Content Security Reporter 2.9.3 Release Notes
This release addresses several vulnerabilities identified in the CSR 2.9.2 release and also provides fixes for a few customer-reported issues.
Enhancements
This release adds support for SQL Server 2022 and hardens the WildFly server to enhance the security of the Content Security Reporter (CSR).
Installing and Upgrading Content Security Reporter
NOTE: The CSR 2.9.1 and 2.9.2 versions support upgrading to 2.9.3. You must first upgrade to 2.9.1 before upgrading to 2.9.3 for the earlier CSR versions, such as 2.5, 2.6, 2.7, 2.8, and 2.9.
- Refer Install Content Security Reporter for the First Time for information about installing the software.
- Prepare for your upgrade
NOTE:
- If you are using CSR 2.8 or above version, please copy
csr.keystorefrom..\reporter\jboss\standalone\to a safe location, rename it to csr.keystore.old along with the latest backup.xml file.configuration\ - If you are using CSR 2.7 or older version, please copy
keystore.jksfrom..\reporter\jboss\standalone\to safe location.configuration\
- Upgrade the software automatically from CSR 2.9.1 or 2.9.2 to CSR 2.9.3.
- If you are planning to upgrade from older version like CSR 2.6, 2.7, 2.8 or 2.9 to CSR 2.9.2 you have to follow, Prepare for your upgrade and Upgrade the software manually.
Vulnerabilities Fixed
Vulnerabilities addressed in CSR 2.9.3:
| CVE Identifier | Component | Security Risk | Score | Fix |
|---|---|---|---|---|
| CVE-2024-21208 | JRE | Low | 3.7 | JRE Upgrade to 8.82.021 (CA) |
| CVE-2024-21210 | JRE | Low | 3.7 | JRE Upgrade to 8.82.021 (CA) |
| CVE-2024-21217 | JRE | Low | 3.7 | JRE Upgrade to 8.82.021 (CA) |
| CVE-2024-21235 | JRE | Medium | 4.8 | JRE Upgrade to 8.82.021 (CA) |
| CVE-2024-25062 | JRE | High | 7.5 | JRE Upgrade to 8.82.021 (CA) |
| CVE-2023-42950 | JRE | High | 8.8 | JRE Upgrade to 8.82.021 (CA) |
| CVE-2024-28752 | Apache CXF | High | 7.4 | Apache CXF to 3.5.9 |
| CVE-2024-29736 | Apache CXF | Critical | 9.1 | Apache CXF to 3.5.9 |
| CVE-2024-32007 | Apache CXF | High | 7.5 | Apache CXF to 3.5.9 |
Fixed Issues
| Reference | Issue Description |
|---|---|
| CSR-171 | The Test button is now added to the Post Processing screen (Log Source > Post Processing), allowing you to easily verify server connectivity before processing the log file. |
| CSR-578 | The Update Directory functionality no longer runs when the directory is disabled. The issue with the text-based internal directory is now resolved. |
| CSR-846 | The config file now correctly supports 30-day log retention instead of deleting logs that are older than 10 days. |
| CSR-861 | The log files are now compressed when they reach 500 MB and stored in the \reporter\log\ folder. |
|
CSR-884 |
You can now enable the multiple user-defined columns in the Report Server settings (Report Server Settings > Log Sources > Actions > Edit > User-Defined Columns tab). |