Bugfixes

Incident number
Summary (problem description)
Resolution
PUB-400CVE-2023-34042 has been detected for spring-security 5.8.5. Fixed by updating spring-security to version 5.8.7

Upgrade Instructions

There are no specific upgrade instructions but when you upgrade from version 6.x, please take a look at the Platform support and Installing Publisher 6 due to the upgrade to Java 17.

3rd Party Libraries

There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 6 libraries.


ArtifactId

GroupId

License

Version in 6.1.0

Version in 6.1.1

spring-security-acl

org.springframework.security

Apache License 2.0

5.8.5

5.8.7

spring-security-config

org.springframework.security

Apache License 2.0

5.8.5

5.8.7

spring-security-core

org.springframework.security

Apache License 2.0

5.8.5

5.8.7

spring-security-crypto

org.springframework.security

Apache License 2.0

5.8.5

5.8.7

spring-security-oauth2-core

org.springframework.security

Apache License 2.0

5.8.5

5.8.7

spring-security-oauth2-jose

org.springframework.security

Apache License 2.0

5.8.5

5.8.7

spring-security-oauth2-resource-server

org.springframework.security

Apache License 2.0

5.8.5

5.8.7

spring-security-taglibs

org.springframework.security

Apache License 2.0

5.8.5

5.8.7

spring-security-web

org.springframework.security

Apache License 2.0

5.8.5

5.8.7