Key:<br>
<br>
SX&ensp;&ensp;- <a href="http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=X">http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=X</a><br>
PRX - <a href="http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=X">http://icedtea.classpath.org/bugzilla/show_bug.cgi?id=X</a><br>
RHX - <a href="https://bugzilla.redhat.com/show_bug.cgi?id=X">https://bugzilla.redhat.com/show_bug.cgi?id=X</a><br>
DX&ensp;&ensp;- <a href="http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=X">http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=X</a><br>
GX&ensp;&ensp;- <a href="http://bugs.gentoo.org/show_bug.cgi?id=X">http://bugs.gentoo.org/show_bug.cgi?id=X</a><br>
<br>
CVE-XXXX-YYYY: <a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY">http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=XXXX-YYYY</a><br>
<br>
<b>New in release 1.5.3 (2015-09-11):<br></b>
* permissions sandbox and signed app and unsigned app with permissions all-permissions now run in sandbox instead of not at all.<br>
* fixed DownloadService<br>
* RH1231441 Unable to read the text of the buttons of the security dialogue<br>
* Fixed RH1233697 icedtea-web: applet origin spoofing<br>
* Fixed RH1233667 icedtea-web: unexpected permanent authorization of unsigned applets<br>
* MissingALACAdialog made available also for unsigned applications (but ignoring actual manifest value) and fixed<br>
<br>
<b>New in release 1.5.2 (2014-11-26):<br></b>
* NetX<br>
&ensp;&ensp;- RH1095311, PR574 -&ensp;&ensp;References class sun.misc.Ref removed in OpenJDK 9 - fixed, and so buildable on JDK9<br>
&ensp;&ensp;- RH1154177 - decoded file needed from cache<br>
&ensp;&ensp;- fixed NPE&ensp;&ensp;in https dialog<br>
&ensp;&ensp;- empty codebase behaves&ensp;&ensp;as "."<br>
<br>