HP-UX Java™ JDK, JRE, and Plug-In Version 6.0.03 Release Notes

» Back to JDK, JRE, and Plug-In 6.0 Release Notes

HP-UX Java™ JDK, JRE, and Plug-In Version 6.0.03 Release Notes

»	Overview

»	Features

	»	New in the 6.0.03 Release

	»	HotSpot 6.0.03 Server JVM

	»	Allocation Site Statistics and Zero Preparation -Xverbosegc

	»	IPv6 support on JDK 6.0.03 (change in default protocol)

»	Installation

	»	Patches

	»	HP-UX system requirements

	»	Web browser requirements

	»	Installation instructions

	»	File structure JDK/JRE

	»	File structure Runtime Plug-in

»	Usage documentation

	»	Removing support for unwanted architectures in the JRE

	»	Using wdb to examine backtraces in Java thread stacks

	»	Support for C++ applications built with -AA and -AP options (PA-RISC only)

	»	Using Java 2 JNI on HP-UX

	»	Garbage collection

	»	Asian TrueType fonts and Asian locales

	»	Date/Time methods defaults

	»	Profiling

	»	Compatibility with previous releases

	»	Java Cryptography Extension (JCE) policy files

	»	Configuring the Runtime Plug-In

	»	CLASSPATH environment variable

	»	Java Web Start technology usage

	»	Upgrading from a previous Java Web Start version

	»	IPv6 support on Java 6.0

	»	Additional Java Web Start documentation

	»	Additional HP and Sun Java documentation

»	Problem fixes and known issues

	»	Defects fixed in the JDK 6.0.03 release

	»	Supplementary characters display as empty boxes (11i HP Integrity and HP 9000 PA-RISC)

	»	Initializing a JVM instance with JNI_CreateJavaVM() or attaching to JVM with AttachCurrentThread() on HP Integrity

	»	Using compiler safepoints (HP-UX 11.11 (11i v1) PA-RISC)

	»	shl_load HotSpot libjvm problem due to TLS (HP-UX PA-RISC 32-bit only)

	»	Using linker option +noenvvar and +compat on HP Integrity and PA-64 systems

	»	Running Java with setuid or setgid on HP Integrity and PA-RISC

	»	Running Aries HP Integrity (Itanium) emulation on PA 2.0

	»	Using -XX:+TaggedStackInterpreter option on HP-UX PA-RISC

	»	gdb `java heap-histogram` command fails in JDK 6.0.03

	»	PA-RISC 32-bit applications will use both `LD_LIBRARY_PATH` and `SHLIB_PATH`

»	Security Bulletin alerts included in this release

Overview

Java Platform, Standard Edition 6 (Java SE 6) for HP-UX provides tools for developing and deploying 32-bit and 64-bit Java applications on HP-UX 11i HP Integrity and HP 9000 PA-RISC systems. See HP-UX system requirements for information about which HP-UX releases are supported.

Release notes are no longer included in the software kit, and instead, this online version is your source of information for the release. It has the most up-to-date information, especially regarding known defects, so you may want to check it occasionally for updates. Information about the Runtime Plug-in and Java Web Start are also included in these release notes.

Two principal products are delivered with the Java Platform, Standard Edition 6:

Java SE 6 Runtime Environment 6 (JRE)
The JRE provides the libraries, HotSpot Java virtual machine, and other components necessary for executing a Java application. You may include the JRE with your Java applications as long as you adhere to the HP software license agreement and supplemental restrictions provided in the license file. One requirement is that you must include all of the runtime environment files provided by HP.
The JRE is included in the JDK download package and also provided as a separate product. Both the Runtime Plug-in and the Java Web Start technology are packaged with the JRE.
Java SE Development Kit 6 (JDK)
The JDK is a superset of the JRE and includes additional tools such as compilers and debuggers necessary for developing applets and applications. The JDK download package includes the JRE.

Features

The Java Platform, Standard Edition 6 is a major release. It includes many new features, enhancements, and updates, and also preserves upward compatibility with previous releases.

Following is a list of some of the new features in Java SE 6:

Java Programming Language and Tools API
- Framework for compiling source files from within an application
- Standardized capabilities of existing annotation processing tool
Security and Networking
- XML digital signatures
- Smart Card I/O API
- Default cookie manager implementation
- Internationalization domain names and resource identifiers
- Programmatic access to network parameters
Java Management Extensions (JMX)
- Improved JMX Monitor API using a thread pool
- MBean descriptor support beyond Model MBean
- User-defined MBeans for applications
Serviceability
- Continued investment on diagnosing, monitoring, and management
- Improved monitor and diagnostics for locks
- Improved jconsole
- Improved diagnosing of java.lang.OutOfMemoryError
- Improved thread dumps of running applications
- JVMTI and JPDA improvements

For a complete list of Java SE 6 features, click Features and Enhancements. The "What's New in Java SE 6" article by Danny Coward also provides additional information.

New in the 6.0.03 Release

HP's JDK/JRE 6.0.03 release includes the following new features:

Sun Microsystems' 6u10 release (Please note that on occasion HP backports a defect fix from a Sun release that has not yet been merged into our current sources. Therefore, a Sun defect may be fixed in an HP release even though the Sun release that contains the fix is not part of the HP release.)
Sun Microsystems' 6u11 Security Bulletins
HotSpot 6.0.03 Server JVM
IPv6 support on JDK 6.0.03

HotSpot 6.0.03 Server JVM

All -X options supported in earlier HotSpot JVMs are included in HotSpot 6.0.03. Performance, tool support, tool enhancements, and features are documented at http://java.sun.com/javase/6/docs.

The HotSpot 6.0.03 Server JVM for HP-UX 11i for HP Integrity and HP 9000 PA-RISC systems is suitable for both client and server workloads. The Server VM is invoked with configuration options that suit client-side applications.

Note: For some applications running on HP 9000 PA-RISC systems, HotSpot 6.0.03 Server JVM provides a substantial performance improvement over HotSpot 6.0.01 Server JVM. HP recommends that you use HotSpot 6.0.03 Server JVM on HP 9000 PA-RISC systems.

