Software update: Sun Java 6.0 update 11

Sun has already released the eleventh update for Java Standard Edition 6.0 for both the development kit and the runtime environment. The version designation has been fixed at 6.0 update 11 and the exact version number has been moved to 1.6.0_11-b03. The developers have improved the security of several components and fixed a list of bugs. The list of changes for this 11th update is as follows:

Changes in 1.6.0_11

The full internal version number for this update release is 1.6.0_11-b03 (where “b” means “build”). The external version number is 6u11.

OlsonData 2008i
This release contains Olson time zone data version 2008i. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baseline
This update release specifies the following security baselines for use with the original Java Plug-in technology:
JRE Family Version 5.0 – Security Baseline 1.5.0_17
JRE Family Version 1.4.2 – Security Baseline 1.4.2_19
For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Updated UTF-8 Charset Implementation
Due to security concerns, the UTF-8 charset implementation in the JRE has been updated to handle the non-shortest form of UTF-8 byte sequences, and this introduces an incompatibility from previous releases. For example, the byte sequence of 0xc0 0xaf for U+002f, which has the shortest form of 0x2f, is a malformed input to the decoding operation. More details regarding the Non-shortest form of UTF-8 can be found at UTF8-Shortest Form and UTF8 Specification.

OpenSolaris is Now Supported
Note that fonts for Asian locales are currently not supported. refer to 6767175 for details.

Windows Runtime Environment Installation (Patch-in-place vs. Static)
As of JDK 6u10, patch-in-place installation is the default, and the JRE installs itself in a directory called jre6. Previously, it would have installed itself in a directory called jre1.6.0_10. That is, by default, the jre6 directory is patched with the updated version. You can chose to statically install a JRE (for example, either 6u10 or 6u11) by means of the installer interface. For details, refer to Java Runtime Environment Windows Installation for JavaSE 6u10.

Root Certificates Included
Root Certificates are included in this release. The following root certificates have been added:

• Camera company root certificates
• T-systems root CA certificate (Deutsche Telekom Root CA 2)

Bug Fixes
This release contains fixes for one or more security vulnerabilities. For more information, please see Sun Alerts 244986, 244987, 244988, 244989, 244990, 244991, 244992, 245246, 246266, 246286, 246346, 246366and 246387.

Other bug fixes are listed in the following tables:

• hotspot – compiler2 – Data corruption dependent on -server/-client/-Xbatch
• java – char_encodings – UTF-8 decoder should adhere to corrigendum to Unicode 3.0.1
• java – classes_2d – Uncatchable recursive NullPointerException at sun.font.TrueTypeFont.open()
• java – classes_2d – D3D: serious rendering issues on Nvidia boards with driver version 178.13 on Vista
• java – classes_awt – IM candidate window is not shown until window is deactivated and reactivated again
• java – classes_security – Add Camerfirma root certificates to the JDK
• java – classes_security – Add t-systems root CA certificate (Deutsche Telekom Root CA 2) to the JRE
• java – classes_swing – JTree isExpanded should not call itself recursively
• java – classes_swing – Exception occurred on JFileChooser in Applet
• java – classes_util_i18n – (tz) Support tzdata2008i
• java – classes_util_logging – Calling LogManager.addLogger() and Logger.getLogger() cause deadlock
• java – debugger – ThreadReference.ownedMonitors() can return null
• java – install – Silent installs of the JRE don’t accept license agreement and shouldn’t download JavaFX Ext Jars
• java_plugin – compatibility – popcap – applet games fail to load
• java_plugin – plugin2 – REGRESSION:JSException throws when use LiveConnect javascript facility to navigate HTML elements
• java_plugin – plugin2 – Browser hang while reloading LiveConnect conformance tests on Unix platforms
• java_plugin – plugin2 – Desktop shortcuts for dragged applets from HTTPS servers do not relaunch and can not be customized
• java_plugin – plugin2 – Malformed 404s cause breakage of Java/JavaScript bridge and browser hangs

Java VisualVM Specific Bug Fixes

• 37 – Threads and heap window icons intersects with close button
• 53 – No action on Proxy Configuration button
• 91 – There is no close button on last threaddump tab
• 143 – NPE when opening coredump
• 145 – No exception logged in log file when new connection fails
• 151 – Validation failed, plugins are not trusted
• 164 – Wrong value of “Total loaded classes”
• 166 – Impossible to use TrayIcon with VisualVM
• 171 – Can’t see Profiler tab with OpenJDK
• 172 – Add support for HotSpot Express 13.0 and 14.0
• 174 – Path to libsaproc.so is incorrect
• 175 – Profiler class sharing warning displayed incorrectly
• 176 – Application sometimes reported as
• 177 – Confusing hint in empty JConsole Plugins Wrapper
• 178 – Applications tree unusable with GlassFish plugin installed
• 183 – Invalid content was found starting with element ‘class-path-extension’