java version with burp enterprise
How do I upgrade the vulnerable java 9 version bundled with Burp Enterprise?
Hi Scott, Unfortunately, we don’t have a mechanism to update the JRE bundled with Enterprise.
Do you have any documentation about these vulnerabilities?
This is a security tool that I cannot run in my secure environment due to it running a non-compliant version of java.
We’re currently reviewing your issue. We’ll get back to you when we have something to share.
We are planning to upgrade the embedded Java version before long, unfortunately, we can’t provide an ETA.
Although Java 9 is no longer supported, we have reviewed the security issues that have been raised since the last release. These are mostly not relevant to server applications, and only affect applets running in the browser, etc. A remaining few issues are denial of service issues in the image decoding libraries which are not used in Enterprise. Our assessment is that there is currently not a significant risk in remaining on Java 9, but we will continue to monitor the situation.