The JDK 6.0.03 HotSpot 6.0.03 Edition supports the APIs core to the Java 2 platform, among them Remote Method Invocation (RMI), nonblocking I/O APIs, the Collections Framework, and IPv6. The Java 2 Platform version 6.0 API Specification is available at http://java.sun.com/javase/6/docs/api/index.html.

The JDK 6 Adoption Guide will help users upgrading from JDK 5 to JDK 6. This guide may be found at http://java.sun.com/javase/6/webnotes/adoption/adoptionguide.html.

Following is a partial list of the functionality that the HotSpot 6.0.03 Server JVM provides:

Java Platform Debugger Architecture (JPDA)
The JPDA for HP-UX is a multitiered debugging architecture that allows tools developers to easily create debugger applications which run portably across platforms, virtual machine (VM) implementations, and SDK versions. It has three layers:
- JVMTI - Java VM Tool Interface:
  This interface was new in JDK 5; it replaced JVMDI, which was removed beginning with the 6.0 release. It defines the debugging services a VM provides.
- JDWP - Java Debug Wire Protocol
  This protocol defines the communication between debuggee and debugger processes.
- JDI - Java Debug Interface
  This interface defines a high-level Java language interface which tool developers can easily use to write remote debugger applications.
For usage information, refer to Sun's connection and invocation details at: http://java.sun.com/javase/6/docs/technotes/guides/jpda/conninv.html.
Nonblocking I/O APIs
Introduced in 1.4.1, they are now part of the Java system libraries under the package java.nio. The previous implementation of I/O multiplexing using the class com.hp.io.Poll is still being included for backward compatibility. We encourage you to upgrade and use the features provided through the new java.nio package.
IPv6 support on PA-RISC and Integrity
See IPv6 (Internet Protocol version 6) Support in the HP-UX Programmer's Guide for Java 2 for usage information.
HP debugger wdb support
HP's wdb 3.0.02 and later debuggers may be used to examine backtraces containing mixed language frames (Java and C/C++) in Java thread stacks. This simplifies debugging the VM and Java mixed-language applications. For more information, see "Using wdb to Examine Backtraces in Java Thread Stacks" in the HP-UX Programmer's Guide for Java 2 at: Debugging#wdb_debug
-Xeprof option:
Generates profile data for HPjmeter. Zero preparation profiling is available. For syntax and use, refer to the HP-UX Programmer's Guide for Java 2 at: HotSpot Technology Tools and Commands#-Xeprof
Large heap sizes for 32-bit JVM/JRE
Heaps up to 3.5 GB are supported on HP-UX 11i v2 (11.23) with no patches required and up to 3 GB on HP-UX 11i v1 (11.11 PA) with patches. Refer to the sections on expanding memory in the HP-UX Programmer's Guide for Java 2 at: Expanding Memory
64-bit mode
Supported with the -d64 option. For more information, refer to the HP-UX Programmer's Guide for Java 2 at: HotSpot Technology Tools and Commands#-d64
The -XX:+HeapDump option can be used to observe memory allocation in a running Java application by taking snapshots of the heap over time
Using the _JAVA_HEAPDUMP=1 environment variable allows memory snapshots to be taken without modifying the Java command line. For more information, refer to the HP-UX Programmer's Guide for Java 2 at: HotSpot Technology Tools and Commands#-XX:+HeapDump
-XX:+HeapDumpOnOutOfMemoryError
The HeapDumpOnOutOfMemoryError command line option causes the JVM to dump a snapshot of the Java heap when an Out Of Memory error condition has been reached. This option does a full garbage collection before dumping the heap, so you may not see what caused the heap to fill. For more information, refer to the HP-UX Programmer's Guide for Java 2 at: HotSpot Technology Tools and Commands#-XX:+HeapDumpOnOutOfMemoryError

Allocation Site Statistics and Zero Preparation -Xverbosegc

NOTE: To properly view Zero Preparation -Xverbosegc and Allocation Statistics information, you must use HPjmeter 3.1 or later.

Starting with this release, you can prompt the JVM to emit HP -Xverbosegc information for Java applications started without -Xverbosegc. Zero Preparation -Xverbosegc allows you to obtain -Xverbosegc information from the JVM by sending the running Java program a SIGPROF signal. For example, assuming the running Java process ID is 6754, then, executing either of the two actions listed below prompts the JVM to start emitting detailed HP -Xverbosegc information:

kill -21 6754
kill -s sigprof 6754

Issuing a second SIGPROF signal to the running Java program prompts the JVM to stop emitting the -Xverbosegc information. Similarly, issuing yet another SIGPROF signal to the running process prompts the JVM to start issuing -Xverbosegc information one more time.

Additionally, starting with this release, and only if you had started the Java application with
-XX:+PrintAllocStatistics, when zero preparation -Xverbosegc is enabled as specified in the previous paragraph, the JVM also emits detailed allocation site statistics.

If you start your application with -XX:+PrintAllocStatistics, and if you do not specify
-Xverbosegc, or send the running process a SIGPROF signal, then the JVM will emit allocation site statistics to standard out when the application terminates. (That is, when the Java process stops running.) If you do not want to wait for the application to terminate, or if the application is designed to be long running (or does not terminate), then you can obtain allocation site statistics by sending the running Java program a SIGPROF as described above.

Unlike -Xverbosegc information emission in zero preparation mode, which is started with a SIGPROF and stopped with a second SIGPROF, when -XX:+PrintAlocStatistics is specified, allocation site statistics is emitted every time the JVM receives a SIGPROF.

When -XX:+PrintAllocStatistics is specified along with -Xverbosegc, allocation site statistics data are directed to the same output specified for HP -Xverbosegc. If no output file is specified, allocation site statistics are directed to standard out (to the terminal where the program was started from). When -XX:+PrintAllocStatistics is specified alone (without -Xverbosegc on the command line), allocation site statistics are directed to standard out (to the terminal).

When a SIGPROF signal is sent to a running Java process that was originally started with
-XX:+PrintAllocStatistics on the command line, the SIGPROF signal will also enable -Xverbosegc data collection if -Xverbosegc was not specified on the command line when the program was started, and the output of both -Xverbosegc and allocation site statistics is directed to a file created for you by the JVM. The name of the file created by the JVM has the following format: java_<pid>.vgc. Where <pid> is the Java process id.

