BQ-12913

JAVA Runtime

CVE-2021-30468 was reported on the Apache CXF dependencies.

Apache CXF is upgraded to version 3.3.11 which is not vulnerable.

CSD-3782

Customer Data Service

In CDS version line 3.x (included with BQ12, BQ13 and BQ14), Hibernate could generate a query pattern for limiting that could cause poor performance on aggregate list queries for Oracle 12c and higher.

We updated Hibernate to a newer version, which supports an alternative query pattern for limiting that does not have this performance penalty.

BQ-12899

ReadWriteLock could grant incorrectly grant a lock in combination with thread interrupts

ReadWriteLock will now continue waiting if the thread is interrupted

BQ-12855

JAVA Runtime

When using instance lists, the pagination text is always displayed in English, even when another language is used.

The pagination texts for instance list are now shown in the correct language. Please note that we introduced a navigation container in the instance list which replaces the old single field pagination. This might break existing MVC frontends. We introduced a legacy toggle which enables the old behavior.

BQ-12816

JAVA Runtime

The Blueriq Runtime would not pick up the license configured in Blueriq Studio when using the Development Tools

The Blueriq Runtime will now pick up the license configured in Blueriq Studio again when using the Development Tools

BQ-12771

When initially sending all cases and tasks to the DCM Lists Service, non-task process nodes would also be sent, as well as automatic task nodes.

We changed the indexing process so that only non-automatic task nodes are sent to the DCM Lists Service.

BQ-12770

When using the AQ_ExecuteTask service with DCM 2.0, an error is shown in the validation report and in the log. The service works normally however.

The AQ_ExecuteTask was classified as DCM 1.0 and therefore a warning was logged when the runtime is in DCM 2.0 modus. However, this service is still required for DCM 2.0 as there is no alternative yet. So the warning is removed from both the log and the validation report.

CSD-3763

versionmanagement

Creating commits could spuriously fail under high load, especially during the SDF migration in which lots of revisions are created.

The occasional failure is now handled gracefully instead of failing the commit operation, allowing the revision to be created.

BQ-12706

JAVA Runtime

CVE-2021-22112 was reported on spring-security artifacts used by Blueriq

This CVE does not apply to the artifacts used by Blueriq, but are falsely reported as affected. However, we decided to upgrade the libraries anyway so we do not get any false reports.

BQ-12595

JAVA Runtime

When running in production mode, Material theme did not work with the default CSP headers configured in Blueriq.

We updated the default CSP headers configured in Blueriq to make the Material theme work out of the box in production mode.

CSD-3637

installer

When installing Blueriq and IIS is not installed and error is thrown suggesting that IIS is already installed

The Blueriq installer messages have been clarified into separate messages that display if the software is not installed or if the software version is not compatible.