JRE 6.0 download

  • Thread starter Thread starter Pat Willener
  • Start date Start date
P

Pat Willener

From the 'Secunia Software Inspector' thread is appears that there is
some confusion which is the latest version of the Java Runtime
Environment. Because of multiple download sites not all being timely
updated, the Sun Java site is the one that always offers the latest
download, which is here
http://javashoplm.sun.com/ECom/docs...=jre-6-oth-JPR&SiteId=JSC&TransactionId=noreg

All earlier JRE versions should be uninstalled.

P.S. Secunia Software Inspector runs fine with JRE 6.0 on both Internet
Explorer and Firefox.
 
Randy Knobloch said:
Pat,
This is still the correct download URL;
'Java Runtime Environment (JRE) 6'
http://java.sun.com/javase/downloads/index.jsp
--> proceed --> choose Muti-Language "Offline"
Installation.

Merry Christmas!!

Randy

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address is invalid that we may all benefit.
Randy, I followed your link and the offline installation shows the download is 53.16MB and if you follow Pat's which you say is not the correct download URL the file is 12.56. Both say JEK 6 windows 1586.exe, what is the difference between the two? The larger download according to Sun's estimator would take me five plus hours. Thank's for your help.
 
I'm not sure about your numbers.

There are two downloads--labelled "Windows Offline Installation,
Multi-language" and "Windows Online Installation, Multi-language."

first is 12.56 MB, second is 361.63 KB

It's your choice about whether you want to spend the time on the initial
download, or do a quick download of "download manager" code and leave it to
do the rest.



--
 
Just to clarify--for me, both Pat and Randy appear to be pointing to the
same download page with the correct downloads on it.

--
 
:
Randy, I followed your link and the offline installation shows the download is 53.16MB
and if you follow Pat's which you >say is not the correct download URL the file is
12.56. Both say JEK 6 windows 1586.exe, what is the difference between >the two? The
larger download according to Sun's estimator would take me five plus hours. Thank's for
your help.

The offline download is actually 12.56 MB, for dial-up that sure must be disappointing.
I do not know what to tell you regarding the Online installer as am not a Sun expert,
but I do know that all of us MVPs that have done the upgrade have use the Offline
package.

Sorry If I can't be of more assistance than that.

Randy

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address is invalid that we may all benefit.
 
Bill Sanderson MVP said:
Just to clarify--for me, both Pat and Randy appear to be pointing to the
same download page with the correct downloads on it.

-- Bill, When I click on Pat's link it takes me to a java 6 download page. When I click on download it shows JEK windows 1586.exe, offline installation at 12..56MB and 361.62 on line. When I click on Randy's link I get to a Java 6 download page, when I click the download it shows the offline installation for JEK 6 windows 1586.exe at 53.16MB and 361.62KB. Randy said Pat's URL is not the correct one. At this point I am confused. I followed the links in earlier threads regarding Java 6 and was shown the 53.16MB download. At one point you said since there are no security issues with any thing above 1.5.6 just wait. I was just offered the update yesterday for 1.5.10 and all went fine. Since I can see a discrepancy in download size by following the two different links I guess I'll just wait.
 
Randy Knobloch said:
:


The offline download is actually 12.56 MB, for dial-up that sure must be disappointing.
I do not know what to tell you regarding the Online installer as am not a Sun expert,
but I do know that all of us MVPs that have done the upgrade have use the Offline
package.

Sorry If I can't be of more assistance than that.

Randy

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address is invalid that we may all benefit.


Randy, I went back and reread some of the other posts regarding Java 6 since you confirmed the download was only 12.56MB. I discovered that in some posts Java 6 was mentioned and then in others JRE6. I now realize that the 53.16MB is for JDK not JRE. At some point I either clicked on the wrong download button or was confused about what Java to install. In any event I apologise for my mistake. I guess without these forumns I may have installed JDK. Your link as well as Pat's will take me to a Java 6 download page. Does it make a difference which site is used? I still haven't decided if I should install this or just wait.
 