The following table lists all possible permutations and corresponding locations of emitted data for both allocation site statistics and zero preparation -Xverbosegc.

Action	JVM Flags Specified	Allocation Site Statistics Data Location
No special action taken	`-XX:+PrintAllocStatistics` `-Xverbosegc`	Standard out
No special action taken	`-XX:+PrintAllocStatistics` `-Xverbosegc:file=mydata.vgc`	Same location as -Xverbosegc data file (`mydata.vgc`)
No special action taken	`-XX:+PrintAllocStatistics`	Standard out
`'kill -21 <pid>'`	`-XX:+PrintAllocStatistics`	JVM will create a file for you, file name format is: `java_<pid>.vgc`
`'kill -21 <pid>'`	`-XX:+PrintAllocStatistics` `-Xverbosegc`	Standard out
`'kill -21 <pid>'`	`-XX:+PrintAllocStatistics` `-Xverbosegc:file=mydata.vgc`	Same location as -Xverbosegc data file (`mydata.vgc`)
`'kill -21 <pid>'`	`-Xverbosegc`	Standard out
`'kill -21 <pid>'`	`-Xverbosegc:file=mydata.vgc`	Same location as -Xverbosegc data file (`mydata.vgc`)

Sending multiple SIGPROF signals to a running Java process produces multiple allocation site statistics dumps and the JVM dumps the buffered data immediately after the SIGPROF is received. Allocation site statistics counters inside the JVM are reset after each SIGPROF induced the dump of the data. HPjmeter consolidates data from multiple allocation site statistics dumps into one report that is presented in a new tab in the -Xverbosegc data visualizer.

Allocation sites can originate from interpreted as well as compiled Java code, when specifying -XX:+PrintAllocStatistics, and only allocations coming from compiled code are reported. The Java Virtual Machine detects and compiles the application’s (and JDK's) most active Java methods as early as possible. Though reporting allocation sites originating from compiled code is only incomplete from a comprehensive reporting point of view, it does always report the most active allocation sites (the sites most likely to cause GC performance problems).

IPv6 support on JDK 6.0.03 (change in default protocol)

Prior to JDK 6.0.03, the IPv4 protocol stack was the default. Starting with JDK 6.0.03, the IPv6 protocol stack is the default.

To turn off IPv6 support, you need to set the system property as follows:

java.net.preferIPv4Stack=true

Or, at the Java command line, you can use the option:

-Djava.net.preferIPv4Stack="true"

Beginning with JDK 6.0.03, you can use the properties file:
{JAVA_HOME}/jre/lib/net.properties
to set
java.net.preferIPv4Stack=true

For more information on IPv6 support, see IPv6 support on Java 6.0.

Installation

Patches

*** REQUIRED JAVA 6.0 PATCHES ***

Some patches are required for JDK and JRE 6.0.03. First, the Java 5.0 Quality Pack patches must be installed. Refer to Patch Information and follow the Java 5.0 recommendations.

Second, a linker patch is also required. The patch id is PHSS_35385 for 11.11 systems, PHSS_37201 for 11.23 systems, and PHSS_37202 for 11.31 systems. This patch fixes a problem loading libjli.sl.

*** IMPORTANT NOTE FOR JAVA 6.0 setuid/setgid USERS! ***

If you use setuid/setgid, you will need to install patches and set up /etc/dld.sl.com to run your application. More details can be found in the Running Java with setuid or setgid on HP Integrity and PA-RISC section.

*** IMPORTANT NOTE FOR PA-RISC CUSTOMERS ON HP-UX 11i v1 (11.11)! ***

Patch PHNE_35183 (or its superseding patch) must be installed for HP-UX 11i v1 (11.11) PA-RISC; this patch solves socket problems that may cause hangs. Additionally, pthreads patch PHCO_36229 (or its superseding patch) must also be installed. These patches are not required for Integrity systems or PA-RISC systems running HP-UX 11.23 or 11.31. To determine whether these patches have been installed on your machine, log in as root and check your machine with:

/usr/sbin/swlist -l product

The required patches change frequently and may include patches other than those listed in these release notes. To ensure that you have installed all of the required and recommended patches needed, visit the Java Required Patches web page at Patch Information.

HP-UX system requirements

HP Integrity servers: Integrity servers running HP-UX 11i v2 or v3 (11.23 or 11.31) are supported. Refer to the following website for more information about HP Integrity servers: HP Integrity Servers.

HP PA-RISC 9000 systems: Java 6.0 is supported on all PA-RISC 2.0 machines running HP-UX 11i v1 (11.11), 11i v2 (11.23), or 11i v3 (11.31).

Web browser requirements

The only web browser supported for the Java 6.0 Plug-in is Mozilla/Firefox for HP-UX version 1.5.0.00 or later. Netscape is not supported.

Installation instructions

On Integrity systems, approximately 446 MB of disk space is needed to download and install JDK 6, which includes JRE 6. JRE 6 alone, which includes the Runtime Plug-in and Java Web Start technology, needs approximately 296 MB. On PA systems, approximately 360 MB is needed for JDK 6 and approximately 218 MB is needed for JRE 6.

Note that beginning with JDK 5.0, HP provides the Runtime Plug-in as part of the JRE depot. Therefore, when you install the JRE, the Plug-in is installed automatically.

The HP-UX JDK, JRE, and Plug-in for Java SE 6 install under /opt/java6. Use the following SD-UX swinstall command (logged in as root) to install the software:

/usr/sbin/swinstall

This command will lead you through the installation. Change Source Depot Type to Local Directory and Source Depot Path to /tmp/<filename>. It is recommended that you select the Reinstall filesets and unselect the Mount filesystems option from the options menu.

WARNING: Do not unarchive rt.jar, charsets.jar, jpda.jar, tools.jar, jce.jar, and jsse.jar. These files are needed by the JDK tools and the runtime environment.

Add the directory /opt/java6/bin to your PATH.

For information on setting important system parameters required for correct execution of Java programs, refer to the HP-UX Programmer's Guide for Java 2 at Programmer's Guide for Java™ 2.

