Software update: Sun Java 6.0 update 14

Sun has already released the fourteenth update for Java Standard Edition 6.0 for both the development kit and the runtime environment. The version designation has been fixed at 6.0 update 14 and the exact version number has been moved to 1.6.0_14-b08. The developers have added support for the second service pack of Windows Server 2008 and Windows Vista, among others. The list of changes for this fourteenth update is as follows:

Changes in 1.6.0_14 (6u14)

The full internal version number for this update release is 1.6.0_14-b08 (where “b” means “build”). The external version number is 6u14.

OlsonData 2009g
6u14 contains Olson time zone data version 2009g. For more information, refer to Timezone Data Versions in the JRE Software.

Security Baseline
6u14 specifies the following security baselines for use with Java Plug-in technology:
JRE Family Version 5.0 – Java SE Security Baseline 1.5.0_18 – Java SE for Business Security Baseline 1.5.0_18
JRE Family Version 1.4.2 – Java SE Security Baseline 1.4.2_19 – Java SE for Business Security Baseline 1.4.2_20
In December, 2008, Java SE 1.4.2 reached its end of service life with the release of 1.4.2_19. Future revisions of Java SE 1.4.2 (1.4.2_20 and above) include the Access Only option and are available to Java SE for Business subscribers. For more information about the security baseline, see Deploying Java Applets With Family JRE Versions in Java Plug-in for Internet Explorer.

Additional Supported System Configurations
For 6u14, support has been added for the following system configurations:

• Windows Server 2008 SP2
• Windows Vista with SP2

Service Tag Support
Service Tag support on Solaris and Linux was added in version 1.6.0_04. JRE 1.6.0_14 extends Service Tag support to Windows. If Service Tag software has been installed on a system where JRE 1.6.0_14 is being installed, a unique service tag is automatically created for that particular JRE instance. There is no change in the JDK/JRE installation instruction, and there is no change in the Java runtime. Service Tag software can be downloaded from Sun Inventory. JDK and JRE service tags allow installed instances of the JDK and JRE to be discovered and registered under a user’s account on Sun Connection.

Blacklist Jar Feature
Support for blacklisting signed jar files has been added to 6u14. A blacklist is a list of signed jars that contain serious security vulnerabilities that can be exploited by untrusted applets or applications. A system-wide blacklist will be distributed with each JRE release. Java Plugin and Web Start will consult this blacklist and refuse to load any class or resource contained in a jar file that’s on the blacklist. By default, blacklist checking is enabled. The deployment.security.blacklist.check deployment configuration property can be used to toggle this behavior. The blacklist entries are the union of the blacklist files pointed to by the deployment.system.security.blacklist and deployment.user.security.blacklist properties. By default, deployment.system.security.blacklist points to the blacklist file in the jre/lib/security directory, and deployment.user.security.blacklist points to a blacklist file that contains additional entries added by a user. The blacklist is a text file with the following format: ” attribute : value “. Each jar file on the blacklist is identified by the x-Digest-Manifest attribute where x is the name of the MessageDigest algorithm, and the value is the base64 encoded hash value of the Manifest. Comments are denoted by lines starting with the # (number) symbol.

Java HotSpot VM 14.0
6u14 includes version 14.0 of the Java HotSpot Virtual Machine, which provides improved reliability, serviceability and performance. Contributing to increased performance in this release are numerous enhancements to HotSpot’s optimizing compiler, more efficient SoftReference processing and improvements to Parallel Compacting garbage collection. Optionally available are two new features – escape analysis and compressed object pointers. A preliminary version of the new Garbage First (G1) garbage collector is also included.

• Optimization Using Escape Analysis
• Compressed Object Pointers
• Garbage First (G1) Garbage Collector

Improvement TreeMap Iteration
6u14 includes an experimental implementation of java.util.TreeMap that can improve the performance of applications that iterate over TreeMaps very frequently. This implementation is used when running with the -XX:+AggressiveOpts option.

JAXWS 2.1.6 and JAXB 2.1.10
JAX-WS 2.1.6 and JAXB 2.1.10 are integrated into JDK 6u14. You can find more details about the new features in the JAX-WS 2.1.6 changelog and in the JAXB 2.1.10 changelog. Refer also to CR 6803688.

JavaDB 10.4.2.1
6u14 contains the new 10.4.2.1 version of Java DB.

Java VisualVM Updates
6u14 contains the following updates to Java VisualVM:

• CPU usage and GC activity graph in the Monitor tab
• Table view in the Threads tab
• Command line options: –openpid, –openjmx, –openfile
• Compare Memory Snapshots action in the context menu
• Copy To Clipboard / Save To File buttons in the About dialog
• Monitoring IBM JVM via JMX connection
• Based on NetBeans Platform 6.5 and NetBeans Profiler 6.5
• Faster computation of references, and improved readability of path to GC root in HeapWalker
• Improved integration of the Visual GC tool

Issue with JDK Silent Installation
Prior to 6u14, the JDK installer was never fully supported silently. One of the side effects of silent JDK installation is that it does not install the public JRE. It used to cache/install a jre.msi file. Apparently some users have been using the jre.msi without our documentation or approval. As of 6.14, we no longer cache the file. As a workaround to the JDK not installing the public JRE when in silent mode, we recommend also bundling up and launching the stand-alone JRE installer from the java.sun.com download site. We intend to provide full silent JDK installer support in 6u15, under the following CR: 6845077 – silent JDK should install JRE/Java DB silently.

Possible Issue for Java Web Start Applications
In 6u14 Java Web Start, if you specify an insecure Java system property in a sandbox JNLP file, Java Web Start fails to launch and notifies that JARs in the sandbox JNLP file are not signed. A workaround is to remove the insecure property (which was ignored by all previous versions of Java Web Start). refer to CR 6845294.

Bug Fixes
This feature release does not contain any new fixes for security vulnerabilities to its previous release, Java SE 6 Update 13. Users who have Java SE 6 Update 13 have the latest security fixes and do not need to upgrade to this release to be current on security fixes.