak and were made obsolete in TLSv1.2. Beginning with the 6u105 update release, some DES based ciphersuites will no longer be enabled by default. Applications should avoid using these weak ciphersuites. The impacted ciphersuites are:

SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA

Anyone wishing to use these DES based ciphersuites can re-enable them via the setEnabledCipherSuites(String[] suites) method call available in the SSLSocket, SSLServerSocket, and SSLEngine classes.

Alternatively, if an application is setting up a TLS connection using the HttpsURLConnection class, it can use the https.cipherSuites system property to re-enable such ciphersuites. See https://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#InstallationAndCustomization.
JDK-8078361 (not public)



Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory. For a list of bug fixes included in this release, see JDK 6u105 Bug Fixes page.

The following are some of the notable bug fixes included in this release:

Use Safe Prime Diffie-Hellman Groups
In the JDK SSL/TLS implementation (SunJSSE provider), safe prime Diffie-Hellman groups are used by default. Users can customize Diffie-Hellman groups with the security property, "jdk.tls.server.defaultDHEParameters".

Kerberos changes for applications running with security manager
This JDK release introduces some changes to how Kerberos requests are handled when a security manager is present.

Note that if a security manager is installed while a KerberosPricipal is being created, a {@link ServicePermission} must be granted and the service principal of the permission must minimally be inside the {@code KerberosPrincipal}'s realm.

For example, if the result of {@code new KerberosPrincipal("user")} is {@code user@EXAMPLE.COM}, then a {@code ServicePermission} with service principal {@code host/www.example.com@EXAMPLE.COM} (and any action) must be granted.

Also note that if a single GSS-API principal entity that contains a Kerberos name element without providing its realm is being created via the org.ietf.jgss.GSSName interface and a security manager is installed, then this release introduces a new requirement. A {@link javax.security.auth.kerberos.ServicePermission ServicePermission} must be granted and the service principal of the permission must minimally be inside the Kerberos name element's realm.

For example, if the result of {@link GSSManager#createName(String, Oid) createName("user", NT_USER_NAME)} contains a Kerberos name element {@code user@EXAMPLE.COM}, then a {@code ServicePermission} with service principal {@code host/www.example.com@EXAMPLE.COM} (and any action) must be granted. Otherwise, the creation will throw a {@link GSSException} containing the {@code GSSException.FAILURE} error code.

JDK-8048030 (not public)

 


Changes in 6u101 b31

 

Please note that fixes from prior BPR (6u91 b31) are included in this version.

Bug Fixes

BugId Category Subcategory Description
7011441 core-libs javax.naming ./jndi/ldap/Connection.java needs to avoid spurious wakeup
8132663
(Confidential)
install install IE is unchecked in "JCP->Advanced->Default Java for browsers"
8075773 core-svc tools jps running as root fails after the fix of JDK-8050807

 


Java™ SE Development Kit 6, Update 101 (JDK 6u101)

The full version string for this update release is 1.6.0_101-b14 (where "b" means "build") and the version number is 6u101.

Highlights

This update release contains several enhancements and changes including the following:

IANA Data 2015d

JDK 6u101 contains IANA time zone data version 2015d. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u101 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_101

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

New Features and Changes


Ephemeral DH keys less than 768 bits deactivated
Ephemeral DH keys less than 768 bits are deactivated in JDK. New algorithm restriction DH keySize < 768 is added to Security Property jdk.tls.disabledAlgorithms.

JDK-8076328 (not public).


IBM1166 character set now available
This release adds IBM1166 character set. It provides support for cyrillic multilingual with euro for Kazakhstan. Aliases for this new character set include cp1166,ibm1166, ibm-1166, and 1166.
See JDK-8071447.


Support stronger strength ephemeral DH keys in the SunJSSE provider

The ephemeral DH key size now defaults to 1024 bits during SSL/TLS handshaking in the SunJSSE provider. A new system property, "jdk.tls.ephemeralDHKeySize", is defined to customize the ephemeral DH key sizes. This can be set to "legacy" if the older JDK behavior (DH keysize of 768 bits) is desired. The DH key size for exportable ciphersuites remains at 512 bits.

JDK-8081079 (not public).

x.509 Certificates with Short Key Length are now Restricted

Starting from JDK 6u101, the use of x.509 certificates with RSA keys less than 1024 bits in length is restricted. This restriction is applied via the Java Security property, jdk.certpath.disabledAlgorithms. The default value of jdk.certpath.disabledAlgorithms is now as follows:

jdk.certpath.disabledAlgorithms=MD2, RSA keySize < 1024

In order to avoid the compatibility issue, users who use X.509 certificates with RSA keys less than 1024 bits, are recommended to update their certificates with stronger keys. As a workaround, at their own risk, users can adjust the key size to permit smaller key sizes through the security property jdk.certpath.disabledAlgorithms. This change was earlier introduced in JDK 8 and JDK 7u40.

Issues with Third party's JCE Providers

The fix for JDK-8023069 updated both the SunJSSE and and SunJCE providers, including some internal interfaces.

Some third party JCE providers (such as RSA JSAFE) are using some sun.* internal interfaces, and therefore will not work with the updated SunJSSE provider. Such providers will need to be updated in order for them to work with the updated SunJSSE provider.

If you have been impacted by this issue, contact your JCE vendor for an update.

See 8133503.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bugfixes included in this release, see 6u101 Bug Fixes page.

The following are some of the notable bug fixes included in this release:

Area: security-libs/java.security
Synopsis: Remove old Valicert Class 1 and 2 Policy roots

Removed two root certificates with 1024-bit keys:

  1. ValiCert Class 1 Policy Validation Authority
      alias: secomvalicertclass1ca
      DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, 
      OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", 
      L=ValiCert Validation Network

  2. ValiCert Class 2 Policy Validation Authority
      alias: valicertclass2ca
      DN: EMAILADDRESS=info@valicert.com, CN=http://www.valicert.com/, 
      OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", 
      L=ValiCert Validation Network

See JDK-8077888 (not public).

Area: security-libs/java.security
Synopsis: Remove old Thawte roots

Removed two root certificates with 1024-bit keys:

1. Thawte Server CA
    alias: thawteserverca
    DN: EMAILADDRESS=server-certs@thawte.com, CN=Thawte Server CA, 
    OU=Certification Services Division, O=Thawte Consulting cc, 
    L=Cape Town, ST=Western Cape, C=ZA

2. Thawte Personal Freemail CA
    alias: thawtepersonalfreemailca
    DN: EMAILADDRESS=personal-freemail@thawte.com, 
    CN=Thawte Personal Freemail CA, OU=Certification Services Division, 
    O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA

See JDK-8074485 (not public).

Area: security-libs/java.security
Synopsis: Remove more old Verisign, Equifax, and Thawte roots

Removed five root certificates with 1024-bit keys:

1. Verisign Class 3 Public Primary Certification Authority - G2
    alias: verisignclass3g2ca
    DN: OU=VeriSign Trust Network, 
    OU="(c) 1998 VeriSign, Inc. - For authorized use only", 
    OU=Class 3 Public Primary Certification Authority - G2, 
    O="VeriSign, Inc.", C=US

2. Thawte Premium Server CA
    alias: thawtepremiumserverca
    DN: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, 
    OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, 
    ST=Western Cape, C=ZA

3. Equifax Secure Certificate Authority
    alias: equifaxsecureca
    DN: OU=Equifax Secure Certificate Authority, O=Equifax, C=US

4. Equifax Secure eBusiness CA-1
    alias: equifaxsecureebusinessca1
    DN: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US

5. Equifax Secure Global eBusiness CA-1,
    alias: equifaxsecureglobalebusinessca1
    DN: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US

See JDK-8076204 (not public).

Area: security-libs/java.security
Synopsis: Remove TrustCenter CA roots from cacerts

Removed three root certificates:

1. TC TrustCenter Universal CA I
    alias: trustcenteruniversalcai
    DN: CN=TC TrustCenter Universal CA I, OU=TC TrustCenter Universal CA, 
    O=TC TrustCenter GmbH, C=DE

2. TC TrustCenter Class 2 CA II
    alias: trustcenterclass2caii
    DN: CN=TC TrustCenter Class 2 CA II, OU=TC TrustCenter Class 2 CA, 
    O=TC TrustCenter GmbH, C=DE

3. TC TrustCenter Class 4 CA II
    alias: trustcenterclass4caii
    DN: CN=TC TrustCenter Class 4 CA II, OU=TC TrustCenter Class 4 CA, 
    O=TC TrustCenter GmbH, C=DE

See JDK-8072960 (not public).

Area: security-libs/javax.net.ssl
Synopsis: Deprecate RC4 in SunJSSE provider

RC4 is now considered as a weak cipher. Server should not select RC4 unless there is no other stronger candidate in the client requested cipher suites. A new security property, jdk.tls.legacyAlgorithms, is added to define the legacy algorithms in Oracle JSSE implementation. RC4 related algorithms are added to the legacy algorithms list.

See JDK-8074008 (not public).

Area: security-libs/javax.net.ssl
Synopsis: Prohibit RC4 cipher suites

RC4 is now considered as a compromised cipher. RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods.

