You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.
1. Upgrade Instructions
There are no specific upgrade instructions for this release.
As a best practice
- backup your repository
- backup your database before running scripts
- backup your
spring.config.additional-location
directory ([Blueriq installation directory]\Runtime) - backup any config files you have altered under [Blueriq installation directory]\Services
before you start the upgrade.
2. Artifacts
The Blueriq artifacts are available under name: 13.13.23.5057
Component |
Version |
---|---|
Customer Data Service | 3.4.13 |
DCM lists | 2.0.4 |
Blueriq material theme | 1.0.46 |
Development tools | 1.1.3 |
3. Aquima Libraries
There are no specific Library updates for this release.
4. Libraries
5. Retirement announcement
There are no specific retirement announcements.
For a full list of deprecated features, go to Deprecated features.
6. Bug fixes
Identifier |
Component |
Issue |
Solution |
---|---|---|---|
BQ-16097 |
Runtime |
CVE-2022-22976 and CVE-2022-2298 have been detected on the Runtime. While we don't use RegexRequestMatcher, we are not vulnerable to CVE-2022-22978. We are however vulnerable to CVE-2022-22976 but only if BCrypt password encryption is used with 31 rounds. |
We've updated the Spring libraries for Blueriq version 15, 14 and 13. If your project uses BCrypt encryption with 31 rounds (blueriq.security.bcrypt-strength) please follow the instructions on the this page. We have also removed the option to use 31 rounds to mitigate the CVE for Blueriq version 12. |
BQ-16096 |
Runtime |
CVE-2022-22970 and CVE-2022-22971 have been detected on the Runtime. While we don't use STOMP over Web Socket, we are not vulnerable to CVE-2022-22971. We are however vulnerable to CVE-2022-22970 due to the usage of MultipartFile in the file upload component endpoint. |
We have updated the spring-boot version to 2.6.8 (spring-framework 5.3.20) for version 15 and 14. For version 13 we have updated the spring-framework version to 5.2.22. |
BQ-16092 |
Runtime |
CVE-2022-24823 was reported for netty-transport-http. |
Netty has been upgraded to version 4.1.77.Final, which doesn't have the vulnerability. |
CSD-4123 |
Runtime |
Function calls from a flow would not preserve the test path. |
The test path is preserved in function calls from a flow. |
CSD-4117 |
Runtime |
Unable to upload the same document twice. |
Fixed by clearing the file input value before uploading the next file. |
CSD-3947 |
Runtime |
A test path passed to an external flow would not be propagated to services that would be called before the first page in a flow. |
This has been fixed. |
CSD-4101 |
Runtime |
In a BAAS, the test path would not be stored to propagate it to other services. |
This has been fixed. |
CSD-4053 |
Runtime |
Sending an invalid valuelist value to a BAARS resulted in a 500 http status code, which should be a 400 status code |
When sending an invalid valuelist value to a BAARS it will now send a 400 http status code, with a message that contains the invalid field. |
BQ-15355 | Runtime | Request parameters on the url are not passed on to the Blueriq Runtime | Request Parameters on URL are added as a default feature in the Blueriq Material theme. When customers base their new custom theme on the Material theme they will have this feature enabled by default. |
7. Known issues
For an overview of known issue please refer to: Known issues