You are viewing the documentation for Blueriq 14. Documentation for other versions is available in our documentation directory.

1. Upgrade Instructions

For this release there are not specific upgrade instructions.

As a best practice

  • backup your repository
  • backup your database before running scripts
  • backup your spring.config.additional-location directory ([Blueriq installation directory]\Runtime)
  • backup any config files you have altered under [Blueriq installation directory]\Services

before you start the upgrade.

2. Artifacts

 The Blueriq artifacts are available under name: 14.11.34.6453

This release includes these versions of Blueriq components with a separate life cycle:

Component

Version

Customer Data Service 3.4.23
DCM Lists Service 2.0.11
Material Theme 1.1.3
Development tools frontend 1.3.1
Document Renderer 1.1.1

3. Libraries

ArtifactId

GroupId

License

Version in 14.11.33

Version in 14.11.34

amqp-client

com.rabbitmq

Apache License 2.0

5.13.1

5.14.3

netty-buffer

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-codec

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-codec-dns

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-codec-http

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-codec-http2

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-codec-socks

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-common

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-handler

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-handler-proxy

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-resolver

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-resolver-dns

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-resolver-dns-classes-macos

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-resolver-dns-native-macos

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-transport

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-transport-classes-epoll

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-transport-native-epoll

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

netty-transport-native-unix-common

io.netty

Apache License 2.0

4.1.94.Final

4.1.100.Final

spring-amqp

org.springframework.amqp

Apache License 2.0

2.4.12

2.4.17

spring-aop

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-beans

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-context

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-context-support

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-core

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-expression

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-jcl

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-jdbc

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-messaging

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-orm

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-oxm

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-rabbit

org.springframework.amqp

Apache License 2.0

2.4.12

2.4.17

spring-tx

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-web

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-webflux

org.springframework

Apache License 2.0

5.3.29

5.3.30

spring-webmvc

org.springframework

Apache License 2.0

5.3.29

5.3.30

woodstox-core

com.fasterxml.woodstox

Apache License 2.0

6.4.0

6.5.0

xmlsec

org.apache.santuario

Apache License 2.0

2.3.2

2.3.4


4. Retirement announcement

For this release there are no specific retirement announcements.

For a full list of deprecated features, go to Deprecated features.

5. Bug fixes

Identifier

Component

Issue

Solution

BQ-21304

Java Runtime

Several CVEs have been reported on the runtime: CVE-2023-44487 (a problem with Netty), CVE-2023-44483 (a problem with xmlsec) and CVE-2023-4759 (a problem with JGit).

All the CVEs have been addressed. CVE-2023-44487 by upgrading Netty, CVE-2023-44483 by upgrading xmlsec and CVE-2023-4759 turned out to be a false positive, it was already fixed in the version we are shipping, but the dependency checker incorrectly links the CVE to the fixed version. This is suppressed.

BQ-21279

Java Runtime

CVE-2023-34050 has been reported on the spring-amqp library.

For R16/15/14, this has been fixed by upgrading Spring Boot/underlying spring-amqp libraries. For older versions, there is no upgrade path. Upgrade to a more recent version of Blueriq and in the meantime take the measures as outlined by

https://spring.io/security/cve-2023-34050

.

6. Known issues

For an overview of known issue please refer to: Known issues


  • No labels