Java Platform, Standard Edition 6
Update Release Notes

• Update Release Notes Index
• JDK Documentation

Changes in 1.6.0_22 (6u22)

The full internal version number for this update release is 1.6.0_22-b04 (where "b" means "build"). The external version number is 6u22.

OlsonData 2010l

Java SE 6u22 contains Olson time zone data version 2010l. For more information, refer to Timezone Data Versions in the JRE Software. 

Security Baseline

Java SE 6u22 specifies the following security baselines for use with Java Plug-in technology:

For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .

Root Certificates

Added new Entrust Root CA-G2 and updated Entrust.net CA (2048) root certificates. (Refer to 6959911.)

CVE-2010-3560

The fix for CVE-2010-3560 could cause certain Java applets running in the new Java Plug-in to stop working if they are embedded in web pages which contain JavaScript that calls into Java in order to perform actions which require network security permissions. These applets may fail with a network security exception under some circumstances if the name service which resolved the original web page URL host name does not return a matching name as the result of a reverse address lookup. This is most likely to occur for the new Java Plug-in running on Solaris and Linux when configured to use NIS for host to network address resolution with maps containing host names which are in short form (rather than as a fully qualified domain name).

If an applet is suspected of failing due to this change you can verify that by setting the logging level of the Java Console to 5 and looking for logging strings beginning with "socket access restriction" which will describe the specific cause of the mismatch and will help in identifying the correct workaround to use as described below:

• Add a new host name forward map entry (in /etc/hosts, NIS, or DNS) in a special form which is recognized by Java for the purpose of validating IPv4 and IPv6 name service mappings.
• The IPv4 general name form followed by an /etc/hosts file fragment example for IP address 10.11.12.13 is:
  Copy

      host.auth.ddd.ccc.bbb.aaa.in-addr.arpa
  
  
      # /etc/hosts example
      10.11.12.13    foo.bar.com.auth.13.12.11.10.in-addr.arpa
  

  There is an equivalent form for IPv6 addresses which uses the IP6.ARPA domain root format defined in RFC 3596.

  For DNS, these would be A (IPv4) or AAAA (IPv6) entries.

• Pre-pend a fully qualified host name before other mappings to the same address. For example, in /etc/hosts format:
  Copy

      #10.11.12.13   foo loghost
  
      10.11.12.13    foo.bar.com foo loghost
  

  As an alternative to updating name service records, it may be possible to safely modify the applet to perform the network action using only it's own permissions independent of the web page which contains it by using the doPrivileged() method of the java.security.AccessController class.

  Transport Layer Security (TLS) Man-In-The-Middle Renegotiation Issue Resolved

  For more information, please see the TLS Renegotiation Issue README.

  Related information on the solution to the TLS Renegotiation issue:

  • The JSSE Reference Guide
  • Standard Names: Supported Cipher Suites
  • Sun Providers Documentation: Supported Cipher Suites
    
     

  Bug Fixes

  This release contains fixes for security vulnerabilities. For more information, please see Oracle Java SE and Java for Business Critical Patch Update advisory.

  Other Bug Fixes

  BugId	Category	Subcategory	Description
  6897143	hotspot	garbage_collector	Stress test crashes during HeapInspection using ParallelGC
  6919638	hotspot	garbage_collector	CMS: ExplicitGCInvokesConcurrent misinteracts with gc locker
  6837842	hotspot	jni	JNI_CreateJavaVM crashes under impersonation
  6948223	idl	orb	Corba issue, fail to reload object
  6969236	java	build	Regression: JRE identification fails due to Oracle rebranding in java.exe
  6893325	java	classes_awt	JComboBox and dragging to an item outside the bounds of the containing JFrame is not selecting that
  6974093	java	classes_lang	Thread.clone should NOT invoke addUnstarted on started threads
  6959911	java	classes_security	Update Entrust.net CA (2048) root and add new Entrust Root CA-G2
  6725789	java	classes_util_concurrent	ScheduledExecutorService does not work as expected in jdk7/6/5
  6547241	java	imageio	JPEGImageReader.readImage crash
  6557086	java	imageio	Attempt to dispose jpeg reader form another thread may cause crash
  6944981	java_deployment	general	Name field missing in mix code security warning dialog for Java Webstart application
  6869937	java_plugin	plugin2	New Plugin - Vista&XP Focus never returned to browser
  6846148	jaxb-xsd	runtime	Namespace gets lost for null scope while using RetQName
  6946312	jaxp	sax	XML parser omits characters callback to ContentHandler since 6u18
  6957378	jmx	classes	JMX memory leak