See JDK-8077111 (not public).

Area: security-libs/javax.net.ssl
Synopsis: Improved certification checking

With this fix, JSSE endpoint identification does not perform reverse name lookup for IP addresses by default in JDK.

If an application does need to perform reverse name lookup for raw IP addresses in SSL/TLS connections, and encounter endpoint identification compatibility issue, System property "jdk.tls.trustNameService" can be used to switch on reverse name lookup. Note that if the name service is not trustworthy, enabling reverse name lookup may be susceptible to MITM attacks.

See JDK-8067697 (not public).

 


Changes in 6u95

The full version string for this update release is 1.6.0_95-b12 (where "b" means "build") and the version number is 6u95.

IANA Data 2015a

JDK 6u95 contains IANA time zone data version 2015a. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u95 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_95
5.0 1.5.0_85

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Blacklist Entries

A new blacklist entry is included in this release.

For more details on the entry, see the related Cisco Security Advisory.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bugfixes included in this release, see 6u95 Bug Fixes page.

The following are some of the notable bug fixes included in this release:

Area: tools/jar
Synopsis: Improve jar file handling

Starting with JDK 6u95 release, the jar tool no longer allows the leading slash "/" and ".." (dot-dot) path component in zip entry file name when creating new and/or extracting from zip and jar file. If needed, the new command line option "-P" should be used explicitly to preserve the dot-dot and/or absolute path component.

See 8064601 (not public).

Area: security-libs/javax.net.ssl
Synopsis: The EXPORT suites have been removed from the default enabled ciphersuite list.

The EXPORT strength ciphersuites (such as SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5) were recently shown as too weak to be practically used in secure communications. They are no longer enabled by default.

See 8074458 (not public).

 


Changes in 6u91 b31

 

Please note that fixes from prior BPR (6u85 b31) are included in this version.

Bug Fixes

BugId Category Subcategory Description
8061648 deploy webstart JavaWS fails with proxy autoconfig due to missing "dnsResolve"

 


Changes in 6u91

The full version string for this update release is 1.6.0_91-b13 (where "b" means "build") and the version number is 6u91.

Highlights

This update release contains several enhancements and changes including the following:

IANA Data 2014j

JDK 6u91 contains IANA time zone data version 2014j. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u91 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_91
5.0 1.5.0_81

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

New Features and Changes


SSLv3 is disabled by default

Starting with JDK 6u91 release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default. See the java.security.Security property jdk.tls.disabledAlgorithms in <JRE_HOME>/lib/security/java.security file.

If SSLv3 is absolutely required, the protocol can be reactivated by removing "SSLv3" from the jdk.tls.disabledAlgorithms property in the java.security file or by dynamically setting this Security property to "true" before JSSE is initialized.

It should be noted that SSLv3 is obsolete and should no longer be used.

Changes to Java Control Panel

Starting with JDK 6u91 release, SSLv3 protocol is removed from Java Control Panel Advanced options.

If the user needs to use SSLv3 for applications, re-enable it manually as follows:

  • Enable SSLv3 protocol on JRE level: as described in the previous section.
  • Enable SSLv3 protocol on deploy level: edit the deployment.properties file and add the following:

    deployment.security.SSLv3=true

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see 6u91 Bug Fixes page.

Area: security-libs/javax.net.ssl
Synopsis: client side SSLv2Hello is deactivated.

As part of disabling SSLv3, some servers have also disabled SSLv2Hello, which means communications with SSLv2Hello-active clients (e.g. JDK 1.5/6) will fail. SSLv2Hello is now disabled by default.

If the pre-6u91 SSLv2Hello behavior is required, set the java.lang.System property jdk.tls.client.enableSSLv2Hello to "true" before JSSE is initialized.

See 8061765 (not public).


Changes in 6u85 b31

 

Please note that fixes from prior BPR (6u81 b32) are included in this version.

Bug Fixes

BugId Category Subcategory Description
8059799
(Confidential)
deploy plugin JRE6u85-64-bit unsupported chars in argument -Djava.security.manager
8061643 deploy webstart JavaWS fails with proxy autoconfig due to missing "resolve" permission
8059563 core-libs java.lang:reflect (proxy) sun.misc.ProxyGenerator.generateProxyClass should create intermediate directories

 


Changes in 6u85

The full version string for this update release is 1.6.0_85-b13 (where "b" means "build") and the version number is 6u85.

IANA Data 2014c

JDK 6u85 contains IANA time zone data version 2014c. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u85 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_85
5.0 1.5.0_75

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Unsafe Server Certificate Change in SSL/TLS Renegotiations Not Allowed.

Starting with JDK 6u85, unsafe server certificate change in SSL/TLS renegotiations is not allowed by default. Server certificate change in an SSL/TLS renegotiation may be unsafe and should be restricted:

  • if endpoint identification is not enabled in an SSL/TLS handshaking; and
  • if the previous handshake is a session-resumption abbreviated initial handshake; and
  • the identities represented by both certificates (in previous handshake and this handshake) cannot be regraded as the same.

If unsafe server certificate change is really required, please set the system property, jdk.tls.allowUnsafeServerCertChange, to "true" before JSSE is initialized. Note that this would re-establish the unsafe server certificate change issue.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bugfixes included in this release, see 6u85 Bug Fixes page.

Area: security-libs/javax.net.ssl
Synopsis: Decrease the preference mode of RC4 in the enabled cipher suite list

This fix decreases the preference of RC4 based cipher suites in the default enabled cipher suite list of SunJSSE provider.

See 8043200 (not public).



Changes in 6u81 b32

 

Bug Fixes

BugId Category Subcategory Description
8028192 (Confidential) security-libs javax.net.ssl Use of PKCS11-NSS provider in FIPS has some issue
8037477 (Confidential) client-libs javax.accessibility Issues with JAWS and webstart application with JAB 2.0.4
8036983 client-libs javax.accessibility JAB:Multiselection Ctrl+CursorUp/Down and ActivateDescenderPropertyChanged event

 


Changes in 6u81 b31

 

Please note that fixes from prior BPR (6u75 b31) are included in this version.

Bug Fixes

BugId Category Subcategory Description
8038108 (Confidential) install install JRE patch 1.6.0_71 uninstall issue

 


Changes in 6u81

The full version string for this update release is 1.6.0_81-b08 (where "b" means "build") and the version number is 6u81.

IANA Data 2014c

JDK 6u81 contains IANA time zone data version 2014c. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u81 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_81
5.0 1.5.0_71

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.

For a list of bug fixes included in this release, see 6u81 Bug Fixes page.



Changes in 6u75 b31

 

Please note that fixes from prior BPR (6u71 b33) are included in this version.


Java™ SE Development Kit 6, Update 75 (JDK 6u75)

The full version string for this update release is 1.6.0_75-b13 (where "b" means "build") and the version number is 6u75.

Olson Data 2013i

JDK 6u75 contains Olson time zone data version 2013i. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u75 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_75
5.0 1.5.0_65

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Critical Patch Update Advisory.

For a list of bugfixes included in this release, see 6u75 Bug Fixes page.

The following are some of the notable bug fixes in this release:

Area: other-libs/corba
Synopsis: Enhanced CORBA initializations

The system property org.omg.CORBA.ORBSingletonClass is used to configure the system-wide/singleton ORB. The handling of this system property has changed to require that the system wide/singleton ORB be visible to the system class loader. This is a change from previous releases where the singleton ORB was located using the thread context class loader of the first thread to call the no-argument ORB.init method. The implication of this change is that the system-wide/singleton ORB needs to be deployed on the class path or in the extension directory.

Applications that bundle their own ORB and only configure the property org.omg.CORBA.ORBClass should not be impacted by this change. The per-application ORB will be located via the thread context class loader of the thread calling the 2-argument ORB.init method as before.

See 8025005 (not public).

Area: xml/jaxp
Synopsis: Custom entities mapping files are no longer loaded with full permission

Legacy code may use the JDK internal API SerializerFactory to create a Serializer. In the process, a custom entity mapping file may be specified through the format parameter. The custom file was then loaded with full permission. As of this release, files that complies with java.util.ResourceBundle format, that is, with a ".properties" extension, will continue to be loaded with full permission. However, any other custom mapping files will require specific file access permission when the program is running with a SecurityManager.

The workaround to any issues caused by lack of permission to using an arbitrary file as the entity mapping file is, either changing the file to a resource bundle, or granting file read permission.

See 8029282 (not public).


Changes in 6u71 b33

Bug Fixes

BugId Category Subcategory Description
8032657 deploy plugin Memory Leak With Default Java Plug-In Of Java SE 6 When Javascript Is Involved

 


Changes in 6u71 b32

Bug Fixes

BugId Category Subcategory Description
6503428 core-libs java.nio (ch) Assertion failure in NativeThreadSet.add
6516066 core-libs java.nio (ch) NativeThreadSet.add doesn't expand thread set

 


Changes in 6u71 b31

 

Please note that fixes from prior BPR (6u65 b34) are included in this version.


