You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Bugfixes

Incident number
Summary (problem description)
Resolution
PUB-192Fix CVE-2016-10036False positive CVE. The CVE is not Applicable for the Artifactory-client library's Blueriq uses.
PUB-193Fix CVE-2019-12086The Jackson dependencies have been upgraded to version 2.9.9, which doesn't contain the vulnerability.
PUB-195

Fix CVEs: 

CVE-2019-10321
CVE-2019-10322
CVE-2019-10323
CVE-2019-10324

False positives, The CVE is not Applicable for the Artifactory-client library's Blueriq uses.
PUB-196

Fix CVEs :

CVE-2019-11269

CVE-2019-12814

CVE-2019-11269 - Fixed by upgrading to sprint security oauth to 2.3.6. 

CVE-2019-12814 - is a false positive , jackson databind is not used in such a way that the usage of the library is dangerous. 

Upgrade Instructions

There are no specific upgrade instructions but when you upgrade from version 4.x, please take a look at the Platform support and Installing Publisher 5 due to the upgrade to Java 11.

3rd Party Libraries

There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 5 libraries.


  • No labels