You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Identifier

Component

Issue

Solution

BQ-20832

 

CVE-2023-33546 is reported on the Janino library which is used by older versions of the runtime & CDS

The Janino library has been upgraded to the latest version in which the CVE was fixed.

BQ-20797

 

The Tomcat server that was bundled with the Blueriq installer was vulnerable to CVE-2023-28709.

Tomcat has been updated to address the vulnerability.

BQ-20782

JAVA Runtime

CVE-2021-22097 was detected on spring amqp

Updated spring amqp to 2.2.22.RELEASE

BQ-20772

JAVA Runtime

CVE-2023-34462 was detected on Netty

Updated netty to 4.1.96.Final

BQ-20771

JAVA Runtime

CVE-2021-22095 was detected on spring amqp

Updated spring amqp to 2.2.22.RELEASE

BQ-20749

 

Various CVEs (CVE-2020-1045, CVE-2022-29117, CVE-2017-11770) were reported for the Studio backend, but none were applicable to the .NET version used by Blueriq

Suppressed the specific CVEs

BQ-20747

Audit Consumer, Customer Data Service, DCM Dashboard, DCM Lists Service, Gateway, JAVA Runtime, Maintenance App

CVE-2023-33201 detected for bouncy-castle lower than 1.73

upgraded to version 1.76
  • No labels

Didn't find the answer you were looking for? Try the advanced search