You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.
1. Bug fixes
Identifier | Component | Issue | Solution |
|---|---|---|---|
BQ-14474 | CVE-2021-43797 & CVE-2021-23463 are reported on the runtime | CVE-2021-43797 concerns a Netty library which was updated to the latest version in which the CVE is resolved. CVE-2021-23463 concerns H2, which we only ship with the development-tools component. This component is meant to be used for development and not for production. H2 can also be used as a database backend, but this is strongly discouraged in production environments. So we have not updated the H2 library as production is unaffected. | |
CSD-3970 | JAVA Runtime | When importing a profile.xml using the XmlConverter an exception is thrown when loading an already existing singleton entity instance. | This was a regression which occurred after the resolution of CSD-3923. When importing a profile.xml into a prefilled profile the existing singletons will be used, otherwise the imported profile instance will be used. |
CSD-3912 | The inability to find a qualified name when importing a WSDL would omit the qualified name, making it hard to debug the issue. | The qualified name that could not be found is now included in the log. | |
CSD-3931 | Importing a branch export from a Studio version older than R13 could fail if it contains external libraries that require a migration. | When an older branch export is imported into a newer Studio version, any external libraries are now correctly migrated as well. | |
CSD-3930 | When an inline field is present on a page, the generation of a document using the document plugin would fail | Inline fields no longer cause the document generation plugin to fail |
2. Log4shell
Several critical CVEs were reported on the log4j-core library. Blueriq is not affected by these CVEs, see https://www.blueriq.com/en/insights/measures-concerning-log4shell for our statement.
We do use log4j dependencies (log4j-api and log4j-to-slf4j) that are not affected, but use the same versioning scheme as the affected log4j-core library. To avoid confusion, we upgraded these libraries to the latest version 2.17.0.
3. Upgrade Instructions
There are no specific upgrade instructions for this release.
As a best practice
- backup your repository
- backup your database before running scripts
- backup your
spring.config.additional-locationdirectory ([Blueriq installation directory]\Runtime) - backup any config files you have altered under [Blueriq installation directory]\Services
before you start the upgrade.
4. Artifacts
The Blueriq artifacts are available under name: 13.13.11.4253
This release includes these versions of Blueriq components with a separate life cycle:
Component | Version |
|---|---|
| Customer Data Service | 3.4.5 |
| DCM Lists Service | 1.4.4 |
| Material Theme | 1.0.40 |
| Development tools | 1.1.1 |
5. Aquima Libraries
There are no specific Library updates for this release.
6. Libraries
The third party libraries were updated in this release.
ArtifactId | GroupId | License | 13.13.10 | 13.13.11 |
|---|---|---|---|---|
io.netty |
| 2.0.46.Final | ||
io.netty |
| 4.1.72.Final | ||
org.apache.logging.log4j | 2.13.3 | 2.17.0 | ||
org.apache.logging.log4j | 2.13.3 | 2.17.0 | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final | ||
io.netty | 4.1.69.Final | 4.1.72.Final |
7. Known issues
For an overview of known issue please refer to: Known issues
Overview
Content Tools