Update Release Notes

  Update Release Notes Index JDK Documentation

Update Release Notes Index

Update Release Notes Index

Changes in 1.6.0_05

The full internal version number for this update release is 1.6.0_05-b13 (where "b" means "build"). The external version number is 6u5. Included in JDK 6u5 is version 10.0 of the Java HotSpot Virtual Machine.

Security Baseline

This update release specifies the following security baselines:

JRE Family Version Security Baseline
5.0 1.5.0_15
1.4.2 1.4.2_17


For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .

 

OlsonData 2007k

This release contains Olson time zone data version 2007k. For more information, refer to 6646197 or see US DST Timezone Updater.

 

Known Issue on 64-bit Windows Vista

After installing the 32-bit JRE on a 64-bit Windows Vista system, no Java Control Panel is present. See 6668808 for possible workarounds.

Known Deployment Issues on Windows Vista

The following issues with deployment on Vista apply to JRE 1.6.0_05 and prior releases.

  1. More Restrictive Sandbox for Signed Applets

    If you run a signed applet on a Windows OS other than Vista, you are prompted with a security warning dialog box and will need to specify an action. If you click on "Yes", the applet will have AllPermission to run on your machine; this includes permission to write/delete a file from local disk.

    On Windows Vista OS, this is no longer true. Instead, AllPermission is limited to Java Applet scope. Because the process running in IE has a low integrity level, it won't be able to write/delete a file from a medium/high integrity level directory.

    A signed applet running on Windows Vista has limited file access privileges compared to an applet running on another Windows OS.

     

  2. Signed JNLP Application Runs with Medium Integrity Level Only

    Granting AllPermission in a Java Web Start application only permits the Security Manager to allow operations that it would otherwise deny by throwing SecurityExceptions. It does not in any way elevate the permissions the user or the process have on the system. A normal (non-admin) user would typically only be able to read and write files within his own home directory (unless other directories are specifically created to allow permissions to all users.)

  3. User Experience Changes for HTTPS Connections on Windows Vista OS

    On Windows Vista, several new behaviors were introduced in the areas of security and user experience for HTTPS connections; they are:

    • HTTPS Certificate

      IE7 blocks navigation to HTTPS sites that present a digital certificate that has any of the following problems:

      • Certificate was issued to a hostname other than the current URL's hostname.
      • Certificate was issued by an untrusted root.
      • Certificate is expired.
      • Certificate is revoked.

      Upon encountering a certificate problem, IE7 presents an error page that explains the problem with the digital certificate. You may choose to ignore the warning and proceed in spite of the certificate error (unless the certificate was revoked). If you click through a certificate error page, the address bar flood fills with red to serve as a persistent notification of the problem.

       

    • Mixed-Content Prompt

      You will no longer see the so-called Mixed-Content prompt, which read: This page contains both secure and nonsecure items. Do you want to see the nonsecure items?



      Instead, IE7 renders only the secure content and offers the user the opportunity to unblock the nonsecure content using the Information Bar.

       

    • New Default Protocol Mode

      In IE7 on Windows Vista, the default HTTPS protocol setting is changed to disable the weaker SSLv2 protocol and to enable the stronger TLSv1 protocol.

      With the above changes in IE7 on Windows Vista, the user of our (Sun Microsystems Inc.) Java Plug-in will see different behavior when running their applet.

       

  4. Control Panel has Java Web Start AutoDownload of JREs Disabled

    Since the posted autodl bundles cannot run on Vista (without being re-written, and re-staged for all releases), the autodl feature is turned off by default, and the entry is disabled in the advanced tab of the Control Panel.

     

  5. Control Panel has the Change Cache Location Dialog Disabled

    Since the cache location must be set to a low-integrity directory, changing it is disabled in the control panel.

     

  6. Java Plug-in Extension Installer Mechanism May Fail for Non-Administrator Users Running in IE

    The extension install mechanism added to Plug-in in 1.4.2 uses Runtime.exec() to run a java extension installer (running "java -jar file"), or to run a native extension (running "file"). Normally these installers do things like write files to the lib/ext directory of the jre. These processes will run with the same limited privileges the user has, so may fail when (for example) writing a file where the user has no permission to write.

    This problem would also apply to any Java Web Start application that attempts to install an extension in lib/ext (though this is not a common practice).

     



JDK Product Registration

This new feature allows you to register your JDK installation when you interactively install the JDK with a supported browser. And it applies to the JDK for all supported OSs, both 32-bit and 64-bit.

  • Ability to track and manage your registered products on the SunConnection Inventory Site
  • Notification of new versions, patches, and updates
  • Access to early releases and documentation
  • Special offers on Sun developer products, services and training

Typically JDK Registration begins with the JDK Registration Login page that is launched in your browser after the installation completes. Log into your existing Sun Developer Network (or other Sun Online account) to register the JDK. If you do not have an existing account, you can create one during the registration process.

You can also complete JDK registration at any time after installation by opening the register.html file located in the directory where the JDK is located on your system, for example:

  • On Windows, for JDK 6u5:     C:\Program Files\Java\jdk1.6.0_05\register.html
  • On Linux, for JDK 6u5:     /usr/jdk/jdk1.6.0_05/register.html
  • On Solaris: for JDK 6u5:     /usr/java/jdk1.6.0_05/register.html

In the case that your system doesn't have internet connection or is in a headless environment, you can complete JDK registration from another system that supports a browser and has internet connectivity by opening the register.html file as described in the prior paragraph. You may need to copy the register.html file to the other system if it is not accessible.

Note, there is no change to the installation experience and no prompt for JDK registration when installing the JDK in the following formats:

  • Solaris package archive (via pkgadd)
  • Linux RPM files (via rpm)


On Windows, the checkbox with a button to launch the Readme file is no longer displayed. For a default installation, the Readme is located at C:\Program Files\Java\jdk1.6.0_05\README.html, and can be opened from a browser window at any time you wish.

Known Limitation

On Solaris and Linux, the JDK registration implementation is dependent on Gnome libraries. If those libraries are unavailable, no browser will be opened. It is a known problem that Solaris 8 doesn't have the Gnome libraries unless they are explicitly installed (see 6652483).

More Information

Refer to the following for further information about JDK Product Registration:

 

 

Bug Fixes

This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 233321, 233322, 233323, 233324, 233325, 233326, and 233327.

Other bug fixes are listed in the following table.

BugId Category Subcategory Description
6647251 java classes_security Add DigiCert root CA certs to JDK
6647254 java classes_security Add TrustCenter root CA certificates to the JDK
6651160 java classes_security Add AOL root CA certs to JDK
6624769 java classes_util_i18n (tz) Support tzdata2007i
6646197 java classes_util_i18n (tz) Support tzdata2007k
6637304 java install Obsolete XPIs and replace them with new jinstall.exe to cover Java Stat's xpi and jxpi metrics.
6622366 java sunservicetags JDK Product Registration Support