You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.

1. Bug fixes


Identifier

Component

Issue

Solution

BQ-14474


CVE-2021-43797 & CVE-2021-23463 are reported on the runtime

CVE-2021-43797 concerns a Netty library which was updated to the latest version in which the CVE is resolved. CVE-2021-23463 concerns H2, which we only ship with the development-tools component. This component is meant to be used for development and not for production. H2 can also be used as a database backend, but this is strongly discouraged in production environments. So we have not updated the H2 library as production is unaffected.

CSD-3970

JAVA Runtime

When importing a profile.xml using the XmlConverter an exception is thrown when loading an already existing singleton entity instance.

This was a regression which occurred after the resolution of CSD-3923. When importing a profile.xml into a prefilled profile the existing singletons will be used, otherwise the imported profile instance will be used.

CSD-3912


The inability to find a qualified name when importing a WSDL would omit the qualified name, making it hard to debug the issue.

The qualified name that could not be found is now included in the log.

CSD-3931


Importing a branch export from a Studio version older than R13 could fail if it contains external libraries that require a migration.

When an older branch export is imported into a newer Studio version, any external libraries are now correctly migrated as well.

CSD-3930


When an inline field is present on a page, the generation of a document using the document plugin would fail

Inline fields no longer cause the document generation plugin to fail

2. Log4shell

Several critical CVEs were reported on the log4j-core  library. Blueriq is not affected by these CVEs, see https://www.blueriq.com/en/insights/measures-concerning-log4shell for our statement.

We do use log4j dependencies (log4j-api and log4j-to-slf4j) that are not affected, but use the same versioning scheme as the affected log4j-core library. To avoid confusion, we upgraded these libraries to the latest version 2.17.0.

3. Upgrade Instructions

There are no specific upgrade instructions for this release.

As a best practice

  • backup your repository
  • backup your database before running scripts
  • backup your spring.config.additional-location directory ([Blueriq installation directory]\Runtime)
  • backup any config files you have altered under [Blueriq installation directory]\Services

before you start the upgrade.

4. Artifacts

 The Blueriq artifacts are available under name: 13.13.11.4253

This release includes these versions of Blueriq components with a separate life cycle:

Component

Version

Customer Data Service 3.4.5
DCM Lists Service 1.4.4
Material Theme 1.0.40
Development tools 1.1.1

5. Aquima Libraries

There are no specific Library updates for this release.

6. Libraries

The third party libraries were updated in this release.

ArtifactId

GroupId

License

13.13.10

13.13.11

netty-tcnative-classes

io.netty

Apache License 2.0

(error)

2.0.46.Final

netty-transport-classes-epoll

io.netty

Apache License 2.0

(error)

4.1.72.Final

log4j-api

org.apache.logging.log4j

Apache License 2.0

2.13.3

2.17.0

log4j-to-slf4j

org.apache.logging.log4j

Apache License 2.0

2.13.3

2.17.0

netty-buffer

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-codec

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-codec-http

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-codec-http2

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-codec-socks

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-common

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-handler

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-handler-proxy

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-resolver

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-transport

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-transport-native-epoll

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

netty-transport-native-unix-common

io.netty

Apache License 2.0

4.1.69.Final

4.1.72.Final

ArtifactId

GroupId

License

3.4.1 (13.13.10)

3.4.5 (13.13.11)

log4j-api

org.apache.logging.log4j

Apache License 2.0

2.14.1

2.17.0

log4j-to-slf4j

org.apache.logging.log4j

Apache License 2.0

2.14.1

2.17.0

ArtifactId

GroupId

License

1.4.1 (13.13.10)

1.4.4 (13.13.11)

log4j-api

org.apache.logging.log4j

Apache License 2.0

2.14.1

2.17.0

log4j-to-slf4j

org.apache.logging.log4j

Apache License 2.0

2.14.1

2.17.0

7. Known issues

For an overview of known issue please refer to: Known issues