Note that Publisher 5 is already available, so please try to upgrade to the newest version.
Bugfixes
Incident number | Summary (problem description) | Resolution |
---|---|---|
PUB-196 | Fix CVEs : CVE-2019-11269 CVE-2019-12814 | CVE-2019-11269 - Fixed by upgrading to sprint security oauth to 2.3.6. CVE-2019-12814 - is a false positive , jackson databind is not used in such a way that the usage of the library is dangerous. |
PUB-195 | Fix CVEs: | False positives, The CVE is not Applicable for the Artifactory-client library's Blueriq uses. |
PUB-192 | Fix CVE-2016-10036 | False positive CVE. The CVE is not Applicable for the Artifactory-client library's Blueriq uses. |
PUB-193 | Fix CVE-2019-12086 | The Jackson dependencies have been upgraded to version 2.9.9, which doesn't contain the vulnerability. |
BQ-7895 | Timestamps in Publisher logs are wrong, mixing minutes with months | The problem is now fixed. |
Upgrade Instructions
There are no upgrade instructions.
3rd Party Libraries
There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 4 libraries. For a list of all known vulnerabilities please view Blueriq Publisher Vulnerabilities.
Overview
Content Tools