BQ-15698

JAVA Runtime

The Spring configuration in Blueriq contained a circular reference when the blueriq.session.session-manager property would be set to external.

The circular reference has been removed.

CSD-4085

Studio

Value lists that had been created in old versions of Studio could fail to load, preventing the branch from being opened

The situtation that resulted in a crash is now accounted for, allowing the branch to be opened again.

BQ-15646

Development dashboard

Selection inputs don't show any values to select anymore except for one empty value. In the case of a multivalue slection input selecting this empty entry will add an empty pill.

The issue came up after an upgrade to Angular 12. Originally it was added as a workaround, because of a bug in Blueriq Design System. The work around has been removed and the selction input works as intended again.

CSD-3983

Runtime

In some cases, the test path wouldn't be preserved after executing an automatic task.

The test path is now preserved properly after executing an automatic task.

BQ-15505

Customer Data Service, DCM Lists Service, Runtime

CVE-2020-36518 was detected on jackson-databind before 2.13.2

Fixed by upgrading to the latest version of jackson-databind which does not contain the vulnerability.

BQ-15369

Runtime

When a log level on root is set higher than INFO the audit logging isn't working anymore.

Audit logging will always work regardless of log level on root, when activated in bootstrap.properties

BQ-15359

Runtime

The AQ_GetHeaders service did not support multi valued headers. It would store the first value of a multi valued header, regardless of whether is was stored to a single valued or multi valued attribute.

We added support for multi valued headers to the AQ_GetHeaders. When a multi valued header is stored to a single valued attribute, the last value will be stored.

CSD-4063

Development dashboard

When opening the h2 console an error screen is shown instead of the h2 console

The IIS proxy in the installer sets a header which is not properly understood by tomcat serving the h2 console, resulting in the error. By setting extra headers in IIS, tomcat can properly understand the request and serve the h2 console.

CSD-4049

Runtime

Cases are locked in the database when a task is started. Unlocking the case and checking if a case is locked happens by consulting the Hibernate model. We know that Hibernate does not always synchronize with the database when we expect it, which may cause inconsistencies between case being locked/unlocked (a case may appear to be locked while it is not and vice versa).

Like acquiring the lock, unlocking/checking if the lock exists happens through the database instead of Hibernate. Also, when a case is unlocked that was not locked, an exception is thrown indicating this. Lastly, logging was added when a case is unlocked so we can see when this action happens in the log.
 
The changes may result in different behaviour of your application. Specifically, it may be more strict than before, as it is not possible anymore to for instance complete a task with case locking enabled, without a case lock being present. While this is a good thing, know that it is still possible to revert to the legacy behavior using the legacy toggle blueriq.legacy.use-legacy-case-unlocking.

CSD-3889

Runtime

Blueriq didn't offer a security property to enable session fixation protection

Blueriq now offers a property to enable session fixation protection: blueriq.security.session-fixation-protection.enabled = true