The fix for those issues was first included in JRE 1.6.0_23. These fixes will carry forward and continue to be fixed in all future JRE releases. In other words, if you wish to avoid the mismanaged session cookie issue, you should apply any release after JRE 1.6.0_22: for example, JRE 1.6.0_23, 1.6.0_24, 1.6.0_25, and 1.6.0_26.
As of today, you can also apply Sun Java Runtime Environment 1.6.0_29 (a.k.a. JRE 6u29-b11). JRE 1.6.0_29 is certified with E-Business Suite Release 11i and 12.
All JRE releases are certified with EBS upon release Our standard policy is that all E-Business Suite customers can apply all JRE updates to end-user desktops from JRE 1.6.0_03 and higher. We test all new JRE releases in parallel with the JRE development process, so all JRE releases are considered certified with the E-Business Suite on the same day that they’re released by our Java team. You do not need to wait for a certification announcement before applying new JRE releases to your EBS users’ desktops. If you wish, your desktop administrators can enable the Java “Automatic updates” option on your end-users’ desktops.
What happened to JRE 1.6.0_28?
JRE 1.6.0_28 (6u28) was not released externally. JRE 1.6.0_29 is a CPU Security Java release.
References- Recommended Browsers for Oracle Applications 11i (Metalink Note 285218.1)
- Upgrading Sun JRE (Native Plug-in) with Oracle Applications 11i for Windows Clients (Metalink Note 290807.1)
- Recommended Browsers for Oracle Applications 12 (MetaLink Note 389422.1)
- Upgrading JRE Plugin with Oracle Applications R12 (MetaLink Note 393931.1)