Bugfixes
| | |
|---|
| PUB-212 | Environments with sortvalue = null caused errors. | If sortvalue is missing the environments are shown at the end. |
| PUB-202 | The following vulnerabilities on 3rd party dependencies were reported: | CVE / vulnerability | Library | Resolution |
|---|
| CVE-2019-11358 |
|
: jqueryCVE-2019-10172 : jackson-mapper-asl-1.9.13.jar| Fixed by upgrading jQuery to 3.1.4 | | CVE-2019- |
|
11358 : jquery.js16942, CVE-2019-16943, CVE : jackson | jackson-databind-2.9.10.jar | Fixed by upgrading jackson libraries to 2.10.0 | | CVE-2019-11065, CVE-2019-15052, CVE-2019-16370 |
|
: springfox-core-2.9.2.jarCVEs were fixed. | plexus-utils-2.0.6.jar | Suppressed as false positive, as it is not part of delivered code.
| | Directory traversal in org.codehaus.plexus.util.Expand | plexus-utils-2.0.6.jar | | Possible XML Injection | plexus-utils-2.0.6.jar | | A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template | handlebars-4.0.5.js | This library is used by Swagger UI 2.x, which is only available in development mode. |
|
Upgrade Instructions
There are no specific upgrade instructions but when you upgrade from version 4.x, please take a look at the Platform support and Installing Publisher 5 due to the upgrade to Java 11.
3rd Party Libraries
There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 5 libraries.