Release Date

 

ContentRelease 4.1.4
DownloadPlease contact support@blueriq.com 



On this page:

Note that Publisher 5 is already available, so please try to upgrade to the newest version.


Bugfixes

Incident number

Summary (problem description)

Resolution

PUB-202CVE-2019-14540 and CVE-2019-16335 were reported in the Publisher. Fixed by updating the jackson dependencies to 2.9.10.
PUB-201

Fix CVE-2019-14379

Jackson-Databind has a CVE we have upgraded it from 2.9.9.1 to 2.9.9.3

PUB-200Publisher would not start on JBossExcluded the JSF subsystem to make it work again
PUB-197CVE-2019-1068, A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'Warning was suppressed, as the CVE is present in database itself, please read recommendations provided by Microsoft, https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068.

Upgrade Instructions

There are no upgrade instructions.

3rd Party Libraries

There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 4 libraries. For a list of all known vulnerabilities please view Blueriq Publisher Vulnerabilities