You are viewing the documentation for Blueriq 14. Documentation for other versions is available in our documentation directory.

1. Upgrade Instructions

For this release there are not specific upgrade instructions.

As a best practice

  • backup your repository
  • backup your database before running scripts
  • backup your spring.config.additional-location directory ([Blueriq installation directory]\Runtime)
  • backup any config files you have altered under [Blueriq installation directory]\Services

before you start the upgrade.

2. Artifacts

 The Blueriq artifacts are available under name: 14.11.30.6353

This release includes these versions of Blueriq components with a separate life cycle:

Component

Version

Customer Data Service 3.4.22
DCM Lists Service 2.0.11
Material Theme 1.1.3
Development tools frontend 1.3.1
Document Renderer 1.1.1

3. Libraries

For this release there are no specific Library updates.

In this release, the set of third party libraries that is used by Blueriq was updated. When your installation of Blueriq includes custom components (artifacts that do not ship with Blueriq, such as proprietary plugins), those components should be tested for compatibility with these changes.

ArtifactId

GroupId

License

Version in 14.11.29

Version in 14.11.30

bcpkix-jdk15on

org.bouncycastle

Bouncy Castle License

1.68

(error)

bcprov-jdk15on

org.bouncycastle

Bouncy Castle License

1.68

(error)

jsch

com.jcraft

3-clause BSD License

0.1.55

(error)

jzlib

com.jcraft

3-clause BSD License

1.1.1

(error)

org.eclipse.jgit.ssh.jsch

org.eclipse.jgit

EDL

5.12.0.202106070339-r

(error)

bcpkix-jdk18on

org.bouncycastle

Bouncy Castle License

(error)

1.76

bcprov-jdk18on

org.bouncycastle

Bouncy Castle License

(error)

1.76

bcutil-jdk18on

org.bouncycastle

Bouncy Castle License

(error)

1.76

eddsa

net.i2p.crypto

Creative Commons CC0

(error)

0.3.0

org.eclipse.jgit.ssh.apache

org.eclipse.jgit

EDL

(error)

5.13.1.202206130422-r

sshd-common

org.apache.sshd

Apache License 2.0

(error)

2.10.0

sshd-core

org.apache.sshd

Apache License 2.0

(error)

2.10.0

sshd-osgi

org.apache.sshd

Apache License 2.0

(error)

2.10.0

sshd-sftp

org.apache.sshd

Apache License 2.0

(error)

