You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.
Identifier |
Component |
Issue |
Solution |
---|---|---|---|
BQ-14595 |
JAVA Runtime |
CVE is reported for Jenkins plugin. Blueriq is only using the client API which is not related to Jenkins |
Suppress because it is a false positive |
BQ-14576 |
|
CVE-2021-44832 is reported on the log4j-core library. Blueriq does not use this library. The CVE is incorrectly matched to the log4j-api library that uses the same versioning scheme. This library is used by Blueriq, but it is not vulnerable. |
To avoid confusion, we upgraded the log4j libraries that Blueriq does use to the latest version. |
BQ-14557 |
|
||
BQ-14520 |
|
Logback contains a CVE which is hard to exploit but has a possible high impact (CVE-2021-42550) |
Logback has been upgraded to a new version which no longer contains this vulnarability |
CSD-3966, CSD-3403, CSD-2690 |
JAVA Runtime |
When using the AQ_RestServiceClient the response message is not interpreted when the response content type is application/problem+json |
application/problem+json is a default content type for REST response which are errors. Therefore we have added application/problem+json and application/problem+xml as accepted default content types. |