Java™ SE Development Kit 6, Update 71 (JDK 6u71)

The full version string for this update release is 1.6.0_71-b12 (where "b" means "build") and the version number is 6u71.

Olson Data 2013h

JDK 6u71 contains Olson time zone data version 2013h. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u71 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_71
5.0 1.5.0_61

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

For a list of bug fixes included in this release, see JDK 6u71 Bug Fixes page.

Known Issues

Area: corelibs/java.nio
Synopsis: (java.nio) NativeThreadSet.remove may throw ArrayIndexOutOfBoundsException (6uX only)

Simultaneous multiple thread operations on the same FileChannel can create a scenario where the NativeThreadSet buffer needs to grow and a subsequent removal operation can lead to negative array index reference. A stack similar to this would be seen:

java.lang.ArrayIndexOutOfBoundsException: -1
at sun.nio.ch.NativeThreadSet.remove(NativeThreadSet.java:54)
at sun.nio.ch.FileChannelImpl.position(FileChannelImpl.java:257)

A JDK 6u71 based fix is available. If you encounter such an issue, please contact Oracle Support.


Changes in 6u65 b34

Bug Fixes

BugId Category Subcategory Description
8013809 security-libs javax.net.ssl deadlock in SSLSocketImpl between between write and close

 


Changes in 6u65 b33

Bug Fixes

BugId Category Subcategory Description
8025578 deploy plugin Liveconnect call throw NPE in mixed code case since 6u65
8026228 deploy plugin Caller-Allowable-Codebase is getting ignored if Trusted-Library is also present inside the manifest
8029609 deploy deployment_toolkit 6u65: liveconnect security dialog cannot be suppressed, associated w/ npe

 


Changes in 6u65 b32

 

Please note that fixes from prior BPR (6u60 b31) are included in this version.


Java™ SE Development Kit 6, Update 65 (JDK 6u65)

The full version string for this update release is 1.6.0_65-b14 (where "b" means "build") and the version number is 6u65.

Olson Data 2013d

JDK 6u65 contains Olson time zone data version 2013d. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u65 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_65
5.0 1.5.0_55

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Blacklist Entries

This update release includes a blacklist entry for a standalone JavaFX installer.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.


Changes in 6u60 b31

 

Bug Fixes

BugId Category Subcategory Description
8017776 deploy webstart Swing Event Thread does not use JNLP class loader

 


Changes in 6u60

The full version string for this update release is 1.6.0_60-b07 (where "b" means "build") and the version number is 6u60.

Olson Data 2013d

JDK 6u60 contains Olson time zone data version 2013d. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u60 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_51
5.0 1.5.0_51

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Bug Fixes

For a list of bug fixes included in this release, see JDK 6u60 Bug Fixes page.

Known Issues

Area: Deployment/PlugIn
Synopsis: JavaScript-> Java (LiveConnect) call fails silently if JavaScript/HTML and unsigned JAR/class files comes from different codebase host

If the portion of the codebase that specifies the protocol, host, and port, are not the same for the unsigned JAR file (or class files) as for the JavaScript or HTML, the code will fail without a mixed code dialog warning.

You can work around this using one of the following approaches:

  • Put the JAR files (or class files) and the HTML/JavaScript on the same host.
  • Sign the JAR files. (Self signed can cause the LiveConnect dialog to show already; or add a manifest file that specifies the Caller-Allowable-Codebase attribute.)
  • Use the Deployment Rule Set (DRS) to allow the app and HTML to run without a warning.

When specifying the codebase, using the Caller-Allowable-Codebase attribute or the Deployment Rule Set, make sure to list the domain where the JavaScreipt/HTML is hosted.

 


Changes in 6u51 b32

 

Bug Fixes

BugId Category Subcategory Description
8005607 client-libs java.awt Recursion in J2DXErrHandler() Causes a Stack Overflow on Linux

 


Changes in 6u51 b31

 

Bug Fixes

BugId Category Subcategory Description
6660258 client-libs java.awt Java application stops Windows logout/shutdown (regression in 1.5.0_14)
6550588 client-libs java.awt java.awt.Desktop cannot open file with Windows UNC filename
8001170 client-libs java.awt Regression : Appli. hangs when returns from shutdown confirmation window
8013140 core-libs java.net Heap corruption with NetworkInterface.getByInetAddress() and long i/f name
8008386 core-libs java.nio.charsets (cs) Unmappable leading should be decoded to replacement.
8015117 core-libs java.nio.charsets JDK MS932/PCK Encoding issue
6625723 core-libs java.util.concurrent Excessive ThreadLocal storage used by ReentrantReadWriteLock
8010636 deploy plugin User responsibilities are not updated with all clsid's with jre 6u32 and higher
8012704 deploy webstart REGRESSION: not be able to download jars from server in Windows using Jnlp Preloader
8004741 hotspot compiler Missing compiled exception handle table entry for multidimensional array allocation
8004713 hotspot runtime Stackoverflowerror thrown when thread stack straddles 0x8000000 in 32 bit jvms
8009579 xml jaxp Xpathexception does not honor initcause()

 


Changes in 6u51

 

The full version string for this update release is 1.6.0_51-b11 (where "b" means "build") and the version number is 6u51.

Olson Data 2013b

JDK 6u51 contains Olson time zone data version 2013b. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baselines

The security baselines for the Java Runtime Environment (JRE) at the time of the release of JDK 6u51 are specified in the following table:

JRE Family Version JRE Security Baseline
(Full Version String)
6 1.6.0_51
5.0 1.5.0_51

For more information about security baselines, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Change in Networking API Implementation on Windows platforms

The implementation of the networking APIs has been changed on Windows to use the SO_EXCLUSIVEADDRUSE socket option by default. This change is necessary to address anomalies that arise when using both IPv4 and IPv6 applications that require to bind to the same port.

This change may cause issues for applications that rely on the ability to have multiple processes bound to the same address and port. When such issues occur,  use sun.net.useExclusiveBind system property as a temporary workaround to restore legacy behavior.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, see Oracle Java SE Critical Patch Update Advisory.

BugId Category Subcategory Description
8005019 client-libs javax.swing JTable passes row index instead of length when inserts selection interval
8012453 core-libs java.lang (process) Runtime.exec(String) fails if command contains spaces [win]
6951623 hotspot jvmti possible performance problems in FollowReferences() and GetObjectsWithTags()
7043987 hotspot jvmti JVMTI FollowReferences is slow
8008733 xml jaxp Psr:perf:osb performance regression (18%) in wss_bodyenc

 


Changes in 6u45

For details, refer to the JDK 6u45 Update Release Notes.


Changes in 6u43 b31

 

Bug Fixes

BugId Category Subcategory Description
6951623 hotspot jvmti possible performance problems in FollowReferences() and GetObjectsWithTags()
7043987 hotspot jvmti JVMTI FollowReferences is slow
8005019 client-libs javax.swing JTable passes row index instead of length when inserts selection interval
8008733 xml jaxp Psr:perf:osb performance regression (18%) in wss_bodyenc

 


Changes in 6u43

For details, refer to the JDK 6u43 Update Release Notes.


Changes in 6u41

For details, refer to the JDK 6u41 Update Release Notes.


Changes in 6u39

For details, refer to the JDK 6u39 Update Release Notes.


Changes in 6u38 b31

 

Please note that fixes from prior BPR (6u37 b32) are included in this version.


Changes in 6u38

For details, refer to the JDK 6u38 Update Release Notes.


Changes in 6u37 b32

 

Bug Fixes

BugId Category Subcategory Description
8001388 core-libs javax.naming Java JNDI connection library on ldap conn is not honoring configured timeout
8001443 core-libs java.text Regression : SimpleDateFormat incorrectly parses dates formatted with Z and z pattern letters

 


Changes in 6u37 b31

 

Please note that fixes from prior BPR (6u35 b32) are included in this version.


Changes in 6u37

For details, refer to the JDK 6u37 Update Release Notes.


Changes in 6u35 b32

 

Bug Fixes

BugId Category Subcategory Description
6957028 javawebstart other Random SHA1 digest errors when using Java Web Start with JarDiff
6322356 java classes_net InetAddress.getLocalHost performance need to be fixed
7196533 java classes_util_i18n TimeZone.getDefault() slow due to synchronization bottleneck

 


Changes in 6u35 b31

 

Bug Fixes

BugId Category Subcategory Description
7147666 jaxp parse High lock time for com.sun.org.apache.xerces.internal.impl.dv.DTDDVFactory.getInstance()
7166896 jaxp parse DocumentBuilder.parse(String uri) is not IPv6 enabled. It throws MalformedURLException

 


Changes in 6u35

Please note that fixes included in the immediately prior BPR are NOT included in 6u35. These fixes will be available in the first BPR based on 6u35.

For further details, refer to the JDK 6u35 Update Release Notes.


Changes in 6u34 b32

 

Bug Fixes

BugId Category Subcategory Description
7107099 java classes_swing JScrollBar does not show up even if there are enough lebgth of textstring in textField
7171399 java_deployment security Applet throws AccessControlException sporadically while reading user.home

 


Changes in 6u34 b31

Please note that fixes from prior BPR (6u33 b33) are included in this version.

