Java Agent 2.21.6

Released on: 
Thursday, April 24, 2014 - 12:42

Notes

Note: This is a bugfix release for the legacy Java SE5 version of the agent. Unless you are a Java SE5 user, use the latest version of the agent.

The 3.x agent works with Java SE 6 and 7. If you are using Java SE 5, this is the release for you.

  • Fix: XML entity expansion with non-SSL connection to New Relic

    Fixed an XML entity expansion vulnerability that only occurs when the agent is configured with ssl: false; the default is true. The agent already has other protection against unauthorized entity expansion. This fix is an additional layer of protection.