You are viewing the documentation for Blueriq 14. Documentation for other versions is available in our documentation directory.
1. Upgrade Instructions
There are no specific upgrade instructions for this release.
As a best practice
- backup your repository
- backup your database before running scripts
- backup your
spring.config.additional-locationdirectory ([Blueriq installation directory]\Runtime) - backup any config files you have altered under [Blueriq installation directory]\Services
before you start the upgrade.
2. Artifacts
The Blueriq artifacts are available under name: 14.11.1.4963
This release includes these versions of Blueriq components with a separate life cycle:
Component | Version |
|---|---|
| Customer Data Service | 3.4.13 |
| DCM Lists Service | 2.0.5 |
| Material Theme | 1.0.46 |
| Development tools frontend | 1.1.3 |
| Document Renderer | 1.1.1 |
3. Aquima Libraries
There are no specific Library updates for this release.
4. Libraries
In this release, the set of third party libraries that is used by Blueriq was updated. When your installation of Blueriq includes custom components (artifacts that do not ship with Blueriq, such as proprietary plugins), those components should be tested for compatibility with these changes.
5. Retirement announcement
There are no specific retirement announcements.
For a full list of deprecated features, go to Deprecated features.
6. Bug fixes
Identifier | Component | Issue | Solution |
|---|---|---|---|
BQ-16097 | Runtime | CVE-2022-22976 and CVE-2022-2298 have been detected on the Runtime. While we don't use RegexRequestMatcher, we are not vulnerable to CVE-2022-22978. We are however vulnerable to CVE-2022-22976 but only if BCrypt password encryption is used with 31 rounds. | We've updated the Spring libraries for Blueriq version 15, 14 and 13. If your project uses BCrypt encryption with 31 rounds ( |
BQ-16096 | Runtime | CVE-2022-22970 and CVE-2022-22971 have been detected on the Runtime. While we don't use STOMP over Web Socket, we are not vulnerable to CVE-2022-22971. We are however vulnerable to CVE-2022-22970 due to the usage of MultipartFile in the file upload component endpoint. | We have updated the spring-boot version to 2.6.8 (spring-framework 5.3.20) for version 15 and 14. For version 13 we have updated the spring-framework version to 5.2.22. |
BQ-16092 | Runtime | CVE-2022-24823 was reported for netty-transport-http. | Netty has been upgraded to version 4.1.77.Final, which doesn't have the vulnerability. |
CSD-4123 | Runtime | Function calls from a flow would not preserve the test path. | The test path is preserved in function calls from a flow. |
BQ-15966 | Studio | The Keycloak account console could fail to initialize | The Keycloak configuration has been adjusted to resolve the failure. |
CSD-3947 | Runtime | A test path passed to an external flow would not be propagated to services that would be called before the first page in a flow. | This has been fixed. |
CSD-4101 | Runtime | In a BAAS, the test path would not be stored to propagate it to other services. | This has been fixed. |
CSD-4053 | Runtime | Sending an invalid valuelist value to a BAARS resulted in a 500 http status code, which should be a 400 status code | When sending an invalid valuelist value to a BAARS it will now send a 400 http status code, with a message that contains the invalid field. |
| CSD-4096 | Runtime | Improve INFO logstatements of the AQ_Delete_Instance | The log statements of AQ_Delete_Instance are now combined into one LOG statement, whereas before they were reported in multiple log statements. By combining them into one it makes it easier to analyse the (production) logging. |
| BQ-15355 | Runtime | Request parameters on the url are not passed on to the Blueriq Runtime | Request Parameters on URL are added as a default feature in the Blueriq Material theme. When customers base their new custom theme on the Material theme they will have this feature enabled by default. |
7. Known issues
For an overview of known issue please refer to: Known issues
Overview
Content Tools