You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

Identifier

Component

Issue

Solution

BQ-23628

Encore

A CVE was reported on the NPM library fast-xml-parser

Upgraded fast-xml-parser to 4.4.1 which contains a fix for the CVE

CSD-5464

Java Runtime, Studio

Creating a project export would consume significantly more memory and take longer than versions before 17.1

When creating an unencrypted project export, memory usage has been reduced to be similar or even less than it was before 17.1. Memory usage of loading projects in the runtime has also been reduced. Encrypting a project export remains to require more resources than it used to.

CSD-5465

Studio

Unit tests would inadvertently fail for multivalued attributes that evaluate to unknown.

Testing a multivalued attribute for unknown is not correctly handled when comparing the actual value against the expected value.

CSD-5461

Java Runtime

Rendering a page as XML would fail for unnamed inline text items

Unnamed inline text items are now correctly rendered to XML

BQ-23569

Encore

Usages of flow events and process events from flows and task mappings may not be listed as a dependency.

Flow and process event usages in flows and task mappings will now show up as dependency. This also addresses incomplete rename operations for those elements.

BQ-23544

Java Runtime

When JWT type login is used in conjunction with Audit logging, every keep-alive request would be logged as successful login, polluting the audit log.

We have removed JWT token validation from the audit log.

BQ-23533

Maintenance App

The Maintenance app would end up in an infinite loop when an unexpected error happens during processing of a dead letter message.

Added a RetryOperationsInterceptor that will make sure that messages will send to an error exchange when an unexpected error during processing of a dead letter message happens.

CSD-5427

Java Runtime

AquimaSessionMap.getAvailableSessionIds(…) can cause a lot of “scan“ requests to Redis wich decrease performanceThe AquimaSessionMap.getAvailableSessionIds(…) now uses the "keys" method which should be faster in this particular case.

CSD-5389

Java Runtime

There was a difference in the behavior of the old StartController and the new (JSON) StartController, which lead to unexpected behavior when switching from the built-in theme to a hosted theme.

The workings of the StartControllers has been corrected to match again.

CSD-5328

Java Runtime

An exception is not caught when the Redis CONFIG command is not enabled, resulting in the runtime to not start.

This issue has been resolved and added to our automated tests.

BQ-23068

Java Runtime

A user could upload a file with an extension that didn't match the file content, when an extension that was present in the allowed extensions did match the file content.
For example, if a user uploads a plain text file called 'chart.xslx', this would get accepted if both xslx and txt were in the list of allowed extensions.

Because of security reasons, the Blueriq Runtime from now on refuses file uploads where the file content and the file extension do not match. The user will get an error stating this fact. The error message in customizable in messages.properties, by setting a value for key fileupload.validation.content.

CSD-5117

Gateway

The Identity Provider selection page for the Blueriq Gateway contained CSS resources from the internet, causing the page to be unformatted in environments that do not have internet access.

The resources have been made available locally.

  • No labels