Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Content Security Reporter 2.9.2 Release Notes

Releases can introduce new features and enhancements or update platform support.

This release includes JRE upgrade, FQDN changes, support for ePO™ CU18, and fixed known issues and vulnerabilities.

Vulnerabilities Fixed

Here is a list of Vulnerabilities Fixed in CSR 2.9.2.

CVE Identifier Component Security Risk Score Fix
CVE-2022-45047 Apache Mina SSHD :: Common support utilities 2.3.0 Critical 9.8

Wildfly 26.1.3.Final

CVE-2019-10202 Data Mapper for Jackson 1.8.5 Critical 9.8 jackson-core-2.14.3.jar
CVE-2022-22965 Spring Framework 4.1.6.RELEASE Critical 9.1 Spring Framework 5.3.30
CVE-2018-1270 Spring Framework 4.1.6.RELEASE High 8.8 Spring Framework 5.3.30
CVE-2018-1275 Spring Framework 4.1.6.RELEASE High 8.5 Spring Framework 5.3.30



Spring Framework 4.1.6.RELEASE High 7.5 Spring Framework 5.3.30
CVE-2016-1000027 Spring Framework 4.1.6.RELEASE High 7.3 Spring Framework 5.3.30
BDSA-2022-0847 Spring Framework 4.1.6.RELEASE High 7.1 Spring Framework 5.3.30
CVE-2022-46364 Apache CXF cxf-3.4.4 High 8.7 Apache CXF 3.5.6
CVE-2021-40690 Apache CXF cxf-3.4.4 High 7.5 Apache CXF 3.5.6
CVE-2023-44487 Apache Tomcat 9.0.79 High 7 Wildfly 26.1.3.Final
CVE-2020-15180 MariaDB 10.4.13 High 8.8 MariaDB 10.11.5




MariaDB 10.4.13 High 7.5 MariaDB 10.11.5
CVE-2020-28912 MariaDB 10.4.13 High 7.3 MariaDB 10.11.5
CVE-2021-3711 MySQL Connector/J 6.0.2 Critical 9.8 MariaDB 10.11.5
CVE-2023-22102 MySQL Connector/J 6.0.2 High 8.3 MariaDB 10.11.5
CVE-2022-21824 MySQL Connector/J 6.0.2 High 8.2 MariaDB 10.11.5
CVE-2018-3258 MySQL Connector/J 6.0.2 High 7.7 MariaDB 10.11.5
CVE-2020-1967 MySQL Connector/J 6.0.2 High 7.5 MariaDB 10.11.5




MySQL Connector/J 6.0.2 High 7.4 MariaDB 10.11.5


Netty Project 3.6.1.Final,

Netty Project 3.6.1.Final

High 7.5 Netty Project 3.10.6.Final
CVE-2023-3635 OkIO 1.17.5 High 7.5 Wildfly 26.1.3.Final
CVE-2022-34169 Open JDK 8u312-b07 High 7.4 Open JDK 8u382b05
Open JDK 8u382b05 Oracle Database JDBC Drivers High 8.1 MariaDB 10.11.5
CVE-2022-21724 PostgreSQL JDBC Driver (pgjdbc) 9.4-1208 High 8.8 MariaDB 10.11.5
CVE-2020-13692 PostgreSQL JDBC Driver (pgjdbc) 9.4-1208 High 8.5 MariaDB 10.11.5
CVE-2018-10936 PostgreSQL JDBC Driver (pgjdbc) 9.4-1208 High 8.1 MariaDB 10.11.5
CVE-2023-39017 Quartz Enterprise Job Scheduler 2.2.3 Critical 9.8 Quartz 2.3.2
CVE-2019-13990 Quartz Enterprise Job Scheduler 2.2.3 High 7.9 Quartz 2.3.2




Spring Security 4.0.1.RELEASE High 7.1 Spring Security 5.6.12

Installing and upgrading Content Security Reporter

NOTE: Only the 2.9.1 version supports upgrading to 2.9.2. For the earlier versions such as 2.5, 2.6, 2.7, 2.8, and 2.9, you must upgrade to 2.9.1 and then upgrade to 2.9.2.


  • If you are using CSR 2.8 or above version, please copy csr.keystore from ..\reporter\jboss\standalone\configuration\ to a safe location, rename it to csr.keystore.old along with the latest backup.xml file. 
  • If you are using CSR 2.7 or older version, please copy keystore.jks from ..\reporter\jboss\standalone\configuration\ to safe location.


Fixed Issues

Reference Issue description


On adding CSR DB, ePO audit log status was showing failed. This issue is resolved now.


CSR is upgraded to the latest version of JRE.


The existing Zulu version in CSR was vulnerable (CVE-2023-21930, CVE-2023-21937, CVE-2023-21938, CVE-2023-21939, CVE-2023-21954, CVE-2023-21967, CVE-2023-21968). It is updated to the latest version.

CSR-718 Support for Trellix ePO 5.10.0 CU 18 (supports Content Support Policy changes)


CSR 2.9.2 points to the latest changes for extended FQDNs in CSR.


CSR Version  has the following vulnerability in H2-Database and Maria Database.

H2-Databse: CVE-2021-42392

Maria Database: CVE-2022-24048, CVE-2022-24050, CVE-2022-24051 and CVE-2022-24052

 It is updated to the latest non-vulnerable version.


In the Content Security Report, the Log4j file was vulnerable. It was addressed with the latest Log4j.

  • Was this article helpful?