Page History
Identifier | Component | Issue | Solution |
|---|---|---|---|
BQ-23584 | Java Runtime | The XSS blacklist filter could fail to detect some patterns that may be considered potentially harmful. | The XSS blacklist filtering has been improved. |
BQ-23557 | Java Runtime | Three CVE's (CVE-2024-29736, CVE-2024-32007, CVE-2024-41172) have been reported on Apache CXF on versions older than 4.0.5, 3.6.4 and 3.5.9 | Updated Apache CXF to the latest patch version. |
CSD-5375 | Java Runtime | Input values containing backslash-escaped zeroes would inadvertently be interpreted as null bytes in the XSS filtering layer, even if the original input value is not otherwise determed to be malicious. | The XSS filtering has been improved to better account for null bytes that are a result of canonicalization. |
BQ-23533
The Maintenance app would end up in an infinite loop when an unexpected error happens during processing of a dead letter message.
Added a RetryOperationsInterceptor that will make sure that messages will send to an error exchange when an unexpected error during processing of a dead letter message happens.
CSD-5385 | Encore | Start and Message event nodes in Processes have a Message event field. While this field is required in the Runtime, it was optional in Encore. This may cause errors in the Runtime while running a model. | A validation has been added to both types of Message event fields. Encore will display a message when a Message event is not provided. |
Overview
Content Tools