Bug Fixes

BugId Category Subcategory Description
6230761 java classes_nio (so) NIO channels with IPv6 on Windows
7179391 java_plugin plugin2 "getprintjob" hangs in old plugin
7056731 jets idl Race condition in CORBA code causes re-use of ABORTed connections

 


Changes in 6u34

Please note that fixes included in the immediately prior BPR are NOT included in 6u34. These fixes will be available in the first BPR based on 6u34.

For further details, refer to the JDK 6u34 Update Release Notes.


Changes in 6u33 b33

 

Bug Fixes

BugId Category Subcategory Description
7178741 hotspot svc_agent SA: jstack -m produce UnalignedAddressException in output
7027300 java classes_2d Unsynchronized HashMap access causes endless loop
7171690 java_plugin plugin2 legacy_lifecycle applets get destroyed prematurely
7177094 javawebstart other Regression: App fails w/ "application requesting unrestricted access",cache failure in 6u33 and 7u5
7174887 jndi other Deadlock in jndi ldap connection cleanup

 


Changes in 6u33 b32

 

Bug Fixes

BugId Category Subcategory Description
7162955 hotspot attach Attach api on Solaris, too many open files
6310967 hotspot svc_agent SA: jstack -m produce failures in output
7177216 java char_encodings native2ascii changes file permissions of input file
7158412 java install JRE installer does not delete its installation files from the user's Application Data folder
7175845 java jar "jar uf" changes file permissions unexpectedly
7119269 java_deployment general Tune URLUtils
7173533 java_deployment general Discoverer 10g olap is slower when using java 1.6 than with 1.5
7175548 java_deployment security Regression: Fix 7110690 breaks crossdomain functionality for applets running on 6u33-b03 (FCS/GA)

 


Changes in 6u33 b31

Please note that fixes from prior BPR (6u32 b32) are included in this version.

Bug Fixes

BugId Category Subcategory Description
7167359 java classes_util_i18n (tz) SEGV on solaris if TZ variable not set

 


Changes in 6u33

Please note that fixes included in the immediately prior BPR are NOT included in 6u33. These fixes will be available in the first BPR based on 6u33.

For further details, refer to the JDK 6u33 Update Release Notes.


Changes in 6u32 b32

Bug Fixes

BugId Category Subcategory Description
7059899 hotspot runtime_system Stack overflows in Java code cause 64-bit JVMs to exit due to SIGSEGV
7145587 hotspot runtime_system Stack overflows in Java code cause 64-bit JVMs to exit due to SIGSEGV (solaris sparc)
6707273 java classes_awt TrayIcon does not support 8-bit alpha channel in Windows XP
6886436 java classes_net Lightwight HTTP Container (com.sun.* package) is unstable
7118373 java classes_nio (se) Potential leak file descriptor when deregistrating at around the same time as an async close
7165725 java classes_swing JAVA6 HTML PARSER CANNOT PARSE MULTIPLE SCRIPT TAGS IN A LINE CORRECTLY

 


Changes in 6u32 b31


Please note that fixes from prior BPR (6u31-rev) are included in this version.

Version Name Changed

The following changes were made to the output of the command java -version to releases starting from 6u32 and BPR releases:

  • The string "rev" was removed from the version name of the BPR (for example, 1.6.0_32-b31).
  • The text "for Business" was removed from the output of the command.

In addition, the string "fb" was removed from the bundle name (the file name of the installer).


Changes in 6u32

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u32. These fixes will be available in the first BPR based on 6u32.

For further details, refer to the JDK 6u32 Update Release Notes.


Changes in 6u31-rev-b25

 

Bug Fixes

BugId Category Subcategory Description
7104147 java classes_2d the fix for cr6887286 was not appropriate for backporting
7152564 java classes_security Improve CodeSource.matchLocation(CodeSource) performance
7148584 java jar Jar tools fails to generate manifest correctly when boundary condition hit

 


Changes in 6u31-rev-b24

 

Bug Fixes

BugId Category Subcategory Description
7133138 java classes_util_i18n Improve io performance around timezone lookups
7149608 java classes_util_i18n (tz): Default TZ detection fails on linux when symbolic links to non default location used.

 


Changes in 6u31-rev-b23

 

Bug Fixes

BugId Category Subcategory Description
7145980 java classes_awt Dispose method of window.java takes long
7063183 java_deployment general AIOB exception in the RemoveCommentReader
7063790 java_deployment general SunAutoProxyHandlerTest hangs
7129310 java_plugin plugin old-plugin liveconnect missing SecureCookiePermission
7115395 java_plugin plugin2 Java Plugin does not evaluate automatic proxy files correctly on Linux: always picks first proxy

 


Changes in 6u31-rev-b22

 

Bug Fixes

BugId Category Subcategory Description
7066129 hotspot monitoring_management GarbageCollectorMXBean#getLastGcInfo leaks native memory
7125594 hotspot monitoring_management C-heap growth issue in ThreadService::find_deadlocks_at_safepoint
7115586 java classes_nio (so) Suppress creation of SocketImpl in SocketAdaptor's constructor
7130335 java classes_text Problem with timezone in a SimpleDateFormat

 


Changes in 6u31-rev-b21

 

Please note that fixes from prior BPR (6u30-rev) are included in this version.


Changes in 6u31-rev-b20

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u31-rev-b20. These fixes will be available in the next BPR based on 6u31.

For further details, refer to the JDK 6u31 Update Release Notes.


Changes in 6u30-rev-b23

 

Bug Fixes

BugId Category Subcategory Description
7099086 javawebstart general Java Web Start 10.1.* is considerably slower than Web Start 1.4.2, using getresource() repeatedly

 


Changes in 6u30-rev-b22

 

Bug Fixes

BugId Category Subcategory Description
6962930 hotspot garbage_collector make the string table size configurable
6963907 java classes_nio (so) Socket adapter need to implement sendUrgentData
7058336 java classes_nio (so) Socket adpator is not synchronized on channel state
7014194 java install 32-bit JRE silent install fails on WINDOWS 2008 SERVER 64-bit under System account
7020613 java install installation fails by SMS under System Account
7102934 xml jax-ws Npe occurs in abstractprocessor.readfromnextstructure
7096834 xml saaj SAAJ does not set correct namespace prefix and namespace URI for attributes in some circumstances.

 


Changes in 6u30-rev-b21

 

Please note that fixes from prior BPR (6u29-rev) are included in this version.

For further details, refer to the JDK 6u30 Update Release Notes.


Changes in 6u29-rev-b22

 

Bug Fixes

BugId Category Subcategory Description
7064279 java classes_beans Introspector.getBeanInfo() should release some resources in timely manner
6763530 java classes_security Cannot decode PublicKey (Provider SunPKCS11, curve prime256v1)
7099658 java classes_util Properties.loadFromXML fails with ClassCastException
7091388 jets jets Regular unexplained npe's from corba libs after system has been running for days
7094377 jndi other Com.sun.jndi.ldap.read.timeout doesn't work with ldaps.

 


Changes in 6u29-rev-b21

 

Please note that fixes from prior BPR (6u27-rev) are included in this version.

For further details, refer to the JDK 6u29 Update Release Notes.


Changes in 6u27-rev-b23

 

Bug Fixes

BugId Category Subcategory Description
7065822 xml jaxb Namespace of xml elements can change when un/marshalling xml using jaxb

 


Changes in 6u27-rev-b22

 

Bug Fixes

BugId Category Subcategory Description
7041100 hotspot compiler2 The load in String.equals intrinsic executed before null check
6761678 java classes_lang (ann) SecurityException in AnnotationInvocationHandler.getMemberMethods
6751338 java classes_util_jarzip ZIP inflater/deflater performance
6858865 java classes_util_jarzip Fix for 6728376 causes regression if the size of "data" is 0 and malloc returns Null for 0-length
7063209 javawebstart other JWS (started from desktop shorcut) doesn't update updated JNLP file from server

 


Changes in 6u27-rev-b21

 

Bug Fixes

BugId Category Subcategory Description
4947220 java classes_lang (process) Runtime.exec() cannot invoke applications with unicode parameters (win)
7021429 java_plugin plugin2 Jar file used by JRE1.4.2 won't be cached if it runs on New Generation Plugin.
7022938 java_plugin plugin2 New Java Plug-in occasionally fails to load first applet of two on IE 6

 


Changes in 6u27-rev-b20

 

Please note that fixes from prior BPR (6u26-rev) are included in this version.


Changes in 6u27

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u27. These fixes will be available in the first BPR based on 6u27.

 

For further details, refer to the JDK 6u27 Update Release Notes.


