Update Release Notes

Changes in 1.6.0_13

The full internal version number for this update release is 1.6.0_13-b03 (where "b" means "build"). The external version number is 6u13.

OlsonData 2009a


This release contains Olson time zone data version 2009a. For more information, refer to Timezone Data Versions in the JRE Software .

Security Baseline

This update release specifies the following security baselines for use with the original Java Plug-in technology:

JRE Family Version Security Baseline
5.0 1.5.0_18
1.4.2 1.4.2_20

For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .

Java Naming and Directory Interface (JNDI) API Change

The behavior of the JNDI feature to store and retrieve Java objects in an LDAP directory has been slightly modified.

When storing a Java object in an LDAP directory, the location of the object's class file (its codebase) may be specified. Later, when restoring the original object, its codebase along with additional object data is retrieved from the directory and used by the class loader.

An object's codebase is no longer implicitly trusted. Instead, a new system property called com.sun.jndi.ldap.object.trustURLCodebase must explicitly be set to the string value true in order for a codebase to be used. Otherwise, the codebase will be ignored by the class loader when restoring a Java object, and only those class files that appear on the classpath will be recognized.

Java Management Extensions(JMX) Change


The default jmxremote.access file of the JRE ( $JRE_HOME/lib/management/jmxremote.access) shows what this looks like:

monitorRole  readonly

controlRole  readwrite \
            create javax.management.monitor.*,javax.management.timer.* \

Root Certificates Included

Root Certificates are included in this release. The following root certificates have been added:

  • Two additional T-systems root CA certs (Refer to 6803022.)
  • Two Unizeto root certs (Refer to 6803036.)

Bug Fixes

This release contains fixes for one or more security vulnerabilities.

Bug fixes are listed in the following table.

BugId Category Subcategory Description
6673124 hotspot runtime_system Runtime.availableProcessors / os::active_processor_count wrong if unused processor sets exist
6687282 java classes_net URLConnection for HTTPS connection through Proxy w/ Digest Authentication gives 400 Bad Request
6803022 java classes_security Add T-systems root CA certs to the JRE
6803036 java classes_security Add Unizeto root certs to the JRE
6796489 java classes_util_i18n (tz) Support tzdata2009a
6802069 java_plugin plugin2 Issues with parsing of JNLP file under some scenarios while launching applets from desktop shortcut
6675760 jax-ws wsimport W3CEndpointReference constructor skips the extension elements or attributes