Download Sun Java 6.0 update 13

Sun has already released the thirteenth update for Java Standard Edition 6.0 for both the development kit and the runtime environment. The version designation has been fixed at 6.0 update 13 and the exact version number has been moved to 1.6.0_13-b03. The developers have improved the security of several components, added support for more root certificates and fixed a list of bugs. The list of changes for this thirteenth update is as follows:

Changes in 1.6.0_13

The full internal version number for this update release is 1.6.0_13-b03 (where “b” means “build”). The external version number is 6u13.

OlsonData 2009a
This release contains Olson time zone data version 2009a. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baseline
This update release specifies the following security baselines for use with the original Java Plug-in technology:
JRE Family Version 5.0 – Security Baseline 1.5.0_18
JRE Family Version 1.4.2 – Security Baseline1.4.2_20
For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Java Naming and Directory Interface (JNDI) API Change
The behavior of the JNDI feature to store and retrieve Java objects in an LDAP directory has been slightly modified. When storing a Java object in an LDAP directory, the location of the object’s class file (its codebase) may be specified. Later, when restoring the original object, its codebase along with additional object data is retrieved from the directory and used by the class loader. An object’s codebase is no longer implicitly trusted. Instead, a new system property called com.sun.jndi.ldap.object.trustURLCodebase must explicitly be set to the string value true in order for a codebase to be used. Otherwise, the codebase will be ignored by the class loader when restoring a Java object, and only those class files that appear on the classpath will be recognized.

Java Management Extensions(JMX) Change
In a JMX access property file, the readwrite access no longer allows the remote createMBean and unregisterMBean operations. These must now be provided explicitly via new clauses. The default jmxremote.access file of the JRE ($JRE_HOME/lib/management/jmxremote.access) shows what this looks like.

Root Certificates Included
Root Certificates are included in this release. The following root certificates have been added:

• Two additional T-systems root CA certs (Refer to 6803022.)
• Two Unizeto root certs (Refer to 6803036.)

Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 254569, 254570, 254571, 254608, 254609, 254610and 254611.

Bug fixes are listed in the following table:

• hotspot – runtime_system – Runtime.availableProcessors /os::active_processor_count wrong if unused processor sets exist
• java – classes_net – URLConnection for HTTPS connection through Proxy w/ Digest Authentication gives 400 Bad Request
• java – classes_security – Add T-systems root CA certs to the JRE
• java – classes_security – Add Unizeto root certs to the JRE
• java – classes_util_i18n – (tz) Support tzdata2009a
• java_plugin – plugin2 – Issues with parsing of JNLP file under some scenarios while launching applets from desktop shortcut
• jax-ws – wsimport – W3CEndpointReference constructor skips the extension elements or attributes