Release Date

 

ContentRelease 4.1.3
DownloadPlease contact support@blueriq.com 



On this page:

Note that Publisher 5 is already available, so please try to upgrade to the newest version.


Bugfixes

Incident number

Summary (problem description)

Resolution

PUB-196

Fix CVEs :

CVE-2019-11269

CVE-2019-12814

CVE-2019-11269 - Fixed by upgrading to sprint security oauth to 2.3.6. 

CVE-2019-12814 - is a false positive , jackson databind is not used in such a way that the usage of the library is dangerous. 

PUB-195

Fix CVEs: 

CVE-2019-10321
CVE-2019-10322
CVE-2019-10323
CVE-2019-10324

False positives, The CVE is not Applicable for the Artifactory-client library's Blueriq uses.
PUB-192Fix CVE-2016-10036 False positive CVE. The CVE is not Applicable for the Artifactory-client library's Blueriq uses.

PUB-193

Fix CVE-2019-12086 The Jackson dependencies have been upgraded to version 2.9.9, which doesn't contain the vulnerability.
BQ-7895Timestamps in Publisher logs are wrong, mixing minutes with monthsThe problem is now fixed.

Upgrade Instructions

There are no upgrade instructions.

3rd Party Libraries

There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 4 libraries. For a list of all known vulnerabilities please view Blueriq Publisher Vulnerabilities