Software-update: Sun Java 6.0 update 19

Oracle heeft onder de Sun-vlag de negentiende update voor zowel de developmentkit als de runtime-environment van Java Standard Edition 6.0 uitgebracht. Het exacte versienummer is 1.6.0_19-b04. De ontwikkelaars hebben zeven nieuwe root-certificaten meegeleverd en een lijst met bugs afgewerkt. De lijst met veranderingen voor deze negentiende update ziet er als volgt uit:

Changes in 1.6.0_19 (6u19)

The full internal version number for this update release is 1.6.0_19-b04 (where "b" means "build"). The external version number is 6u19.

OlsonData 2010b
6u19 contains Olson time zone data version 2010b. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baseline
6u19 specifies the following security baselines for use with Java Plug-in technology:

JRE Family Version 5.0
Java SE Security Baseline 1.5.0_22
Java SE for Business Security Baseline 1.5.0_24

JRE Family Version 1.4.2
Java SE Security Baseline 1.4.2_19
Java SE for Business Security Baseline 1.4.2_26

On October 30, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Java SE 5.0 reached its end of service life on November 3, 2009, with the release of 5.0u22. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) and Java SE 5.0 (5.0u23 and above) include the Access Only option and are available to Java SE for Business subscribers. For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Root Certificates
Added seven new root certificates, removed three root certificates and five root certificates replaced with stronger signature algorithms from VeriSign, Thawte and GeoTrust. (Refer to 6904162.)

Ensuring Application and Applet Security when Mixing Signed and Unsigned Code
Signed Java Web Start applications and applets that contain signed and unsigned components could potentially be unsafe unless the mixed code was intended by the application vendor. As of this release, when mixed code is detected in a program, a warning dialog is raised. Mixing Signed and Unsigned Code explains this warning dialog and options that the user, system administrator, developer, and deployer have to manage it.

Interim Fix for the Transport Layer Security (TLS) Man-in-the-Middle Attack
For more information about the vulnerability and the interim fix, please see the TLS Renegotiation Issue Readme.

Bug Fixes
This release contains fixes for security vulnerabilities. For more information, please see Oracle Java SE and Java for Business Critical Patch Update advisory.

Other Bug Fixes:

• hotspot - garbage_collector - GC stacks should use a better data structure
• hotspot - garbage_collector - G1: crash in oopDesc*G1ParCopyHelper::copy_to_survivor_space(oopDesc*)
• hotspot - jvmti - src/share/vm/prims/jvmtiEnv.cpp:457 assert(phase == JVMTI_PHASE_LIVE,"sanity check")
• hotspot - runtime_system - JDK 1.6.0_u14p Application crashed very early
• hotspot - runtime_system - in-process JVM now ignores preset Windows unhandled exception filter
• hotspot - runtime_system - Crash in CompilerThread/Parser. Unloaded array klass?
• idl - orb - RMI-IIOP EJB clients do not fail over due to defect in JDK 1.6.0_12
• idl - orb - SVUID calculated for java.lang.Enum is not 0L
• idl - orb - memory leak in readObject() and writeObject() using idlj from jdk 1.6.0_14
• java - classes_2d - Dialog created by JOptionPane.showMessageDialog does not repaint sometimes
• java - classes_2d - Chinese Font PMingLiu not rendered correctly
• java - classes_security - Add new VeriSign root CA certificates to JRE and remove some old/unused ones
• java - classes_swing - Deadlock in JFileChooser with synchronized custom FileSystemView
• java - classes_util_concurrent - ConcurrentLinkedQueue.remove sometimes very slow
• java - classes_util_concurrent - LinkedBlockingQueue Nodes should unlink themselves before becoming garbage
• java - classes_util_i18n - (rb) ResourceBundle and/or SimpleDateFormat not thread safe (hangs JVM)
• java - classes_util_i18n - (tz) Support tzdata2010b
• java - classes_util_jarzip - Improve handling of zip encoding through use of property flag
• java_deployment - networking - PhotoFlockr JavaFX app shows security dialog for net access even though crossdomain allows access
• java_deployment - security - Plugin/WebStart cannot validate chains when the chain contains a root cert that has been replaced
• java_plugin - plugin - Regression: applet.destroy() is interrupted with jdk 6u10, run into completion with 6u7
• java_plugin - plugin2 - Areas of java plugin code ignore jar version settings
• javawebstart - app_mgr - regression: JWS does not update desktop shortcut following JNLP update with 6u18 release
• javawebstart - general - java web start download dialog should not be displayed when loading from cache
• javawebstart - general - main-class fails if loaded by Trusted-Library class loader
• jgss - krb5plugin - ignore incoming channel binding if acceptor does not set one
• jndi - cosnaming - JDK 6 CNCtx always uses the default ORB and not take java.naming.corba.orb ORB value
• jndi - ldap - Invalid ldap filter is accepted and processed