Page History
Identifier | Component | Issue | Solution |
---|---|---|---|
BQ-20832 |
Runtime, Customer Data Service | CVE-2023-33546 is reported on the Janino library which is used by older versions of the runtime & CDS | The Janino library has been upgraded to the latest version in which the CVE was fixed. |
BQ-20797 |
Tomcat | The Tomcat server that was bundled with the Blueriq installer was vulnerable to CVE-2023-28709. | Tomcat has been updated to address the vulnerability. |
BQ-20768 |
Runtime | CVE-20873 was detected for |
Spring boot | Fixed by upgrading |
Spring boot to the latest versions. |
BQ-20749 |
Studio | Various CVEs (CVE-2020-1045, CVE-2022-29117, CVE-2017-11770) were reported for the Studio backend, but none were applicable to the .NET version used by Blueriq | Suppressed the specific CVEs |
BQ-20747 | Audit Consumer, Customer Data Service, DCM Dashboard, DCM Lists Service, Gateway, |
Runtime, Maintenance App | CVE-2023-33201 detected for bouncy-castle lower than 1.73 |
Upgraded to version 1.76 | |
CSD-4853 | Audit Consumer, Customer Data Service, DCM Lists Service, |
Runtime, Maintenance App | CVE-2023-34034 was detected for |
Spring security | Blueriq is not affected by CVE-2023-34034 since we do not use '**' matchers and certainly not with Spring WebFlux. Nevertheless we have upgrade the |
Spring dependencies to version that are no longer affected by this CVE. |