You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Identifier

Component

Issue

Solution

BQ-23584

Java Runtime

The XSS blacklist filter could fail to detect some patterns that may be considered potentially harmful.

The XSS blacklist filtering has been improved.

BQ-23558

 

In DRDs in Encore, the input node did not have the correct shape.

The shape has been corrected.

BQ-23557

Java Runtime

Three CVE's (CVE-2024-29736, CVE-2024-32007, CVE-2024-41172) have been reported on Apache CXF on versions older than 4.0.5, 3.6.4 and 3.5.9

Updated Apache CXF to the latest patch version.

CSD-5375

Java Runtime

Input values containing backslash-escaped zeroes would inadvertently be interpreted as null bytes in the XSS filtering layer, even if the original input value is not otherwise determed to be malicious.

The XSS filtering has been improved to better account for null bytes that are a result of canonicalization.

BQ-23533

 

The Maintenance app would end up in an infinite loop when an unexpected error happens during processing of a dead letter message.

Added a RetryOperationsInterceptor that will make sure that messages will send to an error exchange when an unexpected error during processing of a dead letter message happens.

CSD-5385

Encore

Start and Message event nodes in Processes have a Message event field. While this field is required in the Runtime, it was optional in Encore. This may cause errors in the Runtime while running a model.

A validation has been added to both types of Message event fields. Encore will display a message when a Message event is not provided.
  • No labels

Didn't find the answer you were looking for? Try the advanced search