Changes in 6u26-rev-b25

 

Bug Fixes

BugId Category Subcategory Description
7005503 hotspot runtime_arguments Make GuaranteedSafepointInterval a diagnostic flag
6981400 java classes_awt Tabbing between textfield do not work properly when ALT+TAB
7041125 jndi ldap LDAP API does not catch malformed filters that contain two operands for the ! operator

 


Changes in 6u26-rev-b23

 

Bug Fixes

BugId Category Subcategory Description
7046096 hotsopt compiler2 SEGV IN C2 WITH 6U25
7049963 jaas other DISTINGUISHED NAMES FOR CERT ARE ESCAPED IN JROCKIT 1.6(NOT COMPATIBLE WITH JROC
7049774 java rmi UID construction appears to hang if time changed backwards
6985788 jgss krb5plugin KDC failover exceeds 3.5 minutes

 


Changes in 6u26-rev-b22

 

Bug Fixes

BugId Category Subcategory Description
7041200 java classes_net java.net.InterfaceAddress's equals method may throw NPE
7012783 java classes_swing JFileChooser fails to resolve DFS links on Windows Vista SP2
6942989 java classes_util_logging Memory leak of java.lang.ref.WeakReference objects
6989026 java_plugin ocx JRE plugin 1.6.0_21 crashes when loading applets
7032687 java_plugin plugin2 Dragged-out applet can be closed when close browser
7044141 xml jaxb Reusing unmarshallers which on previous use threw UnmarshalException always throw ClassCastException

 


Changes in 6u26-rev-b21

 

Please note that fixes from prior BPR (6u25-rev) are included in this version.


Changes in 6u26

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u26. These fixes will be available in the first BPR based on 6u26.

 

For further details, refer to the JDK 6u26 Update Release Notes.


Changes in 6u25-rev-b21

 

OlsonData 2011e

This release contains Olson time zone data version 2011e. For more information, refer to Timezone Data Versions in the JRE Software .

 

Please note that fixes from prior BPR (6u24-rev) are included in this version.

Bug Fixes

BugId Category Subcategory Description
6788196 java classes_io (porting) Bounds checks in io_util.c rely on undefined behaviour
7012768 java classes_net InetAddress lookupTable leaks/deadlocks when using unsupported name service spi
6963006 java classes_security smartcardio is not mt safe - javax.smartcardio.CardException: wait mismatch
7001094 java classes_security Can't initialize SunPKCS11 more times than PKCS11 driver maxSessionCount
7020709 java_deployment networking regression: cannot run filemaker application due to java.lang.ClassCircularityError
6912166 java_plugin plugin2 SSV dialog problems when there are multiple applets on a page
6943350 java_plugin plugin2 Intermittent "No registered plugin for applet ID x" errors in applet
6996266 javawebstart jnlp_api Performance issue on BasicService.showDocument
7024697 jce pkcs11_csp SessionRef.dispose() should determine if the token referred to by the token object is still valid pr
6932403 jsse runtime SSLSocketImpl state issue
7025227 jsse runtime SSLSocketImpl does not close the TCP layer socket if a close notify cannot be sent to the peer

 


Changes in 6u25

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u25. These fixes will be available in the first BPR based on 6u25.

 

For further details, refer to the JDK 6u25 Update Release Notes.


Changes in 6u24-rev-b25

 

OlsonData 2011d

This release contains Olson time zone data version 2011d. For more information, refer to Timezone Data Versions in the JRE Software .

 

Bug Fixes

BugId Category Subcategory Description
6946825 java classes_net com.sun.net.httpserver.HttpServer; Memory Leak on Non HTTP conform open socket
6517427 java imageio GIF Reader throws IIOException when reading a Indexed GIF image with an embedded color profile
6799990 java_plugin plugin2 unrecognized message ID 42 (or 46) with next-generation Java plug-in
6750362 jndi ldap Very large LDAP requests throw a OOM on LDAP servers which aren't aware of Paged Results Controls
6997561 jndi ldap A request for better error handling in JNDI

 


Changes in 6u24-rev-b24

 

Bug Fixes

BugId Category Subcategory Description
6987135 hotspot compiler2 Performance regression on Intel platform with 32-bits edition between 6u13 and 6u14.
6672144 java classes_net HttpURLConnection.getInputStream sends POST request after failed chunked send
6976938 jaxp stax StackOverflowError by com.sun.xml.stream.XMLDocumentFragmentScannerImpl
$FragmentContentDriver.next

 


Changes in 6u24-rev-b23

 

OlsonData 2011b

This release contains Olson time zone data version 2011b. For more information, refer to Timezone Data Versions in the JRE Software .

 

Bug Fixes

BugId Category Subcategory Description
6991188 hotspot compiler2 C2 Crashes while compiling method
6996240 hotspot compiler2 The BitSet.length method sometimes returns an index+1 value less than that of the highest bit set.
6999988 hotspot garbage_collector CMS: Increased fragmentation leading to promotion failure after CR#6631166 got implemented
6911753 java char_encodings Add Big5 HKSCS-2008 support
6960516 java classes_awt sun.awt.UngrabEvent has an ID over AWTEvent.RESERVED_ID_MAX
7003106 java classes_fontprop Typo in linux.fontconfig.SuSE.properties file for linux CJK font support update
6973030 java classes_net NTLM proxy authentication fails with https
6998583 java classes_security NativeSeedGenerator is making 8192 byte read requests from entropy pool on each init.
6718364 java compiler inference fails when a generic method is invoked with raw arguments
7001375 jax-ws client-runtime JAVA 1.6: JAX-WS DOES NOT MAINTAIN session cookies, Session is not maintained when URL in Uppercase
6924489 jce pkcs11_csp sun.security.pkcs11.wrapper.PKCS11Exception: CKR_OPERATION_NOT_INITIALIZED

 


Changes in 6u24-rev-b22

 

Please note that fixes from prior BPR (6u22-rev) are included in this version.


Changes in 6u24

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u24. These fixes will be available in the first BPR based on 6u24.

For further details, refer to the JDK 6u24 Update Release Notes.


Changes in 6u23

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u23.

For further details, refer to the JDK 6u23 Update Release Notes.


Changes in 6u22-rev-b09

 

Bug Fixes

BugId Category Subcategory Description
6916062 hotspot compiler2 assert(_inserts <= _insert_limit,"hash table overflow") in NodeHash::hash_insert with debug build
6989076 hotspot runtime_system JVM crashes in klassItable::initialize_itable_for_interface
6982772 java classes_security javax.xml.crypto.dsig.TransformException occurs in canonicalization for XML signature in jdk6u21
6992314 java tools pack200 --version does not print its version correctly in 6u22
6941869 jaxp xslt XSL : Xalan transformer fails to process semicolumn symbol in a count() function correctly

 


Changes in 6u22-rev-b08

 

Bug Fixes

BugId Category Subcategory Description
6887981 java classes_awt Exception violation in Java2D Disposer
6890861 java classes_awt Crash in awt.dll after sun.awt.windows.WWindowPeer.modalEnable is called
6935563 java classes_nio (dc) Improve connection reset/port unreachable handling [win]
6982572 java classes_nio (so) Invalid InetAddress instance is created and causes an exception and abort in jdk5/jdk6.

 


Changes in 6u22-rev-b07

 

Bug Fixes

BugId Category Subcategory Description
6980681 idl orb CORBA deadlock in Java SE beleived to be related to CR 6238477
6378870 java classes_net Confusing error "java.net.SocketException: Invalid argument" for socket disconnection
4743225 java classes_swing Size of JComboBox list is wrong when list is populated via PopupMenuListener
6520574 java classes_swing JFileChooser - create new folder - not editable
6542335 java classes_swing different behavior on knob of scroll bar between 1.4.2 and 5.0
6963024 java classes_swing Only Applets on Windows: two JOptionPanes in a row makes the 2nd JOptionPane flicker
6302954 java compiler Inference fails for type variable return constraint
6986709 java localization Request to localise deployment.security.clientauth.keystore.auto to new value
6963077 java_deployment desktop 6u20: Cert list is empty, but customer is prompted by a JRE dialog to select a cert
6932885 java_deployment download Java deployment cache size limit is not regarded
6891269 java_plugin iexplorer non-compliance with Section 508 using 1.6.0_18
6964872 java_plugin install misplaced windows registry key after jdk uninstall

 


Changes in 6u22-rev-b06

 

Bug Fixes

BugId Category Subcategory Description
6958668 hotspot compiler2 repeated uncommon trapping for new of klass which is being initialized
6948538 hotspot garbage_collector CMS: BOT walkers can fall into object allocation and initialization cracks
6978533 hotspot garbage_collector CMS: Elide BOT update asserts until 6977974 is fixed correctly
6973570 hotspot runtime_system OrderAccess::storestore() scales poorly on multi-socket x64 and sparc: cache-line ping-ponging
6974813 hotspot runtime_system JVM needs to use demand loading for its DTrace probes
6967957 java classes_awt MToolkit : resizing a component in componentResized() is not propagated to content
6931566 java classes_net NetworkInterface is not working when interface name is more than 15 characters long
6984520 jmx classes NPE IN RMIConnector.connect
6979376 jndi ldap to have ldap filters tolerate underscore character in object identifier

 


Changes in 6u22-rev-b05

 

Please note that fixes from prior BPR (6u21-rev) are included in this version.


Changes in 6u22

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u22. These fixes will be available in the first BPR based on 6u22.

For further details, refer to the JDK 6u22 Update Release Notes.


