Bugfixes
Incident number | Summary (problem description) | Resolution |
---|---|---|
PUB-197 | CVE-2019-1068, A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability' | Warning was suppressed, as the CVE is present in database itself, please read recommendations provided by Microsoft, https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068. |
PUB-201 | Fix CVE-2019-14379 | Jackson-Databind has a CVE we have upgraded it from 2.9.9.1 to 2.9.9.3 |
PUB-202 | Fix CVE-2019-14540 & CVE-2019-16335 | Fixed by updating the jackson dependencies to 2.9.10. |
PUB-207 | An error was thrown when navigating to the Environments tab. This issue was reproducible when running the Publisher on JBoss EAP72. | Problem is now fixed by including sun/reflect module for the JBoss deployment structure. |
Upgrade Instructions
There are no specific upgrade instructions but when you upgrade from version 4.x, please take a look at the Platform support and Installing Publisher 5 due to the upgrade to Java 11.
3rd Party Libraries
There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 5 libraries.
Overview
Content Tools