You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.
1. Upgrade Instructions
There are no specific upgrade instructions for this release.
As a best practice
- backup your repository
- backup your database before running scripts
- backup your
spring.config.additional-locationdirectory ([Blueriq installation directory]\Runtime) - backup any config files you have altered under [Blueriq installation directory]\Services
before you start the upgrade.
2. Artifacts
The Blueriq artifacts are available under name: 13.13.18.4826
This release includes these versions of Blueriq components with a separate life cycle:
Component | Version |
|---|---|
| Customer Data Service | 3.4.11 |
| DCM Lists Service | 1.4.10 |
| Material Theme | 1.0.42 |
| Development tools frontend | 1.1.2 |
3. Aquima Libraries
There are no specific Library updates for this release.
4. Libraries
In this release, the set of third party libraries that is used by Blueriq was updated. When your installation of Blueriq includes custom components (artifacts that do not ship with Blueriq, such as proprietary plugins), those components should be tested for compatibility with these changes.
ArtifactId | GroupId | License | Version in 3.4.10 | Version in 3.4.11 |
|---|---|---|---|---|
javax.annotation | 1.3.2 |
| ||
com.fasterxml.jackson.core | 2.13.2 | 2.13.2.1 | ||
org.glassfish.jaxb | 2.3.5 | 2.3.6 | ||
org.jboss.logging | 3.4.2.Final | 3.4.3.Final | ||
org.slf4j | 1.7.32 | 1.7.36 | ||
org.apache.logging.log4j | 2.17.1 | 2.17.2 | ||
org.apache.logging.log4j | 2.17.1 | 2.17.2 | ||
ch.qos.logback | 1.2.9 | 1.2.11 | ||
ch.qos.logback | 1.2.9 | 1.2.11 | ||
org.slf4j | 1.7.32 | 1.7.36 | ||
org.springframework.amqp | 2.3.13 | 2.3.15 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework.data | 2.5.7 | 2.5.10 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework.amqp | 2.3.13 | 2.3.15 | ||
org.springframework.retry | 1.3.1 | 1.3.2 | ||
org.springframework.security | 5.5.4 | 5.5.5 | ||
org.springframework.security | 5.5.4 | 5.5.5 | ||
org.springframework.security | 5.5.4 | 5.5.5 | ||
org.springframework.security | 5.5.4 | 5.5.5 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.glassfish.jaxb | 2.3.5 | 2.3.6 |
ArtifactId | GroupId | License | Version in 1.4.9 | Version in 1.4.10 |
|---|---|---|---|---|
javax.annotation | 1.3.2 |
| ||
com.fasterxml.jackson.core | 2.13.2 | 2.13.2.1 | ||
org.slf4j | 1.7.32 | 1.7.36 | ||
org.apache.logging.log4j | 2.17.1 | 2.17.2 | ||
org.apache.logging.log4j | 2.17.1 | 2.17.2 | ||
ch.qos.logback | 1.2.9 | 1.2.11 | ||
ch.qos.logback | 1.2.9 | 1.2.11 | ||
org.slf4j | 1.7.32 | 1.7.36 | ||
org.springframework.amqp | 2.3.13 | 2.3.15 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework.boot | 2.5.8 | 2.5.12 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework.data | 2.5.7 | 2.5.10 | ||
org.springframework.data | 3.2.7 | 3.2.10 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework.amqp | 2.3.13 | 2.3.15 | ||
org.springframework.retry | 1.3.1 | 1.3.2 | ||
org.springframework.security | 5.5.4 | 5.5.5 | ||
org.springframework.security | 5.5.4 | 5.5.5 | ||
org.springframework.security | 5.5.4 | 5.5.5 | ||
org.springframework.security | 5.5.4 | 5.5.5 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 | ||
org.springframework | 5.3.14 | 5.3.18 |
5. Retirement announcement
There are no specific retirement announcements.
For a full list of deprecated features, go to Deprecated features.
6. Bug fixes
Identifier | Component | Issue | Solution |
|---|---|---|---|
BQ-15678 | Customer Data Service, DCM Lists Service, JAVA Runtime | With this issue it is possible for a user to provide a specially crafted SpEL expression that may cause a denial of service condition. | The fix provided in the Spring Framework is applied to Blueriq 14 and 13 by upgrading Spring Framework to a newer patch version. For other Blueriq versions no patch is provided by the Spring Framework. |
BQ-15579 | Customer Data Service, DCM Lists Service, JAVA Runtime | CVE-2022-22965 was found. A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. | Fixed by upgrading spring framework to newer patch versions |
BQ-15505 | Customer Data Service, DCM Lists Service, JAVA Runtime | CVE-2020-36518 was detected on jackson-databind before 2.13.2 | Fixed by upgrading to the latest version of jackson-databind which does not contain the vulnerability. |
CSD-3889 | JAVA Runtime | Blueriq didn't offer a security property to enable session fixation protection | Blueriq now offers a property to enable session fixation protection: |
7. Known issues
For an overview of known issue please refer to: Known issues
Overview
Content Tools