Sun heeft de tweeëntwintigste update voor Java Standard Edition 5.0 uitgebracht, zowel voor de development kit als voor de runtime environment. De versieaanduiding is vastgesteld op 5.0 update 22 en het exacte versienummer is 1.5.0_22-b03. De ontwikkelaars hebben de beveiliging van verschillende onderdelen verbeterd en een lijstje met bugs verholpen. De lijst met veranderingen voor deze tweeëntwintigste update ziet er als volgt uit:
Changes in 1.5.0_22
The full internal version number for this update release is 1.5.0_22-b03 (where "b" means "build"). The external version number is 5.0u22.
OlsonData 2009m
This release contains Olson time zone data version 2009m. For more information, refer to Timezone Data Versions in the JRE Software.
Security Baseline
This update release specifies the following security baseline:
JRE Family version 1.4.2
Java SE Security Baseline 1.4.2_19
Java SE for Business Security Baseline 1.4.2_24
In December, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) include the Access Only option and are available to Java SE for Business subscribers. For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
Root Certificates
Root Certificates are included in this release.Bug Fixes
- Added one new root certificate for SECOM. (Refer to 6872579.)
- Added one new root certificate for GlobalSign. (Refer to 6860447.)
This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 269868, 270474, 270475, and 270476.
Bug fixes for vulnerabilities are listed in the following table.Other bug fixes are listed in the following table.
- java - classes_2d - ICC_Profile allows detecting if some files exist
- java - classes_2d - TrueType font parsing crash when stressing Sun Bug 6751322 test case
- java - classes_2d - X11 and Win32GraphicsDevice don't clone arrays returned from getConfigurations()
- java - classes_2d - JPEG JFIF Decoder issue
- java - classes_2d - Image Color Profile parsing issue
- java - classes_2d - JRE AWT setDifflCM vulnerable to Stack Overflow
- java - classes_2d - JRE AWT setBytePixels vulnerable to Heap Overflow
- java - classes_awt - Component and [Default]KeyboardFocusManager pass security sensitive objects to loggers
- java - classes_lang - (cl) Resurrected ClassLoaders can still have children
- java - classes_security - Disable MD2 in certificate chain validation
- java - classes_security - SECURITY: MessageDigest.isEqual introduces timing attack vulnerabilities
- java - classes_security - ASN.1/DER input stream parser needs more work
- java - classes_sound - Sun Java HsbParser.getSoundBank Stack Buffer Overflow Vulnerability
- java - classes_swing - Numerous static security flaws in Swing (findbugs)
- java - classes_swing - Mutable statics in Windows PL&F (findbugs)
- java - classes_util_i18n - (tz) TimeZone.getTimeZone allows probing local filesystem
- java - imageio - DoS from parsing BMPs with UNC ICC links
- java - imageio - JPEG Image Writer quantization problem
- java - imageio - ImageI/O JPEG is vulnerable to Heap Overflow
- java - install - java update malfunctioning
- java - classes_awt - Following JCK5 test not working as exp-d on linux: awt-interactive-ComponentTests
- java - classes_security - Add GlobalSign R3 Root certificate to the JDK
- java - classes_security - Add SECOM Root CA 2 to JDK
- java - classes_util_i18n - (tz) Support tzdata2009m
:strip_exif()/i/2003867114.png?f=thumbmedium)