You are viewing the documentation for Blueriq 16. Documentation for other versions is available in our documentation directory.

Identifier

Component

Issue

Solution

BQ-21304

Java Runtime

Several CVEs have been reported on the runtime: CVE-2023-44487 (a problem with Netty), CVE-2023-44483 (a problem with xmlsec) and CVE-2023-4759 (a problem with JGit).

All the CVEs have been addressed. CVE-2023-44487 by upgrading Netty, CVE-2023-44483 by upgrading xmlsec and CVE-2023-4759 turned out to be a false positive, it was already fixed in the version we are shipping, but the dependency checker incorrectly links the CVE to the fixed version. This is suppressed.

BQ-21279

Java Runtime

CVE-2023-34050 has been reported on the spring-amqp library.

For R16/15/14, this has been fixed by upgrading Spring Boot/underlying spring-amqp libraries. For older versions, there is no upgrade path. Upgrade to a more recent version of Blueriq and in the meantime take the measures as outlined by

https://spring.io/security/cve-2023-34050

BQ-21278

studio

When initializing a domain schema in encore the root name is empty. Keeping it empty does not trigger a validation, but does result in a fatal runtime error.

An empty domain schema root name does not result in a runtime error anymore.

BQ-21223

Encore

Closing a module in Encore would incorrectly contain a message that indicates that unsaved changes would be saved, but these changes remain unsaved

The message has been removed completely, as it was no longer accurate and could cause confusion

BQ-21220

Encore

When you toggle a relation reference in an aggregate and that relation is located in an external library encore would report an error and the toggle wouldn't be toggled.

Toggling relation references of relations in external libraries no longer results in an error.

BQ-21188

Encore

Committing on a branch without branch type could report an error in certain circumstances, as commit permissions could not be verified

Branches without branch type can now be committed normally again

BQ-21124

case engine

When a message event value results in UNKNOWN, the value is sent as an empty list [] to the Case Engine. After this, the Case Engine tries to parse this empty list and crashes.

We have updated the Runtime and Case Engine to avoid sending empty values as an empty list, not send unknown values, throw a proper exception with descriptive message when required field is missing and allow optional fields to be empty.

BQ-21013

JAVA Runtime

Reloading a project in the development toolbar on an environment with the dcm-dashboard project active results into a session expired error.

This has been fixed.

CSD-4907

Encore

The webservice editor in Encore would not show any flows to execute for an exposed operation if the webservice is defined in a library with multiple root modules.

Webservices in libraries will now allow you to select a flow again, as well as including the flow usage as a dependency and reporting an error if the flow does not exist. This is an improvement compared to Blueriq Studio, which would fall back to a raw text input without providing validations and dependencies.

BQ-20909

installer

When installing Blueriq the Runtime conf folder contains a documents folder with all empty folders inside it, this is unexpected.

These folders where leftover from the old package document renderer in the Runtime, which had not been removed from the Installer. This has been fixed.

BQ-20864

Encore

Moving a module into a different project could loose all module elements within the module until a restart of the Studio Server.

Module elements are now properly moved along with the moved module.

CSD-4606

Document Renderer

Setting configuration properties that already exist inside the YML file as environment variables does not override them. YML file is prioritized over environment variables.

Environment variables are now loaded last and thus override any other configuration properties source.

  • No labels