0

How can I prevent XXE attack using Java 1.6? Most examples that I googled are using Java 1.7. We need to stick to Java 1.6 for the moment.

bittersour
  • 937
  • 2
  • 11
  • 32
  • 1
    May I ask why you NEED java 1.6? – Roy Shahaf Nov 09 '18 at 07:32
  • 1
    Well, Oracles public support for Java 6 ended 2013, extended Support for Java SE 6 ends in December, which would increase security risk ... I would suggest the customer to switch to a newer version of Java. – michaeak Nov 09 '18 at 07:35
  • 1
    I mean, java 6 was released 12 years ago, the free public updates ended on 2013 and the extended support ends in a month. Even java 7 is way behind on free updates. – Roy Shahaf Nov 09 '18 at 07:36

0 Answers0