News
Abstract
Support information for IBM® SDK, Java™ Technology Edition, Version 6 that is not available in the user documentation.
Content
The information to support IBM SDK, Java Technology Edition, Version 6 is available in the product documentation in IBM Knowledge Center.
Note: Support for IBM SDK, Java™ Technology Edition, Version 6 (J9 VM2.6) has ended for all platforms unless covered by an extended support contract or embedded in an IBM product that has not reached its own end of service date. End of service dates for the IBM SDK are shown in the JavaSDK developer center . End of service dates for all IBM software products are listed here .
InstallAnywhere installation packages
There are two types of InstallAnywhere package:
Installable
Installing these packages also configures your system, for example by setting environment variables. You must use a user account with ROOT authority to install this type of package.
Archive
Installing these packages extracts the files to your system, but does not perform any configuration. This type of package does not require ROOT authority to complete the installation.
More information on large page requirements for Linux
This information is supplementary to the "Configuring large page memory allocation topic" in the product documentation.
The JVM depends on the SYSV shared memory system calls shmget and shmat. If a request to allocate a large page failed, ensure that the values of the kernel parameters SHMMAX and SHMALL are sufficient for your operating system to allocate large pages.
SHMMAX: The maximum size of a shared memory segment, in bytes.
SHMALL: The total amount of shared memory in the system, in either bytes or pages.
Supplementary information is available for the following updates to this release:
- Service refresh 16, fix pack 65
- Service refresh 16, fix pack 60
- Service refresh 16, fix pack 30
- Service refresh 13, fix pack 2
- Service refresh 13, fix pack 1
- Service refresh 13
- Service refresh 12
- Service refresh 10, fix pack 1
To compare the IBM SDK functionality with Oracle build levels at each service refresh level, see
Comparative Oracle build levels
.
For information about security fixes, see
Security Alerts
.
For a list of the IBM fixes included, see
IBM SDK, Java Technology Edition, Version 6 fixes
.
To download the last service refresh, see
IBM developer kits
.
For information about the daylight saving time changes included in service refreshes and fix pack levels, see
Olson time zone updates
. Later updates can by applied using the
IBM Time Zone Update Utility for Java (JTZU)
.
Service refresh 16, fix pack 65
Support on z/OS platforms
The SDK is no longer supported on z/OS releases before v1.11. SDK support on z/OS v1.11, v1.12, and v1.13 is available only with a z/OS extended support contract.
Service refresh 16, fix pack 60
Out of memory exceptions when running applications with compressed references enabled
The Oracle CPU for January contains an update for
CVE-2018-2582
to fix vulnerabilities in the Hotspot virtual machine (VM) that might be exploited by Java web start applications and applets. Fixes are also applied for the OpenJ9 virtual machine. The fix increases the amount of low memory used for VMs that use compressed references. Customers who are running close to the maximum amount of allowed 32-bit memory might experience out of memory exceptions. A possible workaround is to use the -Xmcrs option to secure space in the lowest 4GB memory area for any native classes, monitors, and threads that are used by compressed references.
For more information about this option, see the "
-
Xcmrs" topic in the product documentation.
Security checking
To improve security, the security checks in the following APIs are now enabled by default, when the SecurityManger is enabled:
- com.ibm.jvm.Dump.JavaDump()
- com.ibm.jvm.Dump.HeapDump()
- com.ibm.jvm.Dump.SystemDump()
- com.ibm.jvm.Dump.SnapDump()
- com.ibm.jvm.Trace.set(String)
- com.ibm.jvm.Trace.snap()
- com.ibm.jvm.Trace.suspend()
- com.ibm.jvm.Trace.suspendThis()
- com.ibm.jvm.Trace.resume()
- com.ibm.jvm.Trace.resumeThis()
- com.ibm.jvm.Trace.registerApplication(String, String[])
- com.ibm.jvm.Trace.trace(<any parameters>)
You can disable security checking for these APIs by setting the following system properties on the command line:
- -Dcom.ibm.jvm.enableLegacyTraceSecurity=false
- -Dcom.ibm.jvm.enableLegacyDumpSecurity=false
Service refresh 16, fix pack 30
The URL for version 1.8 of the certified JCE FIPS guide on the Computer Security Resource Center website (mentioned in the "IBM JCE FIPS 140-2 Cryptographic Module Security Policy" topic in the product documentation) is now available:
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp2715.pdf
Service refresh 13, fix pack 2
This fix pack includes a change to the default value for the RMI property java.rmi.server.useCodebaseOnly from false to true, which might cause unexpected errors for applications that use RMI. For more information, see
http://docs.oracle.com/javase/7/docs/technotes/guides/rmi/enhancements-7.html
.
