Java 6u30 released
Oracle have released Java 6 Update 30 (6u30) today. The fixes are mostly of functional nature. As far as we can tell from the release notes, no gaping security craters had to be leveled out this time .. for a change. Two security related fixes are still noteworthy for developers, one affects the use of SSL (TLS_DH_anon_WITH_AES_128_CBC_SHA), the other is about the use of secure cookies in HTTPS when the applet gets invoked via JavaScript. The full release information and list of fixes are available on Oracle's web site.
Keywords: java
2 comment(s)
×
Diary Archives
Comments
Dec. 12, 2011 - "... a notable bug fix for Java SE 6u30: Area: JSSE: Runtime Synopsis: REGRESSION - 6u29 -breaks- ssl connectivity using TLS_DH_anon_WITH_AES_128_CBC_SHA . It is strongly encouraged that applications using JSSE (SSL/TLS) be upgraded to this release to have access to the latest changes that address this recent vulnerability: Under certain circumstances, Java SE 6u29 will incorrectly throw an IndexOutOfBoundsException or send an extra SSL/TLS packet..."
.
PC.Tech
Dec 12th 2011
1 decade ago
http://krebsonsecurity.com/2011/12/security-updates-for-microsoft-windows-java/
Joe
Dec 14th 2011
1 decade ago