Changes in 6u21-rev-b11

 

Bug Fixes

BugId Category Subcategory Description
4939819 java classes_io File.canWrite() returns false for the "My Documents" directory (win)
6728842 java classes_io File.setReadOnly does not make a directory read-only (win)
6939261 java classes_swing Since 1.6.0_18 JMenus at JMenuBar are not selectable by their Mnemonic key anymore
6960430 javawebstart other java.lang.NullPointerException: null peer with Java Web Start (jdk1.6 update 12)
6922044 jaxp xslt XSLTC performance regression in 1.6.0_18
6955783 jndi dns ServiceUnavailableException caught even the secondary DNS is available

 


Changes in 6u21-rev-b10

 

OlsonData 2010l

This release contains Olson time zone data version 2010l. For more information, refer to Timezone Data Versions in the JRE Software .

 

Bug Fixes

BugId Category Subcategory Description
6217210 java char_encodings RFE: Support for Cp833 in 1.4.2
6927600 java classes_awt JDK 1.6 unable to capture X11 event in a Canvas using
6581734 java classes_management CMS Old Gen's collection usage is zero after GC which is incorrect
6578041 java dragndrop Drag & Drop from Motif to Java does not work.

 


Changes in 6u21-rev-b09

 

OlsonData 2010k

This release contains Olson time zone data version 2010k. For more information, refer to Timezone Data Versions in the JRE Software .

 

Disabling mmap Usage (on Solaris or Linux)

This release includes a new system property, sun.zip.disableMemoryMapping, which allows the user to disable the mmap usage in Sun's java.util.zip.Zipfile implementation (on Solaris and Linux platforms). Solaris or Linux applications that use java.util.zip.ZipFile may experience a SIGBUS VM crash if the application accidentally overwrites any zip or jar files that are still being used by the same Java runtime. Although this is a programming error of the offending application, this system property provides a solution to avoid the VM crash. With the property set to true (-Dsun.zip.disableMemoryMapping=true, or simply -Dsun.zip.disableMemoryMapping) the Sun JDK/JRE runtime disables the mmap usage and the VM crash that might otherwise occur by overwriting the jar or zip file can be avoided.

 

Bug Fixes

BugId Category Subcategory Description
6233838 java char_encodings Improving charset implementation maintainability and performance.
6392804 java char_encodings Inappropriate output of ufffd in various decoders.
6950553 java classes_sound Applet: IE process crash in OLE32.DLL when playing a sound.
6929479 java classes_util_jarzip Add a system property sun.zip.disableMemoryMapping to disable mmap use in ZipFile.
6933738 jaxb-xsd compiler JAXB: xjc -episode option generates invalid code (duplicate @XmlAnyAttribute)

 


Changes in 6u21-rev-b08

Please note that fixes from prior BPR (6u20-rev) are included in this version.

Bug Fixes

BugId Category Subcategory Description
6938026 hotspot compiler2 C2 compiler fails in Node::rematerialize()const
6948537 hotspot garbage_collector CMS: BOT walkers observe out-of-thin-air zeros on sun4v sparc/CMT
6948539 hotspot garbage_collector CMS+UseCompressedOops: placement of cms_free bit interferes with promoted object link
6951776 java classes_2d Modify MFontConfiguration to correctly determine linux releases
6416177 java classes_fontprop SuSE 10 needs CJK support
6911839 java classes_fontprop Sles/SuSE 11 needs CJK support
6645197 java classes_nio (so) Timed read with socket adaptor throws ClosedSelectorException if temporary selector GC'ed.
6824600 java classes_swing OOM occurs when setLookAndFeel() is executed in Windows L&F(XP style)
4691425 java classes_util_jarzip GZIPInputStream fails to read concatenated .gz files
6966402 java localization Request to localise two strings in deployment code
6869937 java_plugin plugin2 New Plugin - Vista&XP Focus never returned to browser
6895556 java_plugin plugin2 lack of status information showstatus method of Applet when the "Next Gen" plug-in enabled
6898437 javawebstart general Java Web Start 6 does not return appropriate exit code upon failure

 


Changes in 6u21

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u21. These fixes will be available in the first BPR based on 6u21.

For further details, refer to the JDK 6u21 Update Release Notes.


Changes in 6u20-rev-b09

 

Bug Fixes

BugId Category Subcategory Description
6944561 java classes_awt Mouse cursor stays in Text mode after leaving JTextArea or JTextField (Motif-based Toolkit only)
6898775 java_plugin iexplorer Plugin introduces visual defect into IE with rapid scrolling
6937964 jaxp other XML Duration do not conform to W3C specifications

 


Changes in 6u20-rev-b07

 

Bug Fixes

BugId Category Subcategory Description
6919638 hotspot garbage_collector CMS: ExplicitGCInvokesConcurrent misinteracts with gc locker
6948223 idl orb Corba issue, fail to reload object
6893325 java classes_awt JComboBox and dragging to an item outside the bounds of the containing JFrame is not selecting that
6725789 java classes_util_concurrent ScheduledExecutorService does not work as expected in jdk7/6/5
6547241 java imageio JPEGImageReader.readImage crash
6557086 java imageio Attempt to dispose jpeg reader form another thread may cause crash
6957378 jmx classes JMX memory leak

 


Changes in 6u20-rev-b05

 

OlsonData 2010i

This release contains Olson time zone data version 2010i. For more information, refer to Timezone Data Versions in the JRE Software .

 

Bug Fixes

BugId Category Subcategory Description
6897143 hotspot garbage_collector Stress test crashes during HeapInspection using ParallelGC.
6912018 hotspot garbage_collector CMS: guarantee(head() != 0,"The head of the list cannot be NULL")
6837842 hotspot jni JNI_CreateJavaVM crashes under impersonation
6927268 java_plugin plugin2 ShowDocument calls results in new iexplorer process
6940842 javawebstart other NPE in mapSignersToCodeSource when not caching files locally
6846148 jaxb-xsd runtime Namespace gets lost for null scope while using RetQName
6946312 jaxp sax XML parser omits characters callback to ContentHandler since 6u18

 


Changes in 6u20-rev-b03

Please note that fixes from prior BPR (6u19-rev) are included in this version.

Bug Fixes

BugId Category Subcategory Description
6942771 hotspot garbage_collector SEGV in ParScanThreadState::take_from_overflow_stack
6929137 idl orb java-corba: Locking too broad in com.sun.corba.se.impl.protocol.CorbaClientRequestDispatcherImpl
6898691 java classes_swing Java apps do not see keyboard switching on Sun Ray
6940416 jaxp xslt Regression in 6u18 wrt XSL/T processing

 


Changes in 6u20

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u20. These fixes will be available in the first BPR based on 6u20.

For further details, refer to the JDK 6u20 Update Release Notes.


Changes in 6u19-rev-b07

 

Bug Fixes

BugId Category Subcategory Description
6935535 hotspot compiler2 String.indexOf() returns incorrect result on x86 with SSE4.2
6631166 hotspot garbage_collector CMS: better heuristics when combatting fragmentation
6782663 hotspot garbage_collector Data produced by PrintGCApplicationConcurrentTime and PrintGCApplicationStoppedTime is not accurate
6852873 hotspot runtime_system Increase in delta between application stopped time and ParNew GC time over application lifetime
6933402 hotspot runtime_system RFE: Improve PrintSafepointStatistics output to track cleanup time
6934758 hotspot runtime_system Expose the break down of clean up task time during Safepoint
4116222 java char_encodings Errors in Arabic code-conversion tables, part II
6907881 java classes_awt_im Different undesired behavior for entering Asian characters in Windows IME starting with Java 6.0
6924497 java classes_management HotSpotDiagnosticsMXBean.getDiagnosticOptions throws NPE
6836089 java classes_swing Swing HTML parser can't properly decode codepoints outside the Unicode Plane 0 into a surrogate pair
6917744 java classes_swing JScrollPane Page Up/Down keys do not handle correctly html tables with different cells contents
6547438 jaxb-xsd runtime Invalid JNI signature character ';'

 


Changes in 6u19-rev-b06

 

Bug Fixes

BugId Category Subcategory Description
4957990 hotspot garbage_collector PermHeap bloat in and only in server VM
6365587 java classes_net Proxy-Connection header sent through tunnel
6448457 java classes_nio (ch) Channels.newOutputStream().write() does not write all data
6801020 java classes_util_concurrent Concurrent Semaphore release may cause some require thread not signaled
6933032 java classes_util_i18n (tz) Support tzdata2010e
6920317 java compiler package-info.java file has to be specified on the javac cmdline, else it will not be avail.
6689809 jaxp xslt XSLT transformer ignores XPath predicates in xsl:key elements

 


Changes in 6u19-rev-b05

Please note that fixes from prior BPR (6u18-rev) are included in this version.

Bug Fixes

BugId Category Subcategory Description
6930987 java classes_util_i18n (tz) Support tzdata2010c

 


Changes in 6u19

 

Please note that fixes included in the immediately prior BPR are NOT included in 6u19. These fixes will be available in the first BPR based on 6u19.

For further details, refer to the JDK 6u19 Update Release Notes.