Please note the following from MY Secunia Inspection:
=====================
Sun Java JRE 1.5.x / 5.x is up-to-date. The detected version installed on
your system is 5.0.90.3, which either corresponds to or is newer than the
latest secure version released by the vendor.

Installed on Your System in:
C:\Program Files\Java\jre1.5.0_09\bin\java.exe
======================

You do not HAVE to install 6 (1.6).
I just installed 1.5.09.03 two days ago. This was the first time I have
updated the Java Runtime Enviorment (jre) since I got my machine at the end
of June last year. I have not even had a chance to uninstall 4 (1.4.xx) YET!

If 1.5.09.03 is found to be insecure I will update it again. Because of the
large download involved I don't think I will update it anytime soon unless I
have to.

For the same reason I still have Windows Media Player 9 (patched). If it
becomes insecure I will update it, until then it serves me fine.
I think this Secunia Inspection site is great. It lets you know if you have
an insecure version, not necessarily the latest, greatest.

P.S. Secunia Software Inspector runs fine with JRE 5.0 (1.5.09.03) on IE
6.0.2900

?:-)
Tim
Geek w/o Portfolio
 
Hi Pat,

I've already been through this exercise with Secunia Software Inspector AND
with Java. (See the Secunia software inspector thread, above, started by
cyrus the virus on December 14.)

I'm too busy right now: I still have more sock drawers to sort. :> :>

Alan
 
:
<snipped for clarity>

Please use this URL for your download;
Choose: 'Java Runtime Environment (JRE) 6'
(http://java.sun.com/javase/downloads/index.jsp)
Go to the Download button -->
Accept the license agreement -->
Choose "Windows Offline Installation - Multi-Language'
Click on the appropriate URL and your done, the download
should then begin. Remember to uninstall *all* previous
builds of Sun Java from Add/Remove Programs in Control
Panel once this build is installed.

Randy

--
siljaline

MS - MVP Windows (IE/OE) & Windows Security, AH-VSOP

Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address is invalid that we may all benefit.
 
I'm not sure what you saw--when I followed those different links, I ended up
at the right place--but maybe that's just cause I "knew" where I was going!

Someone else has just told me that 1.5.8 and above is the better
recommendation--but I agree that you are fine now.

--
 
http://java.sun.com/javase/6/docs/technotes/guides/security/enhancements.html

The Java Platform has added support for the following Security functionality
in version 6:
a.. JSR 105, the XML Digital Signature API and implementation

For details, see the XML Digital Signature API Specification and the XML
Digital Signature API Overview and Tutorial

b.. JSR 268, Smart Card I/O API

Sun's Java SE 6 implementation bundles the Smart Card I/O API defined by
JSR 268 as well as a provider called SunPCSC which uses the platform's
native PC/SC Smart Card stack, if available. Note that neither the API nor
the SunPCSC provider are part of the Java SE 6 platform specification and
may not be present on other compliant Java SE implementations.

c.. Elliptic Curve Cryptography (ECC) in SunPKCS11

The SunPKCS11 provider now exposes ECC algorithms if the underlying
PKCS#11 token supports them. This include ECDSA signing and verification,
ECDH key agreement, and generation of EC keypairs. For more information
about the supported mechanisms, see the supported algorithms section in the
PKCS#11 reference guide.

d.. Elliptic Curve CipherSuites in SunJSSE

The SunJSSE now supports the ECC ciphersuites defined in RFC 4492, if a
suitable crypto provider is available (for example, SunPKCS11 with an
appropriate PKCS#11 library). For more information, see the list of
supported ciphersuites and their requirements.

e.. Access Network Security Services (NSS) using SunPKCS11

The SunPKCS11 provider supports new configuration directives which allow
it to access the NSS security library. This enables Java applications to
read keys stored in the NSS database files, use ECC algorithms, and to use
the NSS Softtoken as a FIPS 140 compliant cryptography provider. For more
information see the NSS section in the PKCS#11 guide.

