You are viewing the documentation for Blueriq 16. Documentation for other versions is available in our documentation directory.

1. Documentation

Documentation on the new features and improvements of this release is linked in the respective topics.

2. Upgrade Instructions

See Release 16.1 Upgrade Instructions for the upgrade instructions for this release.

As a best practice

  • backup your repository
  • backup your database before running scripts
  • backup your spring.config.additional-location directory ([Blueriq installation directory]\Runtime)
  • backup any config files you have altered under [Blueriq installation directory]\Services

before you start the upgrade.

3. Artifacts

The Blueriq artifacts are available under name: 16.2.1.1530

This release includes these versions of Blueriq components with a separate life cycle:

Component

Version

Customer Data Service 4.2.2
DCM Lists Service 3.0.4
Material Theme 1.1.12
Development tools frontend 1.5.6
DCM Maintenance App 3.0.2
Audit Consumer 0.2.3
DCM Dashboard Service 0.2.3
Gateway Service 0.1.
Document Renderer 1.1.2

4. Libraries

In this release, the set of third party libraries that is used by Blueriq was updated. When your installation of Blueriq includes custom components (artifacts that do not ship with Blueriq, such as proprietary plugins), those components should be tested for compatibility with these changes.

ArtifactId

GroupId

License

Version in 16.2

Version in 16.2.1

bcpkix-jdk15on

org.bouncycastle

Bouncy Castle License

1.70

(error)

bcprov-jdk15on

org.bouncycastle

Bouncy Castle License

1.70

(error)

bcutil-jdk15on

org.bouncycastle

Bouncy Castle License

1.70

(error)

bcpkix-jdk18on

org.bouncycastle

Bouncy Castle License

(error)

1.76

bcprov-jdk18on

org.bouncycastle

Bouncy Castle License

(error)

1.76

bcutil-jdk18on

org.bouncycastle

Bouncy Castle License

(error)

1.76

amqp-client

com.rabbitmq

Apache License 2.0

5.16.0

5.16.1

angus-activation

org.eclipse.angus

Eclipse Public License - v 1.0

2.0.0

2.0.1

commons-compiler

org.codehaus.janino

3-clause BSD License

3.1.9

3.1.10

context-propagation

io.micrometer

Apache License 2.0

1.0.2

1.0.4

hibernate-validator

org.hibernate.validator

Apache License 2.0

8.0.0.Final

8.0.1.Final

istack-commons-runtime

com.sun.istack

Eclipse Public License - v 1.0

4.1.1

4.1.2

janino

org.codehaus.janino

3-clause BSD License

3.1.9

3.1.10

jaxb-core

org.glassfish.jaxb

Eclipse Public License - v 1.0

4.0.2

4.0.3

jaxb-runtime

org.glassfish.jaxb

Eclipse Public License - v 1.0

4.0.2

4.0.3

jboss-logging

org.jboss.logging

Apache License 2.0

3.5.0.Final

3.5.3.Final

lettuce-core

io.lettuce

Apache License 2.0

6.2.4.RELEASE

6.2.5.RELEASE

log4j-api

org.apache.logging.log4j

Apache License 2.0

2.19.0

2.20.0

logback-classic

ch.qos.logback

Eclipse Public License - v 1.0

1.4.7

1.4.8

logback-core

ch.qos.logback

Eclipse Public License - v 1.0

1.4.7

1.4.8

micrometer-commons

io.micrometer

Apache License 2.0

1.10.7

1.10.9

micrometer-core

io.micrometer

Apache License 2.0

1.10.7

1.10.9

micrometer-observation

io.micrometer

Apache License 2.0

1.10.7

1.10.9

micrometer-tracing

io.micrometer

Apache License 2.0

1.0.6

1.0.8

micrometer-tracing-bridge-brave

io.micrometer

Apache License 2.0

1.0.6

1.0.8

netty-incubator-codec-classes-quic

io.netty.incubator

Apache License 2.0

0.0.40.Final

0.0.48.Final

netty-incubator-codec-native-quic

io.netty.incubator

Apache License 2.0

0.0.40.Final

0.0.48.Final

oauth2-oidc-sdk

com.nimbusds

Apache License 2.0

9.43.1

9.43.3

reactor-core

io.projectreactor

Apache License 2.0

3.5.6

3.5.8

reactor-netty

io.projectreactor.netty

Apache License 2.0

1.1.7

1.1.9

reactor-netty-core

io.projectreactor.netty

Apache License 2.0

1.1.7

1.1.9

reactor-netty-http

io.projectreactor.netty

Apache License 2.0

1.1.7

1.1.9

reactor-netty-incubator-quic

io.projectreactor.netty.incubator

Apache License 2.0

0.1.7

0.1.9

spring-amqp

org.springframework.amqp

Apache License 2.0

3.0.4

3.0.6

spring-aop

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-aspects

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-beans

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-boot

org.springframework.boot

Apache License 2.0

3.0.7

3.0.9

spring-boot-actuator

org.springframework.boot

Apache License 2.0

3.0.7

3.0.9

spring-boot-actuator-autoconfigure

org.springframework.boot

Apache License 2.0

3.0.7

3.0.9

spring-boot-autoconfigure

org.springframework.boot

Apache License 2.0

3.0.7

3.0.9

spring-boot-configuration-processor

org.springframework.boot

Apache License 2.0

3.0.7

3.0.9

spring-boot-starter

org.springframework.boot

Apache License 2.0

3.0.7

3.0.9

spring-boot-starter-actuator

org.springframework.boot

Apache License 2.0

3.0.7

3.0.9

spring-boot-starter-logging

org.springframework.boot

Apache License 2.0

3.0.7

3.0.9

spring-boot-starter-validation

org.springframework.boot

Apache License 2.0

3.0.7

3.0.9

spring-cloud-commons

org.springframework.cloud

Apache License 2.0

4.0.2

4.0.4

spring-cloud-config-client

org.springframework.cloud

Apache License 2.0

4.0.2

4.0.4

spring-cloud-config-server

org.springframework.cloud

Apache License 2.0

4.0.2

4.0.4

spring-cloud-context

org.springframework.cloud

Apache License 2.0

4.0.2

4.0.4

spring-cloud-starter

org.springframework.cloud

Apache License 2.0

4.0.2

4.0.4

spring-cloud-starter-bootstrap

org.springframework.cloud

Apache License 2.0

4.0.2

4.0.4

spring-cloud-starter-config

org.springframework.cloud

Apache License 2.0

4.0.2

4.0.4

spring-context

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-context-support

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-core

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-data-commons

org.springframework.data

Apache License 2.0

3.0.6

3.0.8

spring-data-jpa

org.springframework.data

Apache License 2.0

3.0.6

3.0.8

spring-data-keyvalue

org.springframework.data

Apache License 2.0

3.0.6

3.0.8

spring-data-mongodb

org.springframework.data

Apache License 2.0

4.0.6

4.0.8

spring-data-redis

org.springframework.data

Apache License 2.0

3.0.6

3.0.8

spring-expression

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-hateoas

org.springframework.hateoas

Apache License 2.0

2.0.4

2.0.6

spring-jcl

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-jdbc

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-ldap-core

org.springframework.ldap

Apache License 2.0

3.0.3

3.0.4

spring-messaging

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-orm

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-oxm

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-rabbit

org.springframework.amqp

Apache License 2.0

3.0.4

3