Changes in 6u18-rev-b09

 

Bug Fixes

BugId Category Subcategory Description
6896647 hotspot garbage_collector card marks can be deferred too long
6916644 hotspot compiler2 C2 compiler crash on x86
6918065 java classes_2d Crash in Java2D blit loop (IntArgbToIntArgbPreSrcOverMaskBlit) in 64bit mode
6851688 java classes_awt Hung up in applet application
5102804 java classes_beans Memory leak in Introspector.getBeanInfo(Class) for custom BeanInfo: Class param
6837847 java classes_security PKCS#11 A SecureRandom and a serialization error following installation of 1.5.0_18
6921289 java classes_util_i18n (tz) Support tzdata2010b
6883952 java_plugin iexplorer Issue in 6817482 is still reproducible with 6u16-rev-b03 when using old plugin
6887492 java_plugin iexplorer REGRESSION:proxy automatic configuration does not work since 6u14
6921609 javawebstart app_mgr regression: JWS does not update desktop shortcut following JNLP update with 6u18 release
6591117 jce pkcs11_csp Poor preformance of PKCS#11 security provider compared to Sun default provider

 


Changes in 6u18

 

Please note that fixes included in the immediately prior BPR (6u17-rev-b06 to 6u17-rev-b12) are NOT included in 6u18. These fixes will be available in the first BPR based on 6u18.

For further details, refer to the JDK 6u18 Update Release Notes.


Changes in 6u17-rev-b12

 

Bug Fixes

BugId Category Subcategory Description
6917935 java classes_util_i18n (tz) Support tzdata2010a
6857340 java_plugin plugin2 Java Plugin memory leak when Java Applet is called repeatedly from JavaScript
6862679 jgss krb5plugin ESC: AD Authentication with user with umlauts fails

 


Changes in 6u17-rev-b10

 

IETF TLS protocol

This release contains an interim fix for a vulnerability in TLS. For more information, refer to Readme about TLS Fix.

 

Bug Fixes

BugId Category Subcategory Description
6896157 idl orb unsynchronized hashmap in com.sun.corba.se.impl.transport.SelectorImpl.createReaderThread
6898739 jsse runtime TLS renegotiation issue

 


Changes in 6u17-rev-b09

 

Bug Fixes

BugId Category Subcategory Description
6493542 java classes_swing JFileChooser throws NPE on Vista with Win LaF in new folder
6888768 java performance DownloadManager causes performance regression in JDK 1.6.0_14
6898593 jdbc implementation java.sql.Date.valueOf no exception if date given is not in the JDBC date escape format(yyyy-mm-dd)

 


Changes in 6u17-rev-b08

 

Bug Fixes

BugId Category Subcategory Description
6893109 idl orb orb|memory leak in readObject() and writeObject() using idlj from jdk 1.6.0_14
6713352 java classes_swing classes_swing|Deadlock in JFileChooser with synchronized custom FileSystemView
6741890 java classes_swing classes_swing|Deadlock in Win32ShellFolderManager2
6493942 java classes_util_concurrent classes_util_concurrent|ConcurrentLinkedQueue.remove sometimes very slow
6904611 java classes_util_i18n classes_util_i18n|(tz) Support tzdata2009s
6357710 java_deployment security security|Client certificate authentication prompt on every connection
6840201 java_plugin plugin plugin|Regression: applet.destroy() is interrupted with jdk 6u10, run into completion with 6u7
6893617 jndi cosnaming cosnaming|JDK 6 CNCtx always uses the default ORB and not take java.naming.corba.orb ORB value

 


Changes in 6u17-rev-b07

 

Bug Fixes

BugId Category Subcategory Description
6423256 hotspot garbage_collector GC stacks should use a better data structure
6880029 hotspot runtime_system JDK 1.6.0_u14p Application crashed very early
6859086 java classes_2d Dialog created by JOptionPane.showMessageDialog does not repaint sometimes
6609468 java classes_util_i18n (rb) ResourceBundle and/or SimpleDateFormat not thread safe (hangs JVM)
6899397 java classes_util_i18n (tz) Support tzdata2009r
6739892 java classes_util_jarzip Improve handling of zip encoding through use of property flag
6783619 java_plugin plugin2 showDocument calls result in the new browser window opening behind the current top window.
6873101 java_plugin plugin2 showDocument calls result in the new browser window opening on top of the IE window

 


Changes in 6u17-rev-b06

 

Bug Fixes

BugId Category Subcategory Description
6847956 hotspot garbage_collector G1: crash in oopDesc*G1ParCopyHelper::copy_to_survivor_space(oopDesc*)
6828768 idl orb RMI-IIOP EJB clients do not fail over due to defect in JDK 1.6.0_12
6877056 idl orb SVUID calculated for java.lang.Enum is not 0L
6805775 java classes_util_concurrent LinkedBlockingQueue Nodes should unlink themselves before becoming garbage
6814989 java classes_util_concurrent STPE terminates when policy set to continue executing existing periodic tasks
6895447 java classes_util_i18n (tz) Support tzdata2009p
6893682 java_plugin plugin2 Areas of java plugin code ignore jar version settings
6851973 jgss krb5plugin ignore incoming channel binding if acceptor does not set one
6857795 jgss krb5plugin krb5.conf ignored if system properties on realm and kdc are provided
6449574 jndi ldap Invalid ldap filter is accepted and processed

 


Changes in 6u17-rev-b05

 

Please note that fixes from prior BPR (6u16-rev) are included in this version.


Changes in 6u17

 

Please note that fixes included in the immediately prior BPR (6u16-rev-b03 and 6u16-rev-b04) are NOT included in 6u17. These fixes will be available in the first BPR based on 6u17.

For further details, refer to the JDK 6u17 Update Release Notes.


Changes in 6u16-rev-b04

 

Bug Fixes

BugId Category Subcategory Description
6763340 idl orb memory leak in com.sun.corba.se.* classes
6518077 java classes_awt Modal dialogs open slowly with JRE 1.6.0 sun.awt.X11.XToolkit
6547881 java classes_awt NPE when closing modal dialog
6620010 java classes_nio (fc) FileChannel.tryLock leaves FileLock on lockList if I/O error occurs
6880110 java classes_util_i18n (tz) Support tzdata2009m
6274920 java classes_util_logging JDK logger holds strong reference to java.util.logging.Logger instances

 


Changes in 6u16-rev-b03

 

Bug Fixes

BugId Category Subcategory Description
6858208 hotspot runtime_system jvm crash when specifying TypeProfileWidth=0 on jdk 6.0
6860491 java classes_awt WRAP_TIME_MILLIS incorrectly set
6795561 java classes_nio (bf) CharBuffer.subSequence() uses wrong capacity value for new buffer
6817482 java_plugin iexplorer On IE, modal JDialog from an Applet in html frame is not modal
6809648 java_plugin plugin2 JSObject.eval() gets blocked by modal JDialog
6835274 java_plugin plugin2 Nextgen plugin fails on Windows Server 2003 with multiple Administrator Users

 


Changes in 6u16-rev-b02

 

Bug Fixes

BugId Category Subcategory Description
6772683 hotspot compiler2 Thread.isInterrupted() fails to return true on multiprocessor PC
6826736 hotspot compiler2 CMS: core dump with -XX:+UseCompressedOops
6865031 hotspot compiler2 Application gives bad result (throws bad exception) with compressed oops
6840305 hotspot runtime_system Discrepancy in system memory details (when 4G or greater) reported by JVM and Windows OS
6813208 java classes_awt pageDialog throws NPE from applet
6827786 java classes_swing Mnemonic cycling for multiple equal mnemonic armed menu items stops when encountering a submenu
6872467 java classes_util_i18n (tz) Support tzdata2009l
6548436 java compiler Incorrect inconvertible types error
6805578 java install RFE: disable java quick start jqs.exe at the JRE installation
6585239 jndi dns Regression: 2 DNS tests fail with JDK 5.0u13 b01 and pass with 5.0u12fcs

Please note that fixes from prior BPR (6u15-rev) are included in this version.


Changes in 6u16

 

Please note that fixes included in the immediately prior BPR (6u15-rev-b04) are NOT included in 6u16. These fixes will be available in the first BPR based on 6u16.

 

For further details, refer to the JDK 6u16 Update Release Notes.


Changes in 6u15-rev-b04

 

Bug Fixes

BugId Category Subcategory Description
6853910 java classes_util_i18n (tz) Support tzdata2009j

Please note that fixes from prior BPR (6u14-rev) are included in this version.


Changes in 6u15

 

For details, refer to the JDK 6u15 Update Release Notes.


Changes in 6u14-rev-b09

 

Bug Fixes

BugId Category Subcategory Description
6842999 hotspot runtime_system Update hotspot windows os_win32 for windows 2008 R2
6804454 java classes_2d RFE: Provide a way to control the printing dpi resolution from MSIE browser print. See also 6801859
6825342 java classes_awt Security warning may change Z-order of top-level
6843003 java classes_lang Windows 2008 R2 system recognition
6814140 java classes_util_logging deadlock due to synchronized demandLogger() code that locks ServerLogManager

Please note that fixes from prior BPR (6u13-rev) are included in this version.


Changes in 6u14

 

For details, refer to the JDK 6u14 Update Release Notes.


