Support Bulletin: Issue with Contrast Java Agent versions 6.3.0 and 6.3.1

  • Updated

Issued: April 2, 2024 

This message is to notify you of an issue with Contrast Java Agent versions 6.3.0 and 6.3.1 in which the agent may miss vulnerabilities for Assess and Protect.

What does this mean to you?

Java Agent versions 6.3.0 and 6.3.1 may miss Assess and Protect vulnerabilities (XSS, SQLi etc.) for Spring on Tomcat, JBoss, Glassfish, or Apache Felix (OSGi) application servers. 

The issue can be resolved through any of the following paths

  • Upgrade to Java Agent 6.3.2
  • Work around the problem by disabling deep inspection with the following JVM parameters:
    • -Dcontrast.inspect.allclasses=false 
    • -Dcontrast.process.codesources=false  
  • Downgrade to Java Agent 6.2.1 or below

If you are not running with these specific versions of the Java agent or if you have the deep inspection settings already disabled, no action is required.


If you have any additional questions, concerns, or would like to discuss this issue further, please don’t hesitate to reach out to us at



Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request