The full internal version number for this update release is 1.6.0_13-b03 (where "b" means "build"). The external version number is 6u13.
This release contains Olson time zone data version 2009a. For more information, refer to Timezone Data Versions in the JRE Software .
This update release specifies the following security baselines for use with the original Java Plug-in technology:
JRE Family Version | Security Baseline |
---|---|
5.0 | 1.5.0_18 |
1.4.2 | 1.4.2_20 |
For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer .
Java Naming and Directory Interface (JNDI) API Change
The behavior of the JNDI feature to store and retrieve Java objects in an LDAP directory has been slightly modified.
When storing a Java object in an LDAP directory, the location of the object's class file (its codebase) may be specified. Later, when restoring the original object, its codebase along with additional object data is retrieved from the directory and used by the class loader.
An object's codebase is no longer implicitly trusted. Instead, a new system property called com.sun.jndi.ldap.object.trustURLCodebase
must explicitly be set to the string value true
in order for a codebase to be used. Otherwise, the codebase will be ignored by the class loader when restoring a Java object, and only those class files that appear on the classpath will be recognized.
Java Management Extensions(JMX) Change
createMBean
unregisterMBean
The default jmxremote.access file of the JRE ( $JRE_HOME/lib/management/jmxremote.access
) shows what this looks like:
monitorRole readonly
controlRole readwrite \
create javax.management.monitor.*,javax.management.timer.* \
unregister
Root Certificates are included in this release. The following root certificates have been added:
This release contains fixes for one or more security vulnerabilities.
Bug fixes are listed in the following table.
BugId | Category | Subcategory | Description |
---|---|---|---|
6673124 | hotspot | runtime_system | Runtime.availableProcessors / os::active_processor_count wrong if unused processor sets exist |
6687282 | java | classes_net | URLConnection for HTTPS connection through Proxy w/ Digest Authentication gives 400 Bad Request |
6803022 | java | classes_security | Add T-systems root CA certs to the JRE |
6803036 | java | classes_security | Add Unizeto root certs to the JRE |
6796489 | java | classes_util_i18n | (tz) Support tzdata2009a |
6802069 | java_plugin | plugin2 | Issues with parsing of JNLP file under some scenarios while launching applets from desktop shortcut |
6675760 | jax-ws | wsimport | W3CEndpointReference constructor skips the extension elements or attributes |