Java Developers Kit, Version 1.0.2

Changes Since the JDK 1.0.1 Release

Dozens of bugs were fixed since JDK 1.0.1--the significant ones are listed below. For historical purposes, you may want to review the changes from JDK 1.0 to JDK 1.0.1 as well.

Bug Fixes and Code Changes in 1.0.2

Following are lists of the most critical fixes and changes that may impact you as a developer.

Security Fixes

Fixed classloader bug that allowed an applet to invoke its own class loader.
A bug in the implementation of the classloader could be exploited by an applet to create a class loader. Given the ability to create a class loader, an applet could potentially subvert the applet security sandbox in a number of ways. The researchers at Princeton demonstrated a way for an applet to use the rogue class loader to subvert the type system, generate machine code, jump to the newly generated code, and execute the newly generated code.
This classloader bug was published on the internet on March 22, 1996, by Ed Felten, Drew Dean, and Dan Wallach.
Tightened the network security policy for applets.
In a network where hosts inside the firewall cannot get IP information about hosts outside the firewall, applets will by default be unable to initiate network connections to outside hosts. This includes retrieving files (animator), querying its server for information (stock tickers) and retrieving additional class files (sort demo). This is also the default policy in Netscape Navigator 2.01 and 2.02.
If you are running a browser behind a firewall and you can't run applets, there are three possible workarounds you can try. JavaSoft is actively working on a better, long-term solution to the problem of providing secure DNS name resolution.
1. Ask your system administrator to configure the proxy (or firewall) so that it returns the DNS-resolved IP address for a computer outside the firewall, in response to a query from a client behind the firewall. The mechanics of how to do this securely depend on how your firewall is configured and are site-specific.
2. Supply the numerical IP address in the codebase parameter of the applet HTML tag. For example, if the Java .class file for the Animator applet resides on a computer with the IP address 123.123.123.123, then an HTML tag like this should enable you to access the applet:
  <applet code=Animator codebase="123.123.123.123" height=10 width=10> </applet>
3. JDK AppletViewer Only -- A new property called trustProxy, when set to true, enables applets to connect to their host of origin even when the numerical IP address of the host cannot be determined. This approach should only be taken if there is reason to believe that the proxy server always maps a given hostname to the same IP address, or if the risk of this attack is acceptable to your network administrator. Netscape Navigator does not read the ~/.hotjava/properties file, so setting the trustProxy switch will not affect the behavior of NN2.01 or NN2.0.2.
Refer to the Security FAQ for more details on the DNS-related attacks, fixes, and workarounds.
See also http://home.netscape.com/newsref/std/java_security.html for more information about the security features of Netscape Navigator.
Tightened DNS hostname resolution in AppletViewer.
Changed AppletViewer's HttpClient to use IP addresses instead of hostnames, in all cases. Previously, if an IP address could not be obtained (because DNS name resolution for computers beyond a firewall was not available to computers behind a firewall), then HttpClient used the URL of the applet when establishing network connection.
This change to HttpClient prevents a potential security attack in AppletViewer. The attack relies on a computer on the Internet having the exact same name as a computer behind your firewall. For example, an applet on the computer named "xyz.com" could potentially connect to a computer behind your firewall that is also named "xyz.com."
Protected a client's hostname from applets.
Implemented security check for applets in InetAddress.getLocalHost(). Applets were previously able to report the hostname and IP address of the client machine. This violates current firewall security procedures.
getLocalHost() is now treated as an attempt to connect to the local machine and accordingly it has a security check. If this succeeds, it works as before. If this fails, the method returns a host with name/address "localhost/127.0.0.1", a generic handle.

Class Interface Changes

Note that these new methods are not included in current releases of Netscape Navigator. Hence they should NOT be used in applets being developed to run on those browsers.

java.lang.Character
- public static boolean isTitleCase(char);
- public static boolean isLetter(char);
- public static boolean isLetterOrDigit(char);
- public static boolean isJavaLetter(char);
- public static boolean isJavaLetterOrDigit(char);
- public static char toTitleCase(char);
- public static boolean isSpace(char);
java.lang.Long
- public static java.lang.String toHexString(long);
- public static java.lang.String toOctalString(long);
- public static java.lang.String toBinaryString(long);
java.lang.Integer
- public static java.lang.String toHexString(int);
- public static java.lang.String toOctalString(int);
- public static java.lang.String toBinaryString(int);

Abstract Window Toolkit (AWT) Changes: All Java-Supported Platforms

Improved image conversion performance.
Component.invalidate() has been fixed to ensure that all ancestors up to the root are also invalidated so that a subsequent call to "validate" on the root will cause all the necessary containers to re-layout properly. Components are invalidated on calls to Component.reshape(); Containers are invalidated when components are added/removed, and when a layout manager is set (Container.setLayout()).
Events delivered within a dialog are no longer propagated up to the parent frame if not consumed by the dialog or any of its descendents. This fixes a number of bugs, one where calling "hide" on an applet's dialog would stop the applet.
Fixed bug in Component.inside() where it was returning incorrect results and causing Container.locate() to return the wrong component in certain cases. Component.inside() now expects the coordinate paramaters to be in the coordinate system of the component (NOT its parent).
Key events are now properly delivered to TextArea components.
Implemented modal dialogs so that calling the "show" method on a modal dialog will block until the dialog is dismissed.
Fixed bug in IndexColorModel where it now returns values in the range 0...255 for the methods getRed, getGreen, getBlue, and getAlpha.

Abstract Window Toolkit (AWT) Changes: Windows Platform

On Windows, the default background color for components is now inherited from the current desktop colors (where previously it was set by default to gray). If you've coded your programs to depend on the default background being gray, you'll want to modify your code to instead call "getBackground" to get the true color.
Fixed problem on Windows95 where the graphics objects were getting confused and causing objects to incorrectly paint on top of each other.
Full support for 16- and 24-bit depths on Windows platforms (no more dither images to an 8-bit palette when running on a deeper screen)
The AWT font names now map correctly to Win32 fonts. However, font sizes are still based on the "one point equals one pixel" rule, rather than following the Windows rule that a font be proportional to the current display. For example, 12-point Courier in Java may be smaller on a Windows system than 12-point Courier in Microsoft Word. We purposely didn't fix this because most applet layouts use absolute coordinates, and expect fonts to be proportionally the same (in relation to the applet) on all platforms.
Scrolling windows no longer wait until the mouse is released. Scrolling while the mouse button is down is disabled for 1.0.2, but will be reinstated for the next release (it's being rewritten).

Abstract Window Toolkit (AWT) Changes: Solaris Platform

Fixed problem on Solaris where a Text component with input focus would peg the CPU to 100%.
Fixed bug on Solaris where no more than 20 items could be added to a choice component.
Fixed bug on Solaris where cut/copy from AWT textfield and pasting into OpenWindows application would hang, then timeout and fail to transfer the data.

Abstract Window Toolkit (AWT) Changes: Macintosh Platform

Insofar as the Macintosh version of the JDK is based on the same shared code as the other versions, many AWT bug fixes for the JDK 1.0.2 have improved the overall quality of the Macintosh release.

Documentation Changes in 1.0.2

For this release we are providing a new interim version of the API documentation in HTML. This version has been revised and updated by the JavaSoft engineers and thus represents the most current documentation. We are planning eventually to provide this updated version in the javadoc format.

Windows 3.1 Users:For your convenience in evaluating the Java API, we have provided 8.3-length filenames in this new interim set of documentation (except for the package called sun.tools.debug). This means the files are fully functional in Windows 3.1.

Last Updated: 6 May 1996

Java Developers Kit