Versions Compared

Old Version 1

changes.mady.by.user Roy Bissels

Saved on

compared with

New Version Current

changes.mady.by.user Terry van der Griend

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Identifier

Component

Issue

Solution

BQ-21304

 

Java Runtime

Several CVEs have been reported on the runtime: CVE-2023-44487 (a problem with Netty), CVE-2023-44483 (a problem with xmlsec) and CVE-2023-4759 (a problem with JGit).

All the CVEs have been addressed. CVE-2023-44487 by upgrading Netty, CVE-2023-44483 by upgrading xmlsec and CVE-2023-4759 turned out to be a false positive, it was already fixed in the version we are shipping, but the dependency checker incorrectly links the CVE to the fixed version. This is suppressed.

BQ-21279

 

Java Runtime

CVE-2023-34050 has been reported on the spring-amqp library.

For R16/15/14, this has been fixed by upgrading Spring Boot/underlying spring-amqp libraries. For older versions, there is no upgrade path. Upgrade to a more recent version of Blueriq and in the meantime take the measures as outlined by

https://spring.io/security/cve-2023-34050
Image Removed
Image Added

.