Installing into an alternate location

To install the software into an alternate location, add @/<alternatedirectory> to the end of the swinstall line, and add the alternate directory to your PATH. For example:

/usr/sbin/swinstall -s <download> \* @/<alternatedirectory>

SD-UX prepends <alternatedirectory> to the default product path. Java will therefore install in /alternatedirectory/opt/java6.

If you want your Java home directory in <alternatedirectory> without the /opt/java6 directories, you need to install into a temporary directory, and then move the directories to where you want them.

For example:

swinstall -s <download> \* @/<temporarydirectory>
mv <temporarydirectory>/opt/java*/* <finalalternatedirectory >

Or you can install and link to the directories.

For example:

swinstall -s <download> \* @/<actualdirectory>
ln -s <finalalternatedirectory> /<actualdirectory>/opt/java*

You will notice that the two files, <alternatedirectory>/etc and <alternatedirectory>/var are created. You can purge these files since they do not apply to a product installed in an alternate location.

File structure JDK/JRE

The following diagram displays an abbreviated form of the file structure:


 java6

     |	 
  ___|________________________________________________ 
   |        |          |            |           |         

  bin      lib        jre          demo      include  
   |        |          |

  java    tools.jar    | 

  javac   dt.jar       |

  javadoc ir.idl       |

  javah   jconsole.jar |

  javap   orb.idl      | 

  javaws               |
  jdb                  |
  jhat                 |
  jrunscript           |
  rmid                 |
  tnameserv            |
  wsgen                |
  :                    |

                     __|_____________________________  
                     |                             |

                    bin                           lib

                     |                             |
                    java                           |
                    rmid                           |
                    tnameserv                      |
                    :                              |
                                                   |

                              _____________________|__________________________________________  

                             |       |    |         |        |         |            |        |
                          rt.jar     zi   security  ext      PA_RISC2 PA_RISC2.0W IA64N   IA64W 
                          charsets.jar    |         |     |__|___________|__________|________|___
                          deploy.jar      jar and   jar      |           |          |        |
                          jce.jar         policy    files  server      server     server   server
                          jss2.jar        files
                          :

The tools are under opt/java6/bin and the libraries are under opt/java6/lib. The tools.jar file contains the classes for supporting the tools and utilities. The file dt.jar contains the DesignTime archive of BeanInfo files.

The jre directory includes the Java runtime environment. The file rt.jar contains the runtime classes for the core API. The charsets.jar file contains the internationalization and localization classes and files. The security directory contains security management files.

The shared libraries used by the HP-UX platform are contained in the following directories:

PA_RISC2.0 PA-RISC 2.0 32-bit

PA_RISC2.0W PA-RISC 2.0 64-bit

IA64N Integrity 32-bit

IA64W Integrity 64-bit

The include directory contains the header files for supporting JNI and JVMDI.

File structure Runtime Plug-in

The Runtime Plug-in requires the shared library(ies) loaded by the Mozilla/Firefox browser, the remaining Runtime Plug-in files, and the JRE to be located in the following fixed relative position:

/opt/java6/jre Runtime plug-in and RTE files

/opt/java6/jre/plugin/PA_RISC2.0/mozilla Runtime Plug-in shared libraries loaded by Mozilla/Firefox browser

/opt/java6/jre/plugin/IA64N/mozilla IPF Runtime Plug-in shared libraries loaded by Mozilla/Firefox browser

/opt/java6/jre/plugin/desktop Java 6 support for desktop interfaces

If the JPI is installed in the default location, /opt/java6/jre, then the following links are created during the installation to allow the browser to locate the Runtime Plug-in shared library:

Runtime Plug-in PA-RISC installation:

/opt/mozilla/plugins/libjavaplugin_oji.sl -> \ 
    /opt/java6/jre/plugin/PA_RISC2.0/mozilla/libjavaplugin_oji.sl

Runtime Plug-in HP Integrity installation:

/opt/mozilla/plugins/libjavaplugin_oji.sl -> \ 
    /opt/java6/jre/plugin/IA64N/mozilla/libjavaplugin_oji.sl

If the Runtime Plug-in is installed in a non-default location, the system administrator needs to create similar links in order to enable Mozilla/Firefox to find the Runtime Plug-in. Or you may use the environment variable MOZ_PLUGIN_PATH for Mozilla/Firefox.

Information on Mozilla/Firefox for HP-UX can be found at Mozilla Web Browser for HP-UX Downloads and Documentation. Additional Plug-in documentation and FAQs can be found at http://java.sun.com/products/plugin.

Usage documentation

The Java for HP-UX Programmer's Guide at Programmer's Guide for Java™ 2 contains usage documentation for developers. There you will find information on HotSpot options, HP-specific options and features, suggestions and examples for allocating memory, how to use wdb to examine backtraces in Java threads, code examples for using Java Native Interface, and more.

For more information, refer to Sun Microsystems' Java HotSpot VM Options at http://java.sun.com/docs/hotspot/VMOptions.html.

Removing support for unwanted architectures in the JRE

Under the JRE license agreement, partners who redistribute the JRE may remove support for unwanted architectures. Functional components may NOT be removed under any circumstances. You may remove support for unwanted architectures as explained below.

The following commands assume that the JRE has been installed in the standard location, that is, /opt/java6/.

On PA-RISC, to remove 64-bit support:

/usr/sbin/swremove Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS

On HP Integrity, to remove 64-bit support:

/usr/sbin/swremove Jre60.JRE60-IPF64 Jre60.JRE60-IPF64-HS

PA filesets are not installed by default on HP Integrity. If you have installed them for some reason, they can be removed with:
```
/usr/sbin/swremove Jre60.JRE60-PA20 Jre60.JRE60-PA20-HS \
     Jre60.JRE60-PA20W Jre60.JRE60-PA20W-HS
```

Using wdb to examine backtraces in Java thread stacks

You can use HP's wdb 3.0.01 or later debugger (the GDB Debugger gdb) to examine backtraces containing mixed language frames (Java and C/C++) in Java thread stacks. This simplifies debugging JVM and Java mixed-language applications.

