Sun heeft voor zowel de development kit als voor de runtime environment alweer de dertiende update uitgebracht voor Java Standard Edition 6.0. De versieaanduiding is vastgesteld op 6.0 update 13 en het exacte versienummer is op 1.6.0_13-b03 komen te liggen. De ontwikkelaars hebben de beveiliging van verschillende onderdelen verbeterd, ondersteuning voor meer root certificaten toegevoegd en een lijstje met bugs verholpen. De lijst met veranderingen voor deze dertiende update ziet er als volgt uit:
Changes in 1.6.0_13
The full internal version number for this update release is 1.6.0_13-b03 (where "b" means "build"). The external version number is 6u13.
OlsonData 2009a
This release contains Olson time zone data version 2009a. For more information, refer to Timezone Data Versions in the JRE Software.
Security Baseline
This update release specifies the following security baselines for use with the original Java Plug-in technology:
JRE Family Version 5.0 - Security Baseline 1.5.0_18
JRE Family Version 1.4.2 - Security Baseline1.4.2_20
For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.
Java Naming and Directory Interface (JNDI) API Change
The behavior of the JNDI feature to store and retrieve Java objects in an LDAP directory has been slightly modified. When storing a Java object in an LDAP directory, the location of the object's class file (its codebase) may be specified. Later, when restoring the original object, its codebase along with additional object data is retrieved from the directory and used by the class loader. An object's codebase is no longer implicitly trusted. Instead, a new system property called com.sun.jndi.ldap.object.trustURLCodebase must explicitly be set to the string value true in order for a codebase to be used. Otherwise, the codebase will be ignored by the class loader when restoring a Java object, and only those class files that appear on the classpath will be recognized.
Java Management Extensions(JMX) Change
In a JMX access property file, the readwrite access no longer allows the remote createMBean and unregisterMBean operations. These must now be provided explicitly via new clauses. The default jmxremote.access file of the JRE ($JRE_HOME/lib/management/jmxremote.access) shows what this looks like.
Root Certificates Included
Root Certificates are included in this release. The following root certificates have been added:Bug Fixes
- Two additional T-systems root CA certs (Refer to 6803022.)
- Two Unizeto root certs (Refer to 6803036.)
This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 254569, 254570, 254571, 254608, 254609, 254610, and 254611.
Bug fixes are listed in the following table:
- hotspot - runtime_system - Runtime.availableProcessors / os::active_processor_count wrong if unused processor sets exist
- java - classes_net - URLConnection for HTTPS connection through Proxy w/ Digest Authentication gives 400 Bad Request
- java - classes_security - Add T-systems root CA certs to the JRE
- java - classes_security - Add Unizeto root certs to the JRE
- java - classes_util_i18n - (tz) Support tzdata2009a
- java_plugin - plugin2 - Issues with parsing of JNLP file under some scenarios while launching applets from desktop shortcut
- jax-ws - wsimport - W3CEndpointReference constructor skips the extension elements or attributes