Page History
Identifier | Component | Issue | Solution |
---|---|---|---|
BQ-21304 |
Java Runtime | Several CVEs have been reported on the runtime: CVE-2023-44487 (a problem with Netty), CVE-2023-44483 (a problem with xmlsec) and CVE-2023-4759 (a problem with JGit). | All the CVEs have been addressed. CVE-2023-44487 by upgrading Netty, CVE-2023-44483 by upgrading xmlsec and CVE-2023-4759 turned out to be a false positive, it was already fixed in the version we are shipping, but the dependency checker incorrectly links the CVE to the fixed version. This is suppressed. |
BQ-21279 |
Java Runtime | CVE-2023-34050 has been reported on the spring-amqp library. | For R16/15/14, this has been fixed by upgrading Spring Boot/underlying spring-amqp libraries. For older versions, there is no upgrade path. Upgrade to a more recent version of Blueriq and in the meantime take the measures as outlined by https://spring.io/security/cve-2023-34050 |