Set the environment variable GDB_JAVA_UNWINDLIB to the path name of the Java Unwind Shared Library libjunwind, which is in the JDK. The default location of the Java Unwind Library in the JDK is:

/opt/java6/jre/lib/PA_RISC/server/libjunwind.sl
/opt/java6/jre/lib/PA_RISC2.0/server/libjunwind.sl
/opt/java6/jre/lib/PA_RISC2.0W/server/libjunwind.sl
/opt/java6/jre/lib/IA64N/server/libjunwind.so
/opt/java6/jre/lib/IA64W/server/libjunwind.so

Here are two examples setting the environment variable (in the ksh):

For 64-bit PA2.0 machines:

export GDB_JAVA_UNWINDLIB=/opt/java6/jre/lib/\
PA_RISC2.0W/server/libjunwind.sl

For 64-bit HP Integrity machines:

export GDB_JAVA_UNWINDLIB=/opt/java6/jre/lib/\
IA64W/server/libjunwind.so

If you installed the JDK in a location other than the default, substitute the non-default location for /opt/java6 in the above commands. Then use wdb as usual to debug your Java applications or core files. See the tutorial slides on debugging native and Java code with wdb at Performance Tuning, Tutorials, & Training for help on how to use the new Java stack unwind functionality.

Support for C++ applications built with -AA and -AP options (PA-RISC) only

Java supports the -AA and -AP options to build C++ applications. On HP-UX 11.11 and later releases on PA-RISC systems, C++ uses the -AP runtime option by default. If you are using the ANSI Standard C++ runtime (-AA) option in an application that loads Java, you need to use the -AA version of libjvm and libfontmanager.

These are the Standard C++ Runtime version of these libraries:

./jre/lib/PA_RISC2.0/libjvm_v2.sl
./jre/lib/PA_RISC2.0W/libjvm_v2.sl
./jre/lib/PA_RISC2.0/libfontmanager_v2.sl
./jre/lib/PA_RISC2.0W/libfontmanager_v2.sl

Any native application must be either linked with or dynamically load these versions of the Java libraries if the C++ application is compiled using -AA.

The Standard C++ version of the JVM libraries are supported for PA_RISC2.0 and PA_RISC2.0W architectures only.

If the JVM is invoked through the standard Java driver, then use the -V2 option to use the Standard C++ runtime. For example:

java -V2 <javaprog>

Using Java 2 JNI on HP-UX

For C and C++ applications, it is important to link with the -mt (multithread) option if the application calls a Java VM. Both executables and shared libraries must be linked with -mt. Use of -mt must be consistent during both compilation and linking. For more information, refer to the Native (non-Java) calling Java methods section in the Programmer's Guide.

If you embed libjvm in a 32-bit native application and wish to use a large Java heap, you must link with the -N option. Refer to the Expanding heap size in native applications on PA-RISC HP-UX 11.11 and later releases and Expanding heap size in native applications on Integrity HP-UX 11.23 and later releases for more information.

Garbage collection

For documentation about garbage collection in JDK 6 refer to http://java.sun.com/javase/technologies/hotspot/gc/gc_tuning_6.html.

Asian TrueType fonts and Asian locales

Asian locales are supported by JDK 6 with TrueType fonts. For more details, refer to HP-UX Fonts and the Java™ Runtime Environment.

Date/Time methods defaults

The HotSpot JVM uses the gettimeofday() system call to obtain date and time information. For performance reasons a new mechanism that uses the number of CPU ticks since the application started is used to calculate the current time. As a result, changes to the system date or time using the date command, adjtime() function, or time synchronization utilities such as ntp will not be reflected in the date and time that the Java program returns until the process is restarted.

If your application requires that system time changes are immediately reflected, you can use the
-XX:+UseGetTimeOfDay option to tell the JVM to use the gettimeofday call instead of the new, lightweight mechanism. However you may notice a drop in performance.

Profiling

Currently a SIGUSR2 handler to support -Xeprof profiling and a SIGPROF handler to support future profiling capability are automatically installed. This may cause incompatibilities with other native code or profiling tools which use SIGUSR2 or SIGPROF. You can turn off both handlers by using the -XX:+ReduceSignalUsage option. If you do this, be aware that this option also turns off the SIGQUIT handler, and, therefore, you will not be able to get a Java stack trace.

You can turn off just the SIGUSR2 handler by using the -Xeprof:off option, thereby retaining the ability to get a Java stack trace using SIGQUIT. For more information about -Xeprof profiling, refer to the HotSpot Technology Tools and Commands chapter of the HP-UX Programmer's Guide for Java 2 at HotSpot Technology Tools and Commands.

Compatibility with previous releases

Sun Microsystems maintains upwards compatibility. Therefore, an application written for an older JVM will run on JDK 6.0. Downward compatibility is generally not supported because new APIs are introduced that do not run on earlier JVMs.

For more information about JDK 6 compatibility with JDK 5, refer to: http://java.sun.com/javase/6/webnotes/compatibility.html.

Java Cryptography Extension (JCE) policy files

Due to import control restrictions for some countries, the Java Cryptography Extension (JCE) policy files shipped with JDK 6.0 allow strong but limited cryptography to be used. These files are located at:

<Java-home>/lib/security/local_policy.jar
<Java-home>/lib/security/US_export_policy.jar

where <Java-home> is the JRE directory of the JDK or the top-level directory of the Java SE Runtime Environment. An unlimited strength version of these files indicating no restrictions on cryptographic strengths is available on the JDK website for those living in eligible countries. Those living in eligible countries may download the unlimited strength version and replace the strong cryptography jar files with the unlimited strength files.

Unlimited strength jurisdiction policy files may be downloaded from: http://java.sun.com/javase/downloads/index.jsp.

Configuring the Runtime Plug-In

For additional information on the Runtime Plug-In, refer to the Plug-In FAQs at Java™ Runtime Plug-in (JPI) for 1.3, 1.4, 5.0, & 6.0 Frequently Asked Questions and the Sun Java Deployment Guide for 6.0.

The JPI configuration was redesigned in the 5.0 release. For more information refer to Sun Microsystems' documentation at: http://java.sun.com/j2se/1.5.0/docs/guide/deployment/deployment-guide/jcp.html

CLASSPATH environment variable

A user's CLASSPATH environment variable can be passed by the JVM by running the Control Panel and specifying either '-cp' or '-classpath' in the Java Run Time Parameter box. You need to exit and rerun the browser for this change to take effect.

