Download Sun Java 5.0 Update 18

Sun has already released the eighteenth update to Java Standard Edition 5.0, both for the development kit and for the runtime environment. The version designation has been fixed at 5.0 update 18 and the exact version number has been moved to 1.5.0_18-b02. The developers have improved the security of several components and fixed a list of bugs. The list of changes for this eighteenth update is as follows:

Changes in 1.5.0_18

The full internal version number for this update release is 1.5.0_18-b02 (where “b” means “build”). The external version number is 5.0u18.

Security Baseline
This update release specifies the following security baseline:
JRE Family Version 1.4.2 – Security Baseline 1.4.2_20
For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

OlsonData 2009a
This release contains Olson time zone data version 2009a. For more information, refer to Timezone Data Versions in the JRE Software.

Java Naming and Directory Interface (JNDI) API Change
The behavior of the JNDI feature to store and retrieve Java objects in an LDAP directory has been slightly modified. When storing a Java object in an LDAP directory, the location of the object’s class file (its codebase) may be specified. Later, when restoring the original object, its codebase along with additional object data is retrieved from the directory and used by the class loader. An object’s codebase is no longer implicitly trusted. Instead, a new system property called com.sun.jndi.ldap.object.trustURLCodebase must explicitly be set to the string value true in order for a codebase to be used. Otherwise, the codebase will be ignored by the class loader when restoring a Java object, and only those class files that appear on the classpath will be recognized.

Java Management Extensions(JMX) Change
In a JMX access property file, the readwrite access no longer allows the remote createMBean and unregisterMBean operations. These must now be provided explicitly via new clauses. The default jmxremote.access file of the JRE ($JRE_HOME/lib/management/jmxremote.access) shows what this looks like.

CORBA Memory Leak Fix – Special Note
This update release and revision 5.0u16-rev-b12 and subsequent updates and revisions contain a fix for 6725987. When using updates and revisions prior to these, an ORB may contain valid references (that is, a memory leak) even after calling its shutdown() and destroy() methods, and it may respond to some method calls. With this fix, the ORB correctly cleans up and the Garbage Collector can free up the memory held by such references. Incorrect accesses to such references or methods are likely to result in a NullPointerException to the application.

Root Certificates Included
Root Certificates are included in this release. The following root certificates have been added:

• VeriSign TSA Root Cert to the JDK (Refer to 6732157.)
• Two additional T-systems root CA certs (Refer to 6803022.)
• Two Unizeto root certs (Refer to 6803036.)

Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 254569, 254570, 254571, 254608and 254611.

Other bug fixes are listed in the following table.

• hotspot – garbage_collector – ParallelOldGC leaks memory
• java – classes_awt – To adjust system boot time in nowMillisUTC() frequently
• java – classes_awt – 1st char. is discarded after a modal dialogue shows up and disappears
• java – classes_awt – Print dialog doesn’t come up when browser window is maximized
• java – classes_lang – (thread) Thread.getStackTrace() returns null
• java – classes_net – https connections failing when connecting through a proxy
• java – classes_net – URLConnection for HTTPS connection through Proxy w/ Digest Authentication gives 400 Bad Request
• java – classes_net – Slow performance using HttpURLConnection for upload
• java – classes_security – Add VeriSign TSA Root Cert to the JDK
• java – classes_security – Add T-systems root CA certs to the JRE
• java – classes_security – Add Unizeto root certs to the JRE
• java – classes_util_concurrent – Scheduling large negative delay hangs entire ScheduledExecutor
• java – classes_util_concurrent – ScheduledExecutorService does not work as expected in jdk7/6/5
• java – classes_util_i18n – (tz) Windows time zone mapping table needs to be updated for KB933360
• java – classes_util_i18n – (tz) Java runtime doesn’t detect VET time zone correctly on Windows
• java – classes_util_i18n – (tz) tzmappings must be updated for Windows
• java – classes_util_i18n – (tz) Windows time zone mapping table needs to be updated for KB955839
• java – classes_util_i18n – (tz) Support tzdata2009a
• java – classes_util_logging – Calling LogManager.addLogger() and Logger.getLogger() cause deadlock
• java_plugin – ocx – Applet isn’t started when it’s outside of the visible area of ​​a browser window
• java_plugin – other – Applet main windows steals focus on Popup windows which is running Applet.
• java_plugin – other – Regression: applets loaded from local disk can not access co-located resources
• jce – pkcs11_csp – Poor performance of PKCS#11 security provider compared to Sun default provider
• jets – other – ORB.destroy() does not cleanup correctly and ORB object instances are not garbage collected.