[jtymes]

>Luckily the new patches to Java 7 no longer have this problem. But as the different statistics show – vast majority of the applications out there have not migrated to Java 7 as we speak. So most often than not, your application at hand has got the very same problem waiting to surface.

It's a tad misleading, but it's "still out there waiting to bite you" because of Java 6 still being widely used.

[thebluesky]

JDK 6 is EOL 2 months from now: https://blogs.oracle.com/henrik/entry/java_6_eol_h_h

It's also pretty rare for folks to use that http client. It's normally the case that an apache commons or netty http client is used.

[smackfu]

We'll see if that EOL actually happens. It's pretty irresponsible to discontinue security updates for a version that is used by half of your customers (even if you don't want them to use it anymore.) Very similar to Microsoft and XP support.