Java Web Start technology usage

Java™ Web Start is an application-deployment technology, which gives you the power to launch full-featured applications with a single click from a web browser. It is located in the jre directory. Some of Java Web Start's features include:

Runs independently of any browser, so you can shut down your browser or go to another web page and continue using your application.
Applications deployed with Java Web Start do not require a browser interface to operate.
Includes security features of the Java 2 platform.

The hardware and operating system requirements for using Java Web Start are the same as those recommended for Java SE platform implementation on which it runs.

Upgrading from a previous Java Web Start version

Do NOT uninstall your previous version of Java Web Start (if you have one) before installing the new version. Uninstalling the previous version will cause the download cache to be cleared and all of the previously installed Java Web Start applications will need to be downloaded again.

This version will overwrite previous installations and automatically update browsers to use this new release. In order to reactivate a previous version after installing this new release, you must reinstall the old version. The configuration files and program files folder used by Java Web Start have not changed, so all your settings will remain intact after the upgrade.

IPv6 support on Java 6.0

IPv6 is a set of Internet Protocol specifications designed to provide enhancements over the capabilities of the existing IPv4 service in terms of scalability, security, mobility, ease-of-configuration, and real-time traffic handling.

For more information, see the Sun Microsystems' Networking IPv6 User Guide for J2SDK/JRE 1.4 (http://java.sun.com/j2se/1.4/docs/guide/net/ipv6_guide/).

HP-UX 11.11 (11i v1), 11.23 (11i v2), and 11.31 (11i v3) support dual protocol stacks: IPv4 and IPv6. IPv6 is not currently supported on HP-UX 11.0 or 11.22 (11i v1.5). In this JDK release, the IPv6 protocol stack is the default. To support IPv6, HP-UX 11.11 (11i v1) requires HP-UX patches; HP-UX 11.23 (11i v2) and 11.31 (11i v3) do not.

For the availability of HP-UX patches required for IPv6 support on HP-UX 11i, please see:
» Patch information
» TOUR Transition Patches for HP-UX 11i

Beginning with JDK 6.0.03, the IPv6 protocol stack is the default. To turn off IPv6 support, you need to set the system property as follows:

java.net.preferIPv4Stack=true

Or, at the Java™ command line, you can use the option:

-Djava.net.preferIPv4Stack="true"

Beginning with JDK 6.0.03, you can use the properties file:
{JAVA_HOME}/jre/lib/net.properties
to set
java.net.preferIPv4Stack=true

Additional Java Web Start documentation

More information, including developer documentation, can be found in Sun Microsystems' documentation at: http://java.sun.com/products/javawebstart/reference/index.html. Additionally, the Sun Java Deployment Guide for 6.0 at http://java.sun.com/javase/6/docs/technotes/guides/deployment/deployment-guide/contents.html also contains useful information.

Additional HP and Sun Java documentation

The following websites have additional information:

Java Troubleshooting Guide for HP-UX Systems

»	HP-UX Programmer's Guide for Java 2

»	Java Troubleshooting Guide for HP-UX Systems

»	Summary of new features and enhancements in 6.0

»	New Java 6.0 language features

»	Java 2 JDK tools and tool architecture

»	Java 2 platform version 6.0 API specification

»	Java 2 platforms and APIs - Authorized Books

»	Java tutorial and code camps

»	Java security and the Java platform

»	Java technologies

»	Plug-In documentation and FAQs

»	Mozilla Browser for HP-UX

Java manpages (located at/opt/java6/man)

Problem fixes and known issues

Problem fixes

Please note that improvements for using Concurrent Mark and Sweep (CMS) for garbage collection have been included in this release of JDK 6.0.03.

Known JavaSoft bugs are documented in the Sun Bug Database at http://developer.java.sun.com/servlet/SessionServlet?url=/developer/bugParade/index.jshtml
(login required).

This HP JDK 6.0.03 release includes enhancements and defects fixed in the 6.0 release.

Note that on occasion HP backports a defect fix from a Sun release that has not yet been merged into our current sources. Therefore, a Sun defect may be fixed in an HP release even though the Sun release that contains the fix is not part of the HP release.

Defects fixed in the JDK 6.0.03 release

HP defect	HP SR	Duplicate	JavaSoft ID	Description
QXCR1000882758	N/A	N/A	N/A	Use volatile for arraycopy
QXCR1000875780	N/A	N/A	N/A	Java : core within cmmCombineTransforms in libcmm.so library. : 6.0
QXCR1000873716	N/A	N/A	N/A	Enable IPv6 by default in 6.0

Known issues
Note: On HP Itanium servers, if the Aries option is set to -pa_os_cpu globally, HP-UX Java incorrectly runs PA binaries instead of IA binaries. This happens silently without any messages. The performance degrades by 2-3 times. The problem is fixed for JDK releases beginning with 6.0.01, but it is seen across previously released JDKs.

Below is some information on known problems for HP-UX 11i Integrity and HP 9000 PA-RISC systems. Some of the solutions require installing patches. For more information on locating and installing patches, go to: Patch Information.

Supplementary characters display as empty boxes (11i HP Integrity and HP 9000 PA-RISC)
Supplementary characters are not part of the HP-UX default TrueType fonts; therefore, they will not be available on HP-UX 11i PA-RISC or HP Integrity. If you try to display supplementary characters in Java 6.0, empty boxes will be displayed. You may use your own fonts to display supplementary characters, but you will need to edit the fontconfig.properties accordingly. For more information on editing font configuration files, refer to http://java.sun.com/j2se/1.5.0/docs/guide/intl/fontconfig.html

Initializing a JVM instance with JNI_CreateJavaVM() or attaching to JVM with AttachCurrentThread() on HP Integrity
The Java 6.0 stack size required to initialize a JVM instance with JNI_CreateJavaVM() or to attach to JVM with AttachCurrentThread() is greater than the HP-UX 11.23 and 11.31 (11i v2 and v3) HP Integrity pthread default of 256 KB. If you wish to call JNI_CreateJavaVM() or AttachCurrentThread() from a pthread, you need to create the pthread with a larger stack size, at least 512 KB. Stack overflow failures during JVM initialization are not always clearly reported as such, since the JVM may not have yet installed its handlers, and the failures may appear as random exceptions. The solution is make sure you have enough stack space.

