Versions Compared

Old Version 3

changes.mady.by.user Alexandra Aldea

Saved on

compared with

New Version 4

changes.mady.by.user Alexandra Aldea

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Release Date

 

ContentRelease 4.1.3
DownloadPlease contact support@blueriq.com 



Panel

On this page:

Table of Contents
maxLevel2
stylenone
Note

Note that Publisher 5 is already available, so please try to upgrade to the newest version.


Bugfixes

Incident number

Summary (problem description)

Resolution

PUB-196

Fix CVEs :

CVE-2019-11269

CVE-2019-12814

CVE-2019-11269 - Fixed by upgrading to sprint security oauth to 2.3.6. 

CVE-2019-12814

CVE warnings are now fixed.

- is a false positive , jackson databind is not used in such a way that the usage of the library is dangerous. 

PUB-195

Fix CVEs: 

CVE-2019-10321
CVE-2019-10322
CVE-2019-10323
CVE-2019-10324

CVE warnings are now fixedFalse positives, The CVE is not Applicable for the Artifactory-client library's Blueriq uses.
PUB-192Fix CVE-2016-10036CVE warnings are now fixed False positive CVE. The CVE is not Applicable for the Artifactory-client library's Blueriq uses.
PUB-193Fix CVE-2019-12086CVE warnings are now fixed The Jackson dependencies have been upgraded to version 2.9.9, which doesn't contain the vulnerability.

Upgrade Instructions

There are no upgrade instructions.

3rd Party Libraries

There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 4 libraries. For a list of all known vulnerabilities please view Blueriq Publisher Vulnerabilities