Note that Publisher 5 is already available, so please try to upgrade to the newest version.
Bugfixes
Incident number | Summary (problem description) | Resolution |
|---|---|---|
| PUB-202 | CVE-2019-14540 and CVE-2019-16335 were reported in the Publisher. | Fixed by updating the jackson dependencies to 2.9.10. |
| PUB-201 | Fix CVE-2019-14379 | Jackson-Databind has a CVE we have upgraded it from 2.9.9.1 to 2.9.9.3 |
| PUB-200 | Publisher would not start on JBoss | Excluded the JSF subsystem to make it work again |
| PUB-197 | CVE-2019-1068, A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability' | Warning was suppressed, as the CVE is present in database itself, please read recommendations provided by Microsoft, https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068. |
Upgrade Instructions
There are no upgrade instructions.
3rd Party Libraries
There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 4 libraries. For a list of all known vulnerabilities please view Blueriq Publisher Vulnerabilities.
Overview
Content Tools