Release Date

30 Dec 2024

Content

Release 6.1.8

Download

UI Button

color	purple
icon	download
title	Download Blueriq
url	https://my.blueriq.com/display/CUS/Customers+Home

Panel

On this page:

Table of Contents

maxLevel	2
style	none

Bugfixes

Incident number	Summary (problem description)	Resolution
PUB-446	CVE-2024-38827 was detected on spring-security-taglibs	Updated spring-security-taglibs to the latest version
	CVE-2024-12798 and CVE-2024-12801 were detected on logback 1.4.14	Mitigated by upgrading logback to 1.5.15

Upgrade Instructions

There are no specific upgrade instructions but when you upgrade from version 6.1.5, please take a look at the Platform support and Installing Publisher 6 due to the upgrade to Java 17for this release.

3rd Party Libraries

Below is a list of changed third party libraries for this release. There is also a page available which lists all the third party libraries that are used in the Publisher. See for more information: Blueriq Publisher 6 libraries.

UI Expand

expanded	true
title	Upgrades

ArtifactId	GroupId	License	Version in 6.1.7	Version in 6.1.8
httpcore	org.apache.httpcomponents	Apache License 2.0	4.4.15	4.4.16
jackson-annotations	com.fasterxml.jackson.core	Apache License 2.0	2.13.4	2.14.3
jackson-core	com.fasterxml.jackson.core	Apache License 2.0	2.13.4	2.14.3
jackson-databind	com.fasterxml.jackson.core	Apache License 2.0	2.13.4.2	2.14.3
jcl-over-slf4j	org.slf4j	Apache License 2.0	2.0.6	2.0.16
log4j-over-slf4j	org.slf4j	Apache License 2.0	2.0.6	2.0.16
logback-classic	ch.qos.logback	Eclipse Public License - v 1.0	1.4.14	1.5.15
logback-core	ch.qos.logback	Eclipse Public License - v 1.0	1.4.14	1.5.15
slf4j-api	org.slf4j	MIT License	2.0.6	2.0.16
spring-hateoas	org.springframework.hateoas	Apache License 2.0	1.5.5	1.5.6
spring-security-acl	org.springframework.security	Apache License 2.0	5.8.11	5.8.16
spring-security-config	org.springframework.security	Apache License 2.0	5.8.11	5.8.16
spring-security-core	org.springframework.security	Apache License 2.0	5.8.11	5.8.16
spring-security-crypto	org.springframework.security	Apache License 2.0	5.8.11	5.8.16
spring-security-oauth2-core	org.springframework.security	Apache License 2.0	5.8.11	5.8.16
spring-security-oauth2-jose	org.springframework.security	Apache License 2.0	5.8.11	5.8.16
spring-security-oauth2-resource-server	org.springframework.security	Apache License 2.0	5.8.11	5.8.16
spring-security-taglibs	org.springframework.security	Apache License 2.0	5.8.11	5.8.16
spring-security-web	org.springframework.security	Apache License 2.0	5.8.11	5.8.16

Other spaces

Versions Compared

Old Version 1

New Version Current

Key

Bugfixes

Upgrade Instructions

3rd Party Libraries

Other spaces

Page History

Versions Compared

Old Version 1

New Version Current

Key

Bugfixes

Upgrade Instructions

3rd Party Libraries