Using compiler safepoints (HP-UX 11.11 (11i v1) PA-RISC)
Using compiler safepoints guarantees a more deterministic delay to stop all running Java threads before doing an operation requiring a safepoint synchronization, such as a garbage collection. The compiler safepoints feature is enabled by default beginning with Java 5.0. It uses a newer implementation than in previous releases which requires no HP-UX patches. It can be disabled with
-XX:-UseCompilerSafepoints.

shl_load HotSpot libjvm problem due to TLS (HP-UX PA-RISC 32-bit only)
The libjvm library for the HotSpot 1.4 JVM uses thread local storage (TLS). Currently, the dynamic loader that is used by shl_load does not support dynamically loading a shared library containing TLS when the library was not included in the link line.

You may need to load a library dynamically (using shl_load or dlopen) that contains TLS, such as libjvm.sl, without having linked your application against it. This might be the case if your application uses plug-ins.

The current workaround is a new linker feature LD_PRELOAD_ONCE.

To obtain the LD_PRELOAD_ONCE functionality, you need to install the patch (or the patch that supersedes it) shown below.

HP-UX 11.11 systems, install patch PHSS_35385
HP-UX 11.23 PA systems do not need a patch
HP-UX 11.31 PA systems do not need a patch

For more information on LD_PRELOAD_ONCE functionality and its limitations, read the manpage for dld.sl after you install the patch.

Note: In some cases, using LD_PRELOAD_ONCE with Java that uses the Java launcher program instead of the previously used Java launcher script, signal chaining for the actual Java program did not work as expected. If you experience this problem, we suggest you use the new environment variable, JAVA_PRELOAD_ONCE. In the top level driver, the value of JAVA_PRELOAD_ONCE is set to LD_PRELOAD_ONCE, so that the LD_PRELOAD_ONCE is set for the actual executable instead of the driver.

Using linker option +noenvvar and +compat on HP Integrity and PA-64 systems
If your application links with libjvm and uses the JNI interface APIs to load the JVM directly, do not use the linker options +noenvvar or +compat on HP Integrity or PA-64 systems.

Running Java with setuid or setgid on HP Integrity and PA-RISC
Running Java from setuid/setgid executables is restricted on HP-UX. In previous HP-UX releases, executing Java from a setuid/setgid environment was not allowed. Now it is allowed, but patches must be installed, the SHLIB_PATH and LD_LIBRARY_PATH environment variables must be set, and a configuration file must be set up.

The HP-UX 11i September 2005 Quality Pack patch bundle provided support for /etc/dld.sl.conf, which allows system administrators to specify a list of trusted paths on the system. When executing within a setuid environment, the dynamic loader will compare the paths in SHLIB_PATH/LD_LIBRARY_PATH against the list of trusted paths found in /etc/dld.sl.conf. If the path is a trusted path, then it will be used for library lookup.

Users can run Java from a setuid environment if the jre and jli paths are added to the /etc/dld.sl.conf file as shown below and the SHLIB_PATH/LD_LIBRARY_PATH is set.

cat /etc/dld.sl.conf:
<java6>/jre/lib/PA_RISC2.0
<java6>/jre/lib/PA_RISC2.0/server
<java6>/jre/lib/PA_RISC2.0/jli
<java6>/jre/lib/PA_RISC2.0W
<java6>/jre/lib/PA_RISC2.0W/server
<java6>/jre/lib/PA_RISC2.0W/jli
<java6>/jre/lib/IA64N
<java6>/jre/lib/IA64N/server
<java6>/jre/lib/IA64N/jli
<java6>/jre/lib/IA64W
<java6>/jre/lib/IA64W/server
<java6>/jre/lib/IA64W/jli

echo $SHLIB_PATH=<java6>/jre/lib/PA_RISC2.0:<java6>/jre/lib/PA_RISC2.0/server:
<java6>/jre/lib/PA_RISC2.0/jli:<java6>/jre/lib/PA_RISC2.0W:
<java6>/jre/lib/PA_RISC2.0W/server:<java6>/jre/lib/PA_RISC2.0W/jli:
<java6>/jre/lib/IA64N:<java6>/jre/lib/IA64N/server:<java6>/jre/lib/IA64N/jli:
<java6>/jre/lib/IA64W:<java6>/jre/lib/IA64W/server: <java6>/jre/lib/IA64W/jli

For more information on the /etc/dld.sl.conf file, check the manpage entry for dld.sl. This file is only referenced when the application is executing within a setuid environment.

On PA-RISC HP-UX 11.11 systems, users can launch Java from a setuid application if they install linker patch PHSS_35385 (or its superseding patch) on the system, set SHLIB_PATH and LD_LIBRARY_PATH, and set up /etc/dld.sl.conf as shown above.

On PA-RISC and Integrity HP-UX 11.23 and 11.31 systems, users can launch Java from a setuid application if they install linker patch PHSS_37201 (11.23), PHSS_37202 (11.31) or their superseding patches, set SHLIB_PATH and LD_LIBRARY_PATH, and set up /etc/dld.sl.conf as described above.

Running Aries HP Integrity emulation on PA 2.0
A patch is needed if you are using the Aries emulator to execute PA-RISC Java applications on Integrity systems running HP-UX 11.23 or 11.31. The patch corrects a defect which causes Java math calculations to produce incorrect results. This defect is fixed by installing the following patch or any patch that supersedes it:

HP-UX 11.23 PHSS_35528
HP-UX 11.31 PHSS_36311

Using -XX:+TaggedStackInterpreter option on HP-UX PA-RISC
Use of this option has known issues in HP-UX PA-RISC JDK 6.0.03 which can cause an application hang or crash. At this time, HP is recommending not to use this option until a later release.

This option can be safely used with HP-UX Integrity JDK 6.0.03.

gdb java heap-histogram command fails in JDK 6.0.03
The gdb java heap-histogram command fails in JDK 6.0.03. This issue will be fixed in a future release of JDK 6.

