You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.
Identifier |
Component |
Issue |
Solution |
---|---|---|---|
BQ-20832 |
|
CVE-2023-33546 is reported on the Janino library which is used by older versions of the runtime & CDS |
The Janino library has been upgraded to the latest version in which the CVE was fixed. |
BQ-20797 |
|
The Tomcat server that was bundled with the Blueriq installer was vulnerable to CVE-2023-28709. |
Tomcat has been updated to address the vulnerability. |
BQ-20782 |
JAVA Runtime |
CVE-2021-22097 was detected on spring amqp |
Updated spring amqp to 2.2.22.RELEASE |
BQ-20772 |
JAVA Runtime |
CVE-2023-34462 was detected on Netty |
Updated netty to 4.1.96.Final |
BQ-20771 |
JAVA Runtime |
CVE-2021-22095 was detected on spring amqp |
Updated spring amqp to 2.2.22.RELEASE |
BQ-20749 |
|
Various CVEs (CVE-2020-1045, CVE-2022-29117, CVE-2017-11770) were reported for the Studio backend, but none were applicable to the .NET version used by Blueriq |
Suppressed the specific CVEs |
BQ-20747 |
Audit Consumer, Customer Data Service, DCM Dashboard, DCM Lists Service, Gateway, JAVA Runtime, Maintenance App |
CVE-2023-33201 detected for bouncy-castle lower than 1.73 |
upgraded to version 1.76 |