BQ-24217

CVE-2024-47535 was reported on netty-common
CVE-2024-38819 was reported on spring-framework
CVE-2024-38820 was reported on spring-framework

Fixed CVE-2024-47535 by upgrading netty-common to 6.1.155.Final
Fixed CVE-2024-38819 by upgrading spring-framework 6.1.14
Fixed CVE-2024-38820 by upgrading spring-framework 6.1.14

BQ-24214

CVE-2024-47535 was reported on netty-common which is used in Blueriq Runtime

Fixed CVE-2024-47535 by upgrading netty-common

CSD-5757

Encore

The REST service editor would inadvertently interpret request attributes as required, even if they weren't.

The default value of the required state was misaligned between Encore and the Studio server backend, which has been corrected.

CSD-5745

Encore

Custom services and containers that are unexpectedly stored using generic parameters would result in an empty editor.

Such services and containers will now use the generic parameter editor, allowing its contents to be visible. It is advised to manually recreate such elements such that the custom editor experience is being used.

CSD-5740

Encore

The OpenAPI import would not generate a reusable domain schema if it was contained within an array schema, instead creating an inline schema, thereby generating multiple backing entities.

Schemas within arrays are now properly processed as reusable domain schemas if applicable.

CSD-5683

Studio

Using the Management Service to retrieve revision changes would fail if a data mapping test case is present as pending change.

Data mapping test cases no longer result in a failure of the GetRevisionChanges SOAP action.

CSD-5675

Encore

The data mapping editor would show an Accept button for unexpected attribute values, but this button wouldn't do anything when the instance itself had not been created yet in the expected profile.

The instance is now created in the expected profile as necessary.

CSD-5671

The aggregate update, read and delete services either log at info level or don't log at all when the aggregate id is of value UNKNOWN. Also when the aggregate is not available for the given id, logging is not always available.

For the aggregate update, read and delete services, when the aggregate id is of value UNKOWN an error is logged and thrown in the Runtime as this situation should not be possible. When the aggregate cannot be found for the given id, a warning is logged.

CSD-5648

When you model an ad hoc timer node with a condition value that evaluates to UNKNOWN during runtime, the timer node is skipped and reevaluated infinitely, which causes your process to infinitely loop.

After the first evaluation, the timer node now isn't reevaluated again (only if it is not repeatable), which fixes the infinite loop. Note that a condition value that evaluates to UNKNOWN in a timer node is unwanted behavior and is handled as if the timer has passed. A warning will be logged in this case.