You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.
Identifier | Component | Issue | Solution |
---|---|---|---|
BQ-14595 | JAVA Runtime | CVE is reported for Jenkins plugin. Blueriq is only using the client API which is not related to Jenkins | Suppress because it is a false positive |
BQ-14576 | CVE-2021-44832 is reported on the log4j-core library. Blueriq does not use this library. The CVE is incorrectly matched to the log4j-api library that uses the same versioning scheme. This library is used by Blueriq, but it is not vulnerable. | To avoid confusion, we upgraded the log4j libraries that Blueriq does use to the latest version. | |
BQ-14520 | Logback contains a CVE which is hard to exploit but has a possible high impact (CVE-2021-42550) | Logback has been upgraded to a new version which no longer contains this vulnarability | |
CSD-3966, CSD-3403, CSD-2690 | JAVA Runtime | When using the AQ_RestServiceClient the response message is not interpreted when the response content type is application/problem+json | application/problem+json is a default content type for REST response which are errors. Therefore we have added application/problem+json and application/problem+xml as accepted default content types. |