On this page:

1. Upgrade Instructions

There are no specific upgrade instructions for this release.

As a best practice

backup your repository
backup your database before running scripts
backup your spring.config.additional-location directory ([Blueriq installation directory]\Runtime)
backup any config files you have altered under [Blueriq installation directory]\Services

before you start the upgrade.

2. Artifacts

The Blueriq artifacts are available under name: 13.13.21.4961

This release includes these versions of Blueriq components with a separate life cycle:

There are no specific Library updates for this release.

ArtifactId	GroupId	License	Version in 13.13.20	Version in 13.13.21
spring-security-oauth2	org.springframework.security.oauth	Apache License 2.0	2.5.1.RELEASE	2.5.2.RELEASE
spring-security-oauth2-autoconfigure	org.springframework.security.oauth.boot	Apache License 2.0	2.3.11.RELEASE	2.3.12.RELEASE

There are no specific retirement announcements.

For a full list of deprecated features, go to Deprecated features.

Identifier	Component	Issue	Solution
BQ-15778	Runtime, Customerdata, DCM Lists	CVE-2022-22968 is a follow up CVE from CVE-2022-22965. The issue is caused by the disallowedFields property in a DataBinder being case sensitive which means a field was not effectively protected unless patterns were registered with both upper and lower case for the first character of the field, including all combinations of upper and lower case for the first character of all nested fields within the property path.	Upgraded spring-framework to the version where this issue is fixed.

For an overview of known issue please refer to: Known issues