IcedTea-Web 1.0.6 and 1.1.4 (security releases) released

IcedTea-Web 1.0.6 and 1.1.4 have been released. These are security fix only
releases and address a security issue classified as having moderate impact.

What’s new in 1.0.6 and 1.1.4:

  • RH742515, CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass

The following people helped with this release:
Omair Majid

44a770da85fd2e342ab09e065798a07d04601ea51879df4a5e88f804e4f02eba icedtea-web-1.0.6.tar.gz
b17a742af0153b7887cf667a160f8519afad125bc515b0f4783c66e7ee1a7f26 icedtea-web-1.1.4.tar.gz

Download links:

After extracting, it can be built as per instructions here:


About dbhole

I have been a member of the Java Group at Red Hat since mid-2008. I started off as an engineer and in late 2012, I switched to the dark side, a.k.a management :) I now manage all the members in the Java Group and some members from the QE team dedicated to JDK/component related QE.
This entry was posted in IcedTea. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s