2.10.0

brave

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-context-slf4j

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-http

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-httpasyncclient

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-httpclient

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-jms

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-kafka-clients

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-kafka-streams

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-messaging

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-mongodb

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-rpc

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-spring-rabbit

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

brave-instrumentation-spring-web

io.zipkin.brave

Apache License 2.0

5.13.7

5.13.9

commons-compiler

org.codehaus.janino

3-clause BSD License

3.1.9

3.1.10

groovy

org.codehaus.groovy

Apache License 2.0

3.0.13

3.0.17

hibernate-core

org.hibernate

LGPL 2.1

5.6.14.Final

5.6.15.Final

hibernate-entitymanager

org.hibernate

LGPL 2.1

5.6.14.Final

5.6.15.Final

httpclient

org.apache.httpcomponents

Apache License 2.0

4.5.13

4.5.14

httpcore

org.apache.httpcomponents

Apache License 2.0

4.4.15

4.4.16

jackson-annotations

com.fasterxml.jackson.core

Apache License 2.0

2.13.4

2.13.5

jackson-core

com.fasterxml.jackson.core

Apache License 2.0

2.13.4

2.13.5

jackson-databind

com.fasterxml.jackson.core

Apache License 2.0

2.13.4.2

2.13.5

jackson-dataformat-xml

com.fasterxml.jackson.dataformat

Apache License 2.0

2.13.4

2.13.5

jackson-dataformat-yaml

com.fasterxml.jackson.dataformat

Apache License 2.0

2.13.4

2.13.5

jackson-datatype-jsr310

com.fasterxml.jackson.datatype

Apache License 2.0

2.13.4

2.13.5

janino

org.codehaus.janino

3-clause BSD License

3.1.9

3.1.10

JavaEWAH

com.googlecode.javaewah

Apache License 2.0

1.1.7

1.1.13

jaxb-runtime

org.glassfish.jaxb

Eclipse Public License - v 1.0

2.3.7

2.3.8

logback-classic

ch.qos.logback

Eclipse Public License - v 1.0

1.2.11

1.2.12

logback-core

ch.qos.logback

Eclipse Public License - v 1.0

1.2.11

1.2.12

metrics-core

io.dropwizard.metrics

Apache License 2.0

4.2.13

4.2.18

micrometer-core

io.micrometer

Apache License 2.0

1.8.12

1.8.13

netty-incubator-codec-classes-quic

io.netty.incubator

Apache License 2.0

0.0.34.Final

0.0.40.Final

netty-incubator-codec-native-quic

io.netty.incubator

Apache License 2.0

0.0.34.Final

0.0.40.Final

org.eclipse.jgit

org.eclipse.jgit

EDL

5.12.0.202106070339-r

5.13.1.202206130422-r

org.eclipse.jgit.http.apache

org.eclipse.jgit

EDL

5.12.0.202106070339-r

5.13.1.202206130422-r

reactor-core

io.projectreactor

Apache License 2.0

3.4.29

3.4.31

reactor-netty

io.projectreactor.netty

Apache License 2.0

1.0.25

1.0.32

reactor-netty-core

io.projectreactor.netty

Apache License 2.0

1.0.25

1.0.32

reactor-netty-http

io.projectreactor.netty

Apache License 2.0

1.0.25

1.0.32

reactor-netty-http-brave

io.projectreactor.netty

Apache License 2.0

1.0.25

1.0.32

reactor-netty-incubator-quic

io.projectreactor.netty.incubator

Apache License 2.0

0.0.14

0.0.21

spring-amqp

org.springframework.amqp

Apache License 2.0

2.4.8

2.4.12

spring-aop

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-beans

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-boot

org.springframework.boot

Apache License 2.0

2.6.14

2.6.15

spring-boot-actuator

org.springframework.boot

Apache License 2.0

2.6.14

2.6.15

spring-boot-actuator-autoconfigure

org.springframework.boot

Apache License 2.0

2.6.14

2.6.15

spring-boot-autoconfigure

org.springframework.boot

Apache License 2.0

2.6.14

2.6.15

spring-boot-configuration-processor

org.springframework.boot

Apache License 2.0

2.6.14

2.6.15

spring-boot-starter

org.springframework.boot

Apache License 2.0

2.6.14

2.6.15

spring-boot-starter-aop

org.springframework.boot

Apache License 2.0

2.6.14

2.6.15

spring-boot-starter-data-mongodb

org.springframework.boot

Apache License 2.0

2.6.14

2.6.15

spring-boot-starter-logging

org.springframework.boot

Apache License 2.0

2.6.14

2.6.15

spring-boot-starter-validation

org.springframework.boot

Apache License 2.0

2.6.14

2.6.15

spring-cloud-commons

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.6

spring-cloud-config-client

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.7

spring-cloud-config-server

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.7

spring-cloud-context

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.6

spring-cloud-sleuth-api

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.8

spring-cloud-sleuth-autoconfigure

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.8

spring-cloud-sleuth-brave

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.8

spring-cloud-sleuth-instrumentation

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.8

spring-cloud-starter

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.6

spring-cloud-starter-bootstrap

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.6

spring-cloud-starter-config

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.7

spring-cloud-starter-sleuth

org.springframework.cloud

Apache License 2.0

3.1.1

3.1.8

spring-context

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-context-support

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-core

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-expression

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-jcl

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-jdbc

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-messaging

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-orm

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-oxm

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-rabbit

org.springframework.amqp

Apache License 2.0

2.4.8

2.4.12

spring-security-config

org.springframework.security

Apache License 2.0

5.6.9

5.6.12

spring-security-core

org.springframework.security

Apache License 2.0

5.6.9

5.6.12

spring-security-crypto

org.springframework.security

Apache License 2.0

5.6.9

5.6.12

spring-security-ldap

org.springframework.security

Apache License 2.0

5.6.9

5.6.12

spring-security-oauth2-client

org.springframework.security

Apache License 2.0

5.6.9

5.6.12

spring-security-oauth2-core

org.springframework.security

Apache License 2.0

5.6.9

5.6.12

spring-security-rsa

org.springframework.security

Apache License 2.0

1.0.10.RELEASE

1.0.12.RELEASE

spring-security-web

org.springframework.security

Apache License 2.0

5.6.9

5.6.12

spring-tx

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-web

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-webflux

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-webmvc

org.springframework

Apache License 2.0

5.3.27

5.3.29

spring-ws-core

org.springframework.ws

Apache License 2.0

3.1.4

3.1.6

spring-ws-security

org.springframework.ws

Apache License 2.0

3.1.4

3.1.6

spring-xml

org.springframework.ws

Apache License 2.0

3.1.4

3.1.6

txw2

org.glassfish.jaxb

Eclipse Public License - v 1.0

2.3.7

2.3.8

4. Retirement announcement

For this release there are no specific retirement announcements.

For a full list of deprecated features, go to Deprecated features.

5. Bug fixes

Identifier

Component

Issue

Solution

BQ-20832

Runtime, Customer Data Service

CVE-2023-33546 is reported on the Janino library which is used by older versions of the runtime & CDS

The Janino library has been upgraded to the latest version in which the CVE was fixed.

BQ-20797

Tomcat

The Tomcat server that was bundled with the Blueriq installer was vulnerable to CVE-2023-28709.

Tomcat has been updated to address the vulnerability.

BQ-20768

Runtime

CVE-20873 was detected for Spring boot

Fixed by upgrading Spring boot to the latest versions.

BQ-20749

Studio

Various CVEs (CVE-2020-1045, CVE-2022-29117, CVE-2017-11770) were reported for the Studio backend, but none were applicable to the .NET version used by Blueriq

Suppressed the specific CVEs

BQ-20747

Audit Consumer, Customer Data Service, DCM Dashboard, DCM Lists Service, Gateway, Runtime, Maintenance App

CVE-2023-33201 detected for bouncy-castle lower than 1.73

Upgraded to version 1.76

CSD-4853

Audit Consumer, Customer Data Service, DCM Lists Service, Runtime, Maintenance App

CVE-2023-34034 was detected for Spring security

Blueriq is not affected by CVE-2023-34034 since we do not use '**' matchers and certainly not with Spring WebFlux. Nevertheless we have upgrade the Spring dependencies to version that are no longer affected by this CVE.

6. Known issues

For an overview of known issue please refer to: Known issues


  • No labels