Technology upgrade

  • org.springframework.security.oauth:spring-security-oauth2 to 2.3.5 (was 2.3.4)

Bugfixes

Incident number
Summary (problem description)
Resolution
PUB-182

The publisher dependency checker identified the following CVEs in 3rd party libraries: 

CVE-2019-3778


Upgraded Spring Security OAuth from 2.3,4 to 2.3.5 to resolve this vulnerability. 
PUB-180The project revision was not picked up correctly when trying to publish a project.The problem was now fixed.

Upgrade Instructions

There are no specific upgrade instructions but when you upgrade from version 4.x, please take a look at the Platform support and Installing Publisher 5 due to the upgrade to Java 11.

3rd Party Libraries

There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 5 libraries.