Bugfixes

Incident number
Summary (problem description)
Resolution
PUB-197CVE-2019-1068, A remote code execution vulnerability exists in Microsoft SQL Server when it incorrectly handles processing of internal functions, aka 'Microsoft SQL Server Remote Code Execution Vulnerability'Warning was suppressed, as the CVE is present in database itself, please read recommendations provided by Microsoft, https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1068.
PUB-201Fix CVE-2019-14379Jackson-Databind has a CVE we have upgraded it from 2.9.9.1 to 2.9.9.3
PUB-202Fix CVE-2019-14540 & CVE-2019-16335Fixed by updating the jackson dependencies to 2.9.10.
PUB-207An error was thrown when navigating to the Environments tab. This issue was reproducible when running the Publisher on JBoss EAP72. Problem is now fixed by including sun/reflect module for the JBoss deployment structure.

Upgrade Instructions

There are no specific upgrade instructions but when you upgrade from version 4.x, please take a look at the Platform support and Installing Publisher 5 due to the upgrade to Java 11.

3rd Party Libraries

There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 5 libraries.