Update Release Notes

Changes in 1.6.0_19 (6u19)

The full internal version number for this update release is 1.6.0_19-b04 (where "b" means "build"). The external version number is 6u19.

OlsonData 2010b

6u19 contains Olson time zone data version 2010b. For more information, refer to Timezone Data Versions in the JRE Software .

Security Baseline

6u19 specifies the following security baselines for use with Java Plug-in technology:

JRE Family Version Java SE Security Baseline Java SE for Business Security Baseline
6 1.6.0_19 1.6.0_19
5.0 1.5.0_22 1.5.0_24
1.4.2 1.4.2_19 1.4.2_26

For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .

Root Certificates

Added seven new root certificates, removed three root certificates and five root certificates replaced with stronger signature algorithms from VeriSign, Thawte and GeoTrust. (Refer to 6904162.)

Ensuring Application and Applet Security when Mixing Signed and Unsigned Code

Signed Java Web Start applications and applets that contain signed and unsigned components could potentially be unsafe unless the mixed code was intended by the application vendor. As of this release, when mixed code is detected in a program, a warning dialog is raised. Mixing Signed and Unsigned Code explains this warning dialog and options that the user, system administrator, developer, and deployer have to manage it.

Interim Fix for the Transport Layer Security (TLS) Man-in-the-Middle Attack

For more information about the vulnerability and the interim fix, please see the TLS Renegotiation Issue Readme.

Bug Fixes

This release contains fixes for security vulnerabilities. For more information, please see Oracle Java SE and Java for Business Critical Patch Update advisory.

BugId Category Subcategory Description
6423256  hotspot garbage_collector GC stacks should use a better data structure
6847956  hotspot garbage_collector G1: crash in oopDesc*G1ParCopyHelper::copy_to_survivor_space(oopDesc*)
6648438  hotspot jvmti src/share/vm/prims/jvmtiEnv.cpp:457 assert(phase == JVMTI_PHASE_LIVE,"sanity check")
6880029  hotspot runtime_system JDK 1.6.0_u14p Application crashed very early
6918421  hotspot runtime_system in-process JVM now ignores preset Windows unhandled exception filter
6932480  hotspot runtime_system Crash in CompilerThread/Parser. Unloaded array klass?
6828768  idl orb RMI-IIOP EJB clients do not fail over due to defect in JDK 1.6.0_12
6877056  idl orb SVUID calculated for java.lang.Enum is not 0L
6893109  idl orb memory leak in readObject() and writeObject() using idlj from jdk 1.6.0_14
6859086  java classes_2d Dialog created by JOptionPane.showMessageDialog does not repaint sometimes
6921593  java classes_2d Chinese Font PMingLiu not rendered correctly
6904162  java classes_security Add new VeriSign root CA certificates to JRE and remove some old/unused ones
6713352  java classes_swing Deadlock in JFileChooser with synchronized custom FileSystemView
6493942  java classes_util_concurrent ConcurrentLinkedQueue.remove sometimes very slow
6805775  java classes_util_concurrent LinkedBlockingQueue Nodes should unlink themselves before becoming garbage
6609468  java classes_util_i18n (rb) ResourceBundle and/or SimpleDateFormat not thread safe (hangs JVM)
6921289  java classes_util_i18n (tz) Support tzdata2010b
6739892  java classes_util_jarzip Improve handling of zip encoding through use of property flag
6907171  java_deployment networking PhotoFlockr JavaFX app shows security dialog for net access even though crossdomain allows access
6911230  java_deployment security Plugin/WebStart cannot validate chains when the chain contains a root cert that has been replaced
6840201  java_plugin plugin Regression: applet.destroy() is interrupted with jdk 6u10, run into completion with 6u7
6893682  java_plugin plugin2 Areas of java plugin code ignore jar version settings
6921609  javawebstart app_mgr regression: JWS does not update desktop shortcut following JNLP update with 6u18 release
6918186  javawebstart general java web start download dialog should not be displayed when loading from cache
6927663  javawebstart general main-class fails if loaded by Trusted-Library class loader
6851973  jgss krb5plugin ignore incoming channel binding if acceptor does not set one
6893617  jndi cosnaming JDK 6 CNCtx always uses the default ORB and not take java.naming.corba.orb ORB value
6449574  jndi ldap Invalid ldap filter is accepted and processed