f.. FIPS 140 compliance for SunJSSE

The SunJSSE provider now supports an experimental FIPS 140 compliant mode.
When enabled and used in combination with the SunPKCS11 provider and an
appropriate FIPS 140 certified PKCS#11 token, SunJSSE is FIPS 140 compliant.
For details, see the JSSE Reference Guide.

g.. Pluggability restrictions have been removed from JSSE

In earlier releases, the JSSE framework did not allow 3rd party JSSE
providers that implemented non-standard ciphersuites due to export control
issues.

h.. Socket read timeouts are fully supported by SunJSSE SSLSockets

In previous releases, calling setSoTimeout() would sometimes lead to
unpredictable results. This has been corrected.

i.. Cipher Text Stealing (CTS) mode added to SunJCE block ciphers

CTS is described in Bruce Schneier's book "Applied Cryptography-Second
Edition", John Wiley & Sons, 1996 (pg. 195-196), and is used by some
Kerberos implementations.

j.. New PBKDF2WithHmacSHA1 Secretkeyfactory algorithm added to SunJCE

Constructs secret keys using the Password-Based Key Derivation Function
function found in PKCS5 v2.0.

k.. Removed the 2048 RSA keysize limit from local_policy.jar

Implementations were previously restricted from obtaining RSA keys larger
than 2048 bits without installing the unlimited crypto policy files.

l.. New Certification Authority (CA) certificates added

A number of new CA certificates were added to the default system
lib/security/cacerts file. See the keytool docs for the complete list of CA
certificates.

m.. Added Two New Options to jarsigner Tool

Options -digestalg and -sigalg have been added to the jarsigner tool to
allow users to override the default signature and digest algorithms when
signing a jar file

n.. New Options for keytool Tool

Options -genseckey and -importkeystore have been added to the keytool tool
to allow users to generate a SecretKey inside a keystore and copy entries
from one keystore to another. Options -genkey, -import and -export have been
renamed to -genkeypair, -importcert and -exportcert.

o.. User-Entered Passwords no longer echoed on the screen

Security tools like keytool/jarsigner, and the JAAS login authentication
modules use the new java.io.Console class so that user-entered passwords are
no longer echoed on the screen.

p.. Support for AES Encryption Type in Java GSS/Kerberos

Support for AES encryption type (AES128 and AES256) in Java GSS/Kerberos
is available. This improves interoperability of the Java SE Kerberos
implementation with other Kerberos implementations, such as Solaris 10 and
MIT Kerberos. For details, see Java GSS Security Features.


q.. Support for RC4-HMAC Encryption Type in Java GSS/Kerberos

Support for RC4-HMAC encryption type in Java GSS/Kerberos is available.
This improves interoperability of the Java SE Kerberos implementation with
other Kerberos implementations, such as Windows, Solaris 10 and MIT
Kerberos. Windows Active Directory supports RC4-HMAC as the default Kerberos
encryption type. For details, see Java GSS Security Features.


r.. Support for SPNEGO in Java GSS

Support for SPNEGO mechanism in Java GSS is now available. The Simple and
Protected GSS-API Negotiation (SPNEGO) mechanism is a pseudo security
mechanism that enables GSS-API peers to securely negotiate a common security
mechanism to be used.

