Bugfixes

Incident number
Summary (problem description)
Resolution
PUB-212Environments with sortvalue = null caused errors.If sortvalue is missing the environments are shown at the end.
PUB-202

The following vulnerabilities on 3rd party dependencies were reported: 

CVE / vulnerabilityLibraryResolution
CVE-2019-11358jquery-3.0.0.min.jsFixed by upgrading jQuery to 3.1.4
CVE-2019-16942
CVE-2019-16943
CVE-2019-17531
jackson-databind-2.9.10.jarFixed by upgrading jackson libraries to 2.10.0
CVE-2019-11065, CVE-2019-15052, CVE-2019-16370plexus-utils-2.0.6.jarSuppressed as false positive, as it is not part of delivered code.


Directory traversal in org.codehaus.plexus.util.Expandplexus-utils-2.0.6.jar
Possible XML Injectionplexus-utils-2.0.6.jar
A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the templatehandlebars-4.0.5.jsThis library is used by Swagger UI 2.x, which is only available in development mode.

Upgrade Instructions

There are no specific upgrade instructions but when you upgrade from version 4.x, please take a look at the Platform support and Installing Publisher 5 due to the upgrade to Java 11.

3rd Party Libraries

There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 5 libraries.