You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.
Identifier | Component | Issue | Solution |
|---|---|---|---|
BQ-23584 | Java Runtime | The XSS blacklist filter could fail to detect some patterns that may be considered potentially harmful. | The XSS blacklist filtering has been improved. |
BQ-23558 | Encore | In DRDs in Encore, the input node did not have the correct shape. | The shape has been corrected. |
BQ-23557 | Java Runtime | Three CVE's (CVE-2024-29736, CVE-2024-32007, CVE-2024-41172) have been reported on Apache CXF on versions older than 4.0.5, 3.6.4 and 3.5.9 | Updated Apache CXF to the latest patch version. |
CSD-5375 | Java Runtime | Input values containing backslash-escaped zeroes would inadvertently be interpreted as null bytes in the XSS filtering layer, even if the original input value is not otherwise determed to be malicious. | The XSS filtering has been improved to better account for null bytes that are a result of canonicalization. |
CSD-5385 | Encore | Start and Message event nodes in Processes have a Message event field. While this field is required in the Runtime, it was optional in Encore. This may cause errors in the Runtime while running a model. | A validation has been added to both types of Message event fields. Encore will display a message when a Message event is not provided. |
Overview
Content Tools