Support for SPNEGO authentication scheme in HTTP is also available. For
details, see Java GSS Security Features.


s.. Support for new Pre-Authentication Mechanisms

Java GSS/Kerberos now includes support for the new pre-authentication
mechanisms as described in the latest Kerberos specification. For details,
see Java GSS Security Features.


t.. Native Platform GSS Integration

This feature allows Java GSS applications to take advantage of features in
the native GSS implementation available on the platform. For details, see
Java GSS Security Features.


u.. Access to native PKI and cryptographic services on Microsoft Windows

Added the SunMSCAPI JCE provider which uses the Microsoft CryptoAPI (CAPI)
to offer a variety of RSA cryptographic functions. It acts as a bridge
between Java applications and the services offered by the default RSA
cryptographic service provider available via CAPI. It provides access to
X.509 certificates and RSA key pairs, it performs RSA encryption and
decryption, and it creates and validates RSA signatures. It also supports a
cryptographic random number generator.


v.. Enhancements to the implementation of PKI Certificate Path Validation

Added support for segmented and indirect CRLs, resulting in improved
performance and improved PKIX compliance (RFC 3280).

w.. JAAS-based authentication using LDAP

Added a JAAS login module which enables users to perform authentication
using credentials stored in an LDAP directory service. It provides a drop-in
solution for existing JAAS-enabled applications that wish to support
authentication using LDAP. See LDAPLoginModule for more information.

x.. Default SSLContext

Added the static method getDefault() and setDefault() to SSLContext.
getDefault() returns the default SSLContext, which is initialized in an
implementation specific fashion, for example using system properties.
setDefault() allows an application to programmatically set the default
context to any initialized SSLContext object.

y.. SSLParameters

The new SSLParameters class encapsulates the configuration parameters of
an SSL endpoint, in particular the ciphersuites, protocol versions, and for
servers the client authentication requirements. They can be applied with a
single call to SSLSocket.setSSLParameters() or SSLEngine.setSSLParameters().
 
Bill Sanderson MVP said:
I'm not sure what you saw--when I followed those different links, I ended up
at the right place--but maybe that's just cause I "knew" where I was going!

Someone else has just told me that 1.5.8 and above is the better
recommendation--but I agree that you are fine now.

-- Bill, I responded back to Randy and apologised for mistakenly referring to the JDK download. I checked out his link again and it does show JRE 12.51MB. Without these forumns I would have downloaded JDK rather than Jre.
 
You are absolutely right: you do not HAVE to install JRE 6. But I do not
understand why anybody WANTS to install an old version (1.5.09), when in
fact two newer versions (1.5.10 and 1.6.0) are already available.

Also, for people with slower download capabilities, 1.6.0 is a much
smaller download than 1.5.x.
 
Pat,

I am not saying that anyone who has a version below 1.5.09 should install
it. Of course you should install 6.x BUT if you have just installed 1.5.09
or 1.5.10 I don't think you Need to run out and get 6. This is a lot of
trouble on a modem. Also the new versions don't uninstall the old versions.
It's bad enough that I'm a member of the MS Patches of the Month Club. I
don't want to join the Java Update of the Week Club. If a flaw is found in
1.5.09 I will of course update it. I think that is the point of the Secunia
site. It lets you know if your version is Vunerable and Needs updating, Not,
"There's a new version out, get it NOW.

I just uninstalled 1.4.xx only to find its installer still hidden in :
C:\Documents and Settings\Tim\Application Data\{2hkljkujlgafblablabla..}
from a year and a half ago.
I also just found the 1.5..0_09 .msi installer in:
C:\Documents and Settings\Tim\Application Data\Sun\Java
I will let it sit in my TrashBin for a few days and delete it unless someone
can tell me why I need it.

Just my opinon,
?:-)
Tim
 
Tim,

In olden times, multiple versions of the JRE may have been needed;
that's why old versions were not automatically installed. Since version
5 (1.5.x) this should no longer be required, and the installer should at
least *ask* whether or not to keep old versions. Unfortunately it does
not, and I am sure that most "normal" users (who get the update
notification through the JRE) have all previous versions still
installed. Unfortunately there is nothing we can do about that.

Regarding the installers: it may be necessary to keep the one that you
have actively installed (1.5.0-09), otherwise you may not be able to
uninstall it. I'm sure you can get rid of the 1.4.x uninstaller.
 
Back
Top