PA-RISC 32-bit applications will use both LD_LIBRARY_PATH and SHLIB_PATH
Prior to JDK 6.0, the jvm used shl_load to dynamically load shared libraries for PA-RISC 32-bit applications. SHLIB_PATH was searched; LD_LIBRARY_PATH was ignored.

Starting with JDK 6.0, the jvm uses dlopen instead of shl_load. As a result, for PA-RISC 32-bit applications, both LD_LIBRARY_PATH and SHLIB_PATH will be searched.

Environments which previously relied on the assumption that only SHLIB_PATH would be searched for PA-RISC 32-bit applications might need to modify the use of their LD_LIBRARY_PATH and SHLIB_PATH environment variables.

Security Bulletin alerts included in this release

Security Bulletins

The following Security Bulletin alerts are included in this release.

Alert ID	Title of the Alert	Bug ID : details
246266	Security Vulnerability in Java Runtime Environment May Allow Applets to List the Contents of the Current User's Home Directory	6484091 A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted applet or application to determine the name of files on the home directory of the user who is running the applet or application.
246286	Security Vulnerability in the Java Runtime Environment With Processing RSA Public Keys	6497740 A vulnerability in the Java Runtime Environment (JRE) with the processing of RSA public keys in digital signatures may be exploited to create a denial-of-service condition on a system that the JRE runs on.
244988	Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation	6707535 Java Web Start and Java Plug-in will recognize a file, such as an image file, which also includes the contents of a ZIP file, as a ZIP file containing Java code. This may be leveraged, in a blended attack, through first uploading such an image file, that contains malicious code, to a web site. The image file can then be run as an applet which may make network connections not otherwise allowed and hijack sessions (using cookies already set up in the user's browser).
244988	Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation	6716217 A vulnerability in the Java Runtime Environment (JRE) with applet classloading may allow an untrusted applet to read arbitrary files on a system that the applet runs on and make network connections to hosts other than the host it was loaded from.
244987	Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts May Allow Applets or Java Web Start Applications to Elevate Their Privileges	6726779 A buffer overflow vulnerability in the Java Runtime Environment (JRE) image processing code may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
244988	Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation	6727071 A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to determine the location of the Java Web Start cache and the username of the user running the Java Web Start application.
244988	Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation	6727079 A vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java Web Start application to make network connections to hosts other than the host that the application is downloaded from.
244988	Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation	6727081 A vulnerability in the Java Runtime Environment (JRE) with launching Java Web Start applications may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted application.
246366	Security Vulnerabilities in the Java Runtime Environment (JRE) JAX-WS and JAXB Packages may Allow Privileges to be Escalated	6592792 Vulnerabilities in the JAX-WS and JAXB packages in the Java Runtime Environment (JRE) where internal classes may be accessed may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
246346	A Security Vulnerability in Java Runtime Environment (JRE) With Authenticating Users Through Kerberos May Lead to a Denial of Service (DoS?)	6588160 A vulnerability in the Java Runtime Environment (JRE) with authenticating users through Kerberos may be exploited to create a denial-of-service condition on the system that is authenticating users.
244988	Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation	6694892 Java Web Start trusts unsigned JNLP files, without warning, for trusted signed applications. This may allow certain trusted operations to be performed, such as setting system properties.
246387	A Security Vulnerability in the Java Runtime Environment may Allow Code Loaded From the Local Filesystem to Access LocalHost?	6704154 The Java Runtime Environment allows code loaded from the local filesystem to access localhost. This allows code that are maliciously placed on the local filesystem and then subsequently run to have network access to localhost which would not otherwise be allowed if the code were loaded from a remote host.This may be leveraged to steal cookies and hijack sessions (for domains that map a name to the localhost).
245246	The Java Runtime Environment UTF-8 Decoder May Allow Multiple Representations of UTF-8 Input	4486841 The UTF-8 decoder in the Java Runtime Environment accepts non-shortest form sequences. While it is not a vulnerability in Java SE per se, it may be leveraged to attack systems running software that relies on the UTF-8 decoder to reject non-shortest form sequences. For example, sequences may be decoded into illegal URIs, which may then allow files that are not otherwise accessible to be read, if the URIs are not checked following UTF-8 decoding.
244986	The Java Runtime Environment Creates Temporary Files That Have "Guessable" File Names	6721753 The Java Runtime Environment creates temporary files that have guessable file names.
244991	A Security Vulnerability in the Java Runtime Environment (JRE) Related to Deserializing Calendar Objects May Allow Privileges to be Escalated	6734167 A vulnerability in the Java Runtime Environment (JRE) with deserializing calendar objects may allow an untrusted applet or application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
244987	Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts May Allow Applets or Java Web Start Applications to Elevate Their Privileges	6733336 A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
244990	A Buffer Overflow Vulnerability in the Java Runtime Environment (JRE) May Allow Privileges to be Escalated	6733959 A buffer vulnerability in the Java Runtime Environment (JRE) may allow an untrusted Java application that is launched through the command line to escalate privileges. For example, the untrusted Java application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted Java application.
244989	The Java Runtime Environment (JRE) "Java Update" Mechanism Does Not Check the Digital Signature of the JRE that it Downloads	6728071 The Java Runtime Environment (JRE) Auto-Update mechanism does not check the digital signature the JRE that it downloads.
244987	Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts May Allow Applets or Java Web Start Applications to Elevate Their Privileges	6751322 A buffer vulnerability in the Java Runtime Environment (JRE) with processing fonts may allow an untrusted applet or Java Web Start application to escalate privileges. For example, an untrusted applet may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
244987	Java Runtime Environment (JRE) Buffer Overflow Vulnerabilities in Processing Image Files and Fonts May Allow Applets or Java Web Start Applications to Elevate Their Privileges	6766136 A buffer overflow vulnerability in the Java Runtime Environment with processing GIF images may allow an untrusted Java Web Start application to escalate privileges. For example, an untrusted application may grant itself permissions to read and write local files or execute local applications that are accessible to the user running the untrusted applet.
244988	Multiple Security Vulnerabilities in Java Web Start and Java Plug-in May Allow Privilege Escalation	6767668 The BasicServiceshowDocument method allows untrusted Java Web Start applications that are downloaded from another system to request local files to be displayed by the users browser.

Java™ and all Java based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.