Changes in 6u13-rev-b08

 

Bug Fixes

BugId Category Subcategory Description
6786503 hotspot garbage_collector Overflow list performance can be improved
6787254 hotspot garbage_collector Work queue capacity can be increased substantially on some platforms
6821507 hotspot garbage_collector Alignment problem in GC taskqueue caused SIGBUS in debug build due to return on stack
6834474 java classes_util_i18n (tz) Support tzdata2009g

 


Changes in 6u13-rev-b07

 

Bug Fixes

BugId Category Subcategory Description
6798785 hotspot compiler2 Crash in OopFlow::build_oop_map: incorrect comparison of 64bit pointers
6829391 java classes_util_i18n (tz) Support tzdata2009f
6687968 java imageio PNGImageReader leaks native memory through an Inflater.
6688675 java_deployment download IBM applet is very slow on JRE6 due to repeated JAR file downloads w/ no HTTP header 'last-modified'
6518733 jaxp sax Regression: SAX not correctly handling attributes with newlines

 


Changes in 6u13-rev-b06

 

Bug Fixes

BugId Category Subcategory Description
6791132 hotspot compiler2 bad control in autobox split code
6820796 java classes_util_i18n (tz) Support tzdata2009d
6506304 jaxp other java.net.MalformedURLException: unknown protocol: c
6714797 jndi cosnaming InitialContext.close does not close NIO socket connections

 


Changes in 6u13-rev-b05

 

Bug Fixes

BugId Category Subcategory Description
6646020 hotspot compiler2 assert(in_bb(n),"must be in block") in -Xcomp mode
6700047 hotspot compiler2 C2 failed in idom_no_update
6743188 hotspot compiler2 incomplete fix for 6700047 C2 failed in idom_no_update
6722113 hotspot garbage_collector CMS: Incorrect overflow handling during precleaning of Reference lists
6467424 jaxp validation javax.xml.validation.Validator does not augment.

 


Changes in 6u13-rev-b04

 

Bug Fixes

BugId Category Subcategory Description
6800586 hotspot runtime_system -XX:+PrintGCDateStamps is using mt-unsafe localtime function

Please note that fixes from prior BPR (6u12-rev) are included in this version.


Changes in 6u13

 

For details, refer to the JDK 6u13 Update Release Notes.


Changes in 6u12-rev-b06

 

Bug Fixes

BugId Category Subcategory Description
6773533 idl transport Regression in the IIOP stack that produces either IOE or JVM crash
6789865 java_plugin misc Java Plugin isInNet implementation returns incorrect value in some cases
6725987 jets other ORB.destroy() does not cleanup correctly and ORB object instances are not garbage collected.
6796140 jets other Further ORB changes after 6725987

 


Changes in 6u12-rev-b05

 

OlsonData 2009a

This release contains Olson time zone data version 2009a. For more information, refer to Timezone Data Versions in the JRE Software.

 

Bug Fixes

BugId Category Subcategory Description
6771432 java classes_net createSocket() - smpatch fails using 1.6.0_10 because of "Unconnected sockets not implemented"
6796489 java classes_util_i18n (tz) Support tzdata2009a

Please note that fixes from prior BPR (6u11-rev) are included in this version.


Changes in 6u12

 

For details, refer to the JDK 6u12 Update Release Notes.


Changes in 6u11-rev-b07

 

Bug Fixes

BugId Category Subcategory Description
6788347 hotspot compiler2 C2Compiler crash 6u7
6277781 idl serialization Serialization of Enums over IIOP is broke.
4457181 java classes_2d Unicode Combining Diacritics are not rendered
6670408 java classes_net testcase panics 1.5.0_12&_14 JVM when java.net.PlainSocketImpl trying to throw an exception

 


Changes in 6u11-rev-b06

 

Bug Fixes

BugId Category Subcategory Description
6767959 jaxp other Catalog resolver transient memory usage high

 


Changes in 6u11-rev-b05

 

Bug Fixes

BugId Category Subcategory Description
6673124 hotspot runtime_system Runtime.availableProcessors / os::active_processor_count wrong if unused processor sets exist
6687282 java classes_net URLConnection for HTTPS connection through Proxy w/ Digest Authentication gives 400 Bad Request

 


Changes in 6u11-rev-b04

 

Bug Fixes

BugId Category Subcategory Description
6643769 java_plugin other Applet main windows steals focus on Popup windows which is running Applet.

Please note that fixes from prior BPR (6u7-rev) are included in this version.


Changes in 6u11

 

For details, refer to the JDK 6u11 Update Release Notes.


Changes in 6u7-rev-b15

 

Bug Fixes

BugId Category Subcategory Description
6732194 hotspot compiler2 Data corruption dependent on -server/-client/-Xbatch
6722112 hotspot garbage_collector CMS: Incorrect encoding of overflown object arrays during concurrent precleaning
6722116 hotspot garbage_collector CMS: Incorrect overflow handling when using parallel concurrent marking
6739357 hotspot garbage_collector CMS: Switch off CMSPrecleanRefLists1 until 6722113 can be fixed
6764308 java classes_util_i18n (tz) Support tzdata2008i

 


Changes in 6u7-rev-b14

 

Bug Fixes

BugId Category Subcategory Description
6707023 java classes_awt Chinese Characters in JTextPane Cause Pane to Hang
6699856 java classes_swing Creating text in a JTextPane using Chinese text causes undesired behavior
6758988 java classes_util_i18n (tz) Support tzdata2008h
6599383 java classes_util_jarzip Unable to open zip files more than 2GB in size
6740193 javawebstart jnlp_file bug in Java Webstart Caching when using large argument list on resource href.

 


Changes in 6u10

 

For details, refer to the JDK 6u10 Update Release Notes.


Changes in 6u7-rev-b13

 

Bug Fixes

BugId Category Subcategory Description
6671882 hotspot runtime_system memory access after free in solaris/vm/os_solaris.cpp

 


Changes in 6u7-rev-b12

 

Bug Fixes

BugId Category Subcategory Description
6714678 java classes_awt IDE (Netbeans, Eclipse, JDeveloper) Debugger hangs process on Linux
6684401 java classes_swing JTree isExpanded should not call itself recursively
6684952 java classes_swing Exception occurred on JFileChooser in Applet
6719767 java install OEM ready Install requires InstallLocation registy entry
6722527 java install Need manifest for every exe file in jre/bin directory

 


Changes in 6u7-rev-b08

 

Bug Fixes

BugId Category Subcategory Description
6614100 hotspot compiler2 EXCEPTION_ACCESS_VIOLATION while running Eclipse with 1.6.0_05-ea
6487638 java classes_util_logging Calling LogManager.addLogger() and Logger.getLogger() cause deadlock

 


Changes in 6u7-rev-b07

 

Bug Fixes

BugId Category Subcategory Description
6662086 hotspot garbage_collector 6u4+, 7b11+: CMS never clears referents when -XX:+ParallelRefProcEnabled
6707643 java classes_util_i18n (tz) Support tzdata2008c
6698636 java_plugin plugin Java Plugin in Firefox hangs since 6u4 when remote policy file is present in java.security

 


Changes in 6u7

 

Bug Fixes

BugId Category Subcategory Description
6511756 hotspot jvmpi forte_is_valid_method() should call CollectedHeap::is_in_reserved() rather than is_in()
6671051 java classes_lang (process) Runtime.exec() hangs if signalled during fork/exec
6652375 java classes_security Add replacement GlobalSign Root CA to JDK
6696605 java classes_security Add Secom root certificates to the JDK
6656050 java classes_security Add AOL Root CA #2 to JDK
6679340 java classes_util_i18n (tz) Support tzdata2008b
6685178 java monitoring REGRESSION: NPE in ConnectorBootstrap when Agent.getManagementProperties() returns null.
6643315 java sunservicetags Product Registration Info button in the Windows JDK installer should use default browser
6656520 java_plugin misc Loading cacerts file from running JRE directory (JRE 1.4.2)
6567254 java_plugin ns6 Stack stomp in CSecureJNIEnv
6674757 java_plugin plugin Firefox hang upon first applet launch with Windows OEM builds of Java
6709297 javawebstart other Wonderland does not install via webstart with 6u10 b21 or later
6620632 jaxp stax DTD event is missing entity and notation information

 


Changes in 6u6-rev-b03

 

Auto Update Off

Beginning with this BPR, the JRE auto update feature defaults to OFF.

Auto Update behavior may be unpredictable if this BPR is co-installed with any other Java SE implementation (Java for Business or Java SE) that does not have the auto update scheduler already turned off (AU-OFF). Results will also be unpredictable if this BPR for Java for Business is installed and then subsequently a Java SE Update is installed with auto update turned on (the default for Java SE).

To workaround this problem, ensure that any other Java SE implementation residing on a system has auto update turned off prior to installing this BPR or a subsequent BPR. Or else, remove any other Java SE implementation before installing this or a subsequent BPR.

Bug Fixes

BugId Category Subcategory Description
6686165 java install License presented in installer dialog is now poorly formated and harder to read
6649884 java_deployment general Auto update OFF for javaforbusiness