On Windows, improvements are made to the way that Runtime.exec decodes command strings. However, applications specifying commands that contain spaces in the program name, or that use quotation marks incorrectly, might fail to start. For more information, including guidance on resolving problems, see
http://www.oracle.com/technetwork/java/javase/7u21-relnotes-1932873.html#jaruntime
.
Service refresh 13, fix pack 1
This fix pack contains a security fix for the Oracle security vulnerability,
CVE-2013-0169
. For any further security fixes in this release, see
Security alerts
.
A security enhancement is included to correctly validate certificates on jar files of applications. After upgrading, a CertificateException occurs for any applications in one of the following scenarios:
- The application jar is not properly signed.
- The application jar has incorrect certificates.
- A certificate in the certificate chain is revoked.
To avoid these exceptions, make sure that your application jars are signed with valid certificates before upgrading from an earlier release. This issue relates to APAR IV38456.
Service refresh 13
Non-blocking registration of interested operations with selectors on the AIX operating system
In this release, the implementation of the registration of interested operations with the java.nio.channels.Selector class has been modified to avoid blocked threads.
In previous releases, this implementation could cause blocking of threads on the AIX® operating system. If a Java application used the java.nio.channels.SelectionKey.interestOps() method to register an interested operation with a Selector object that was engaged in a polling operation, the registering thread could be blocked. A thread that is blocked in this way can cause the application to hang or timeout. The following Java stack traces from such a situation show that the first thread is performing a poll operation, and the second thread is blocked:
3XMTHREADINFO "Thread-2" TID:0x31E65800, j9thread_t:0x31C9764C, state:R, prio=5
3XMTHREADINFO1 (native thread ID:0x2AA00A5, native priority:0x5, native policy:UNKNOWN)
4XESTACKTRACE at sun/nio/ch/PollArrayWrapper.poll0(Native Method)
4XESTACKTRACE at sun/nio/ch/PollArrayWrapper.poll(PollArrayWrapper.java:116)
4XESTACKTRACE at sun/nio/ch/PollSelectorImpl.doSelect(PollSelectorImpl.java:57)
4XESTACKTRACE at sun/nio/ch/SelectorImpl.lockAndDoSelect(SelectorImpl.java:69)
4XESTACKTRACE at sun/nio/ch/SelectorImpl.select(SelectorImpl.java:80)
4XESTACKTRACE at sun/nio/ch/SelectorImpl.select(SelectorImpl.java:84)
4XESTACKTRACE at BlockIntOpsReg.run(BlockIntOpsReg.java:18)
4XESTACKTRACE at java/lang/Thread.run(Thread.java:735)
3XMTHREADINFO "main" TID:0x30A65500, j9thread_t:0x301162D4, state:B, prio=5
3XMTHREADINFO1 (native thread ID:0x14A005F, native priority:0x5, native policy:UNKNOWN)
4XESTACKTRACE at sun/nio/ch/SelectionKeyImpl.nioInterestOps(SelectionKeyImpl.java:103)
4XESTACKTRACE at sun/nio/ch/SelectionKeyImpl.interestOps(SelectionKeyImpl.java:65)
4XESTACKTRACE at BlockIntOpsReg.main(BlockIntOpsReg.java:40)
This thread blocking was caused by the pollset implementation using a Java cache of limited size to store requests for registration of interested operations. When the cache reached its size limit, the implementation attempted to register all the requests in the Java cache into the native AIX pollset cache, which could result in blocked threads. From this release, the Java cache size is unlimited, and interested operations are registered just before the next poll operation, to avoid blocking of threads.
For more information about I/O polling on the AIX operating system, see the following developerWorks article:
Efficient I/O event polling through the pollset interface on AIX
.
Service refresh 12
PKCS11 security provider
A new library is available that allows the IBMPKCS11Impl provider to run on the Linux AMD64 platform.
Service refresh 10, fix pack 1
The following Oracle change is included with IBM SDK for Java version 6 service refresh 10, fix pack 1:
KeyboardFocusManager implementation
This change relates to Oracle security vulnerability
CVE-2012-0502
.
The KeyboardFocusManager specification explicitly allows a single, global KeyboardFocusManager for all applets. Some public methods are unsafe for such implementations.
As a result of the fix, the following methods now throw a java.lang.SecurityException if they are invoked on a java.awt.KeyboardFocusManager that is not the current java.awt.KeyboardFocusManager for the calling thread's context:
- java.awt.KeyboardFocusManager.setGlobalFocusOwner(Component focusOwner)
- java.awt.KeyboardFocusManager.clearGlobalFocusOwner()
- java.awt.KeyboardFocusManager.setGlobalPermanentFocusOwner(Component PermanentFocusOwner)
- java.awt.KeyboardFocusManager.setGlobalFocusedWindow(Window focusedWindow)
- java.awt.KeyboardFocusManager.setGlobalActiveWindow(Window activeWindow)
- java.awt.KeyboardFocusManager.setGlobalCurrentFocusCycleRoot(Container newFocusCycleRoot)
Tuning options for the Generational Concurrent (gencon) Garbage Collection policy
The -Xgc option can be used with a number of parameters to fine-tune garbage collection. The following options apply to the gencon policy:
-Xgc:scvNoAdaptiveTenure
This option turns off the adaptive tenure age in the generational concurrent GC policy. The initial age that is set is maintained throughout the run time of the Java™ virtual machine. See scvTenureAge.
-Xgc:scvTenureAge=<n>
This option sets the initial scavenger tenure age in the generational concurrent GC policy. The range is 1 - 14 and the default value is 10.
For more information about tenure age and the -Xgc option in the product documentation.
Comparative Oracle build levels
The following table indicates the Oracle FCS build level that has comparative functionality to recent releases of the IBM SDK:
IBM SDK 6 | Oracle Java 6 FCS build |
GA | Update 04 Build 04 |
Service Refresh 1 | Update 05 Build 13 |
Service Refresh 2 | Update 07 Build 02 |
Service Refresh 3 | Update 07 Build 02 |
Service Refresh 4 | Update 07 Build 02 |
Service Refresh 5 | Update 10 Build 33 |
Service Refresh 6 | Update 14 Build 07 |
Service Refresh 7 | Update 17 Build 02 |
Service Refresh 8 | Update 18 Build 07 |
Service Refresh 9 | Update 21 Build 06 |
Service Refresh 10 | Update 27 Build 05 |
Service Refresh 11 | Update 32 Build 05 |
Service Refresh 12 | Update 32 Build 05 |
Service Refresh 13 | Update 39 Build 02 |
Service Refresh 14 | Update 51 Build 09 |
Service Refresh 15 | Update 65 Build 11 |
Service Refresh 16 | Update 75 Build 13 |
Service Refresh 16 Fix Pack 1 | Update 81 Build 08 |
Service Refresh 16 Fix Pack 2 | Update 85 Build 13 |
Service Refresh 16 Fix Pack 3 | Update 91 Build 13 |
Service Refresh 16 Fix Pack 4 | Update 95 Build 11 |
Service Refresh 16 Fix Pack 7 | Update 101 Build 14 |
Service Refresh 16 Fix Pack 15 | Update 105 Build 15 |
Service Refresh 16 Fix Pack 20 | Update 111 Build 12 |
Service Refresh 16 Fix Pack 25 | Update 115 Build 12 |
Service Refresh 16 Fix Pack 30 | Update 121 Build 09 |
Service Refresh 16 Fix Pack 35 | Update 131 Build 14 |
Service Refresh 16 Fix Pack 41 | Update 141 Build 12 |
Service Refresh 16 Fix Pack 45 | Update 151 Build 10 |
Service Refresh 16 Fix Pack 50 | Update 161 Build 13 |
Service Refresh 16 Fix Pack 60 | Update 181 Build 10 |
Service Refresh 16 Fix Pack 65 | Update 191 Build 09 |
Service Refresh 16 Fix Pack 70 | Update 201 Build 07 |
Service Refresh 16 Fix Pack 75 | Update 211 Build 11 |
Was this topic helpful?
Document Information
Modified date:
24 January 2019
UID
swg21587401