You are viewing the documentation for Blueriq 14. Documentation for other versions is available in our documentation directory.
2. Log4shell
Several critical CVEs were reported on the log4j-core
library. Blueriq is not affected by these CVEs, see https://www.blueriq.com/en/insights/measures-concerning-log4shell for our statement.
We do use log4j dependencies (log4j-api
and log4j-to-slf4j
) that are not affected, but use the same versioning scheme as the affected log4j-core
library. To avoid confusion, we upgraded these libraries to the latest version 2.17.0.
3. Changes Platform Support
Our Platform support is updated.
Changes are:
- Dropped support for JBoss EAP 7.2
- Added support for JBoss EAP 7.4
4. Upgrade Instructions
For upgrade instructions, see Release 14.7 Upgrade Instructions.
As a best practice
- backup your repository
- backup your database before running scripts
- backup your
spring.config.additional-location
directory ([Blueriq installation directory]\Runtime) - backup any config files you have altered under [Blueriq installation directory]\Services
before you start the upgrade.
5. Artifacts
The Blueriq artifacts are available under name: 14.7.0.4248
This release includes these versions of Blueriq components with a separate life cycle:
Component |
Version |
---|---|
Customer Data Service | 3.4.5 |
DCM Lists Service | 1.4.4 |
Material Theme | 1.0.40 |
6. Aquima Libraries
There are no specific Library updates for this release.
7. Libraries
In this release, the set of third party libraries that is used by Blueriq was updated. When your installation of Blueriq includes custom components (artifacts that do not ship with Blueriq, such as proprietary plugins), those components should be tested for compatibility with these changes.
8. Retirement announcement
We retired the BLUERIQ_SECURE_SESSION_COOKIE environment variable. See Deprecated features for details.
9. Bug fixes
Identifier |
Component |
Issue |
Solution |
---|---|---|---|
BQ-14474 |
|
CVE-2021-43797 & CVE-2021-23463 are reported on the runtime |
CVE-2021-43797 concerns a Netty library which was updated to the latest version in which the CVE is resolved. CVE-2021-23463 concerns H2, which we only ship with the development-tools component. This component is meant to be used for development and not for production. H2 can also be used as a database backend, but this is strongly discouraged in production environments. So we have not updated the H2 library as production is unaffected. |
CSD-3970 |
JAVA Runtime |
When importing a profile.xml using the XmlConverter an exception is thrown when loading an already existing singleton entity instance. |
This was a regression which occurred after the resolution of CSD-3923. When importing a profile.xml into a prefilled profile the existing singletons will be used, otherwise the imported profile instance will be used. |
CSD-3912 |
|
The inability to find a qualified name when importing a WSDL would omit the qualified name, making it hard to debug the issue. |
The qualified name that could not be found is now included in the log. |
CSD-3941 |
JAVA Runtime |
Fields did not properly supported domains with invalid domain options |
Corrected the code to handle invalid domain options in the correct way |
CSD-3931 |
|
Importing a branch export from a Studio version older than R13 could fail if it contains external libraries that require a migration. |
When an older branch export is imported into a newer Studio version, any external libraries are now correctly migrated as well. |
CSD-3930 |
|
When an inline field is present on a page, the generation of a document using the document plugin would fail |
Inline fields no longer cause the document generation plugin to fail |
BQ-13951 |
|
When a timer or due date was set to reevaluate on domain change, and on reevaluation it would yield an unknown date, an exception was thrown and process evaluation halted. |
When the timer or due date is evaluated to unknown on domain change, it is ignored. A warning is logged to alert that probably something is wrong in the domain model. |
CSD-3869 |
|
Values in a MappedJustificationTree that were already visited during the traversal of the justificationTree were added as a duplicate entry in the MappedJustificationTree leading to unnecessary memory usage. |
Visited nodes are now cached and reused if they are visited more than once. |
BQ-13195 |
|
For BAA(R)S endpoints that have a shortcut, the test path would always be read from the HTTP request, even in production mode. Test Paths are a development only feature. |
Test path properties will now be ignored when running Blueriq Runtime in Production Mode. |
10. Known issues
For an overview of known issue please refer to: Known issues