Release Notes: This bugfix release included protection against timing attacks on RSA (Boneh-Brumley/Kocher) and CBC padding (Vaudenay). Server users and clients that do client authentication should upgrade. Client-only users may not need to.
Release Notes: This release has protection from injection attacks. There are two new build systems using make and ant instead of shell/batch files. An SSLv2 backcompatibility handshake, Socket.close() in close, a JDK 1.3X port, SSLSocket/Socket separation, a new constructor for SSLSocket that lets you wrap an existing socket, and SHA-1 with RSA certs were added. Automatic DH key generation was removed. Key generation (SPKAC, PKCS-10, self-signed certs) was added, and a lot of bugs were fixed.