BQ-13958

CVE-2021-37136 & CVE-2021-37137 are reported on Netty libraries in the runtime.

We upgraded the Netty libraries to the latest version in which the CVEs have been fixed.

CSD-3891

JAVA Runtime

For CVE-2021-27568 we upgraded the json-path library since the CVE was reported on a transitive dependency of json-path. This caused Blueriq 11 and 12 to have a newer version of the json-path library then Blueriq 13 and 14 where this CVE was fixed in a different way by spring-boot.

To make sure there is no downgrade in the version of json-path, when Blueriq is upgraded from version 11 or 12, the version json-path is upgraded to 2.6.0.

CSD-3887

JAVA Runtime

Failed to retrieve project shortcuts when a dynamic shortcut is configured in development tools

Updated project shortcut handling to omit resources which cannot be started, which allows dynamic shortcuts to be retrieved

CSD-3879

Deleting a branch while it is being used as a pending merge branch in another branch may causes that other branch to become corrupt due to a missing merge revision.

The pending merge is now kept around even if its branch is deleted, at least until the merge is committed or cancelled.

CSD-3867

studio

When running a quick test in the studio, the inference tree did not show values from static instances.

Values from static instances are now shown in the quick test inference tree