Change Guardian contains embedded third-party products such as JRE, Jetty, PostgreSQL, and ActiveMQ. Change Guardian includes patches to address the security vulnerabilities (CVE) for these products when updates for Change Guardian are released.
However, each of these products has its own release cycle, which means that there might be CVEs that are discovered before a Change Guardian update is released. You need to separately review the CVEs for each embedded third-party product, and decide whether to apply these updates to your Change Guardian system outside of the Change Guardian updates.
If you decide to apply patches to address these CVEs outside of a Change Guardian update, contact Technical Support.