You are viewing the documentation for Blueriq 15. Documentation for other versions is available in our documentation directory.
Identifier | Component | Issue | Solution |
---|---|---|---|
BQ-16097 | Runtime | CVE-2022-22976 and CVE-2022-2298 have been detected on the Runtime. While we don't use RegexRequestMatcher, we are not vulnerable to CVE-2022-22978. We are however vulnerable to CVE-2022-22976 but only if BCrypt password encryption is used with 31 rounds. | We've updated the Spring libraries for Blueriq version 15, 14 and 13. If your project uses BCrypt encryption with 31 rounds ( |
BQ-16096 | Runtime | CVE-2022-22970 and CVE-2022-22971 have been detected on the Runtime. While we don't use STOMP over Web Socket, we are not vulnerable to CVE-2022-22971. We are however vulnerable to CVE-2022-22970 due to the usage of MultipartFile in the file upload component endpoint. | We have updated the spring-boot version to 2.6.8 (spring-framework 5.3.20) for version 15 and 14. For version 13 we have updated the spring-framework version to 5.2.22. |
BQ-16092 | Runtime | CVE-2022-24823 was reported for netty-transport-http. | Netty has been upgraded to version 4.1.77.Final, which doesn't have the vulnerability. |
CSD-4123 | Runtime | Function calls from a flow would not preserve the test path. | The test path is preserved in function calls from a flow. |
BQ-15966 | Studio | The Keycloak account console could fail to initialize | The Keycloak configuration has been adjusted to resolve the failure. |
CSD-3947 | Runtime | A test path passed to an external flow would not be propagated to services that would be called before the first page in a flow. | This has been fixed. |
CSD-4101 | Runtime | In a BAAS, the test path would not be stored to propagate it to other services. | This has been fixed. |
BQ-15883 | Runtime | Currently the runtime expects RabbitMQ configuration for handling automatic tasks, otherwise it will not start | To be able to have a runtime dedicated for user interaction, without handling automatic tasks, we introduced a property to disable executing automatic tasks. When this is the case, the runtime can start without the rabbitmq configuration required for automatic tasks. |
BQ-15355 | Runtime | Request parameters on the url are not passed on to the Blueriq Runtime | Request Parameters on URL are added as a default feature in the Blueriq Material theme. When customers base their new custom theme on the Material theme they will have this feature enabled by default. |