Page History
Identifier | Component | Issue | Solution | ||||
---|---|---|---|---|---|---|---|
BQ-16182 | Runtime | CVE-2022-30126 detected in Apache Tika | Upgraded to Apache Tika 1.28.2 | BQ-16097 | Runtime | CVE-2022-22976 and CVE-2022-2298 have been detected on the Runtime. While we don't use RegexRequestMatcher, we are not vulnerable to CVE-2022-22978. We are however vulnerable to CVE-2022-22976 but only if BCrypt password encryption is used with 31 rounds. | We've updated the Spring libraries for Blueriq version 15, 14 and 13. If your project uses BCrypt encryption with 31 rounds (blueriq.security.bcrypt-strength) please follow the instructions on the this page. We have also removed the option to use 31 rounds to mitigate the CVE for Blueriq version 12. |
BQ-16096 | Runtime | CVE-2022-22970 and CVE-2022-22971 have been detected on the Runtime. While we don't use STOMP over Web Socket, we are not vulnerable to CVE-2022-22971. We are however vulnerable to CVE-2022-22970 due to the usage of MultipartFile in the file upload component endpoint. | We have updated the spring-boot version to 2.6.8 (spring-framework 5.3.20) for version 15 and 14. For version 13 we have updated the spring-framework version to 5.2.22. | ||||
BQ-16092 | Runtime | CVE-2022-24823 was reported for netty-transport-http. | Netty has been upgraded to version 4.1.77.Final, which doesn't have the vulnerability. | ||||
CSD-4123 | Runtime | Function calls from a flow would not preserve the test path. | The test path is preserved in function calls from a flow. | ||||
CSD-4117 | Runtime | Unable to upload the same document twice. | Fixed by clearing the file input value before uploading the next file. | ||||
CSD-3947 | Runtime | A test path passed to an external flow would not be propagated to services that would be called before the first page in a flow. | This has been fixed. | ||||
CSD-4101 | Runtime | In a BAAS, the test path would not be stored to propagate it to other services. | This has been fixed. | ||||
CSD-4053 | Runtime | Sending an invalid valuelist value to a BAARS resulted in a 500 http status code, which should be a 400 status code | When sending an invalid valuelist value to a BAARS it will now send a 400 http status code, with a message that contains the invalid field. |