CSD-5222

Java Runtime

Creating a custom API renderer causes an exception when the Runtime is started stating that there are multiple API renderer factories where only one is expected.

We made sure that the composite API renderer factory is injected at startup. The composite API renderer will then look up the custom renderers.

BQ-22898

Studio

If a migration change exists for a removed element, committing changes would fail if the delete itself was not included in the commit.

The migration change can now be committed without having to select the user change as well.

BQ-22868

Java Runtime

CVE-2024-22262 has been detected on the Runtime and services.

For 16, it's addressed by upgrading spring-framework to 6.16. For 15 and 14 it's addressed it by upgrading spring framework to 5.3.34.

BQ-22867

Java Runtime

CVE-2024-29857,
CVE-2024-30171, CVE-2024-30172 have been detected on the Runtime and services.

Addressed by upgrading bouncy castle to 1.78.

CSD-5229

Encore

Encore would incorrectly inherit a value list association from the first value in the set.

The type of a set is still determined by the first item, but its value list is not inherited.

CSD-5213

Java Runtime

The AQ_Timeline container would search and retrieve all timeline entries in the database if the case id or user id parameter resulted in an empty list. This could lead to possible memory and security issues.

The AQ_Timeline container will now not perform a search at all when the case id or user id paramater results in an empty list and will show an empty timeline. The reason why a timeline container is empty will now be logged.

CSD-5202

Studio

Restoring a backup would only report an error in the log when a repository could not be restored, while the restore request would succeed without indicating that the backup hadn't been fully restored.

An error response with status 500 is now returned to indicate that the backup could not be fully restored.