Page History
Identifier | Component | Issue | Solution |
---|---|---|---|
BQ- |
16097 | Runtime |
Upgraded to apache tika 1.28.2
BQ-16097
2298 have been detected on the Runtime. While we don't use RegexRequestMatcher, we are not vulnerable to CVE-2022-22978. We are however vulnerable to CVE-2022-22976 but only if BCrypt password encryption is used with 31 rounds. | We've updated the Spring libraries for Blueriq version 15, 14 and 13. If your project uses BCrypt encryption with 31 rounds (blueriq.security.bcrypt-strength) please follow the instructions on the |
this page. We have also removed the option to use 31 rounds to mitigate the CVE for Blueriq version 12. | |
BQ-16096 | Runtime |
CVE-2022-22970 and CVE-2022-22971 have been detected on the Runtime. While we don't use STOMP over Web Socket, we are not vulnerable to CVE-2022-22971. We are however vulnerable to CVE-2022-22970 due to the usage of MultipartFile in the file upload component endpoint. | We have updated the spring-boot version to 2.6.8 (spring-framework 5.3.20) for version 15 and 14. For version 13 we have updated the spring-framework version to 5.2.22. |
BQ-16092 |
Runtime | CVE-2022-24823 was reported for netty-transport-http. | Netty has been upgraded to version 4.1.77.Final, which doesn't have the vulnerability. |
CSD-4123 |
Runtime | Function calls from a flow would not preserve the test path. | The test path is preserved in function calls from a flow. |
CSD-4117 |
Runtime | Unable to upload the same document twice. | Fixed by clearing the file input value before uploading the next file. |
CSD-3947 |
Runtime | A test path passed to an external flow would not be propagated to services that would be called before the first page in a flow. | This has been fixed. |
CSD-4101 |
Runtime | In a BAAS, the test path would not be stored to propagate it to other services. | This has been fixed. |
CSD-4053 |
Runtime | Sending an invalid valuelist value to a BAARS resulted in a 500 http status code, which should be a 400 status code | When sending an invalid valuelist value to a BAARS it will now send a 400 http status code, with a message that contains the invalid field. | |
BQ-15355 | Runtime | Request parameters on the url are not passed on to the Blueriq Runtime | Request Parameters on URL are added as a default feature in the Blueriq Material theme. When customers base their new custom theme on the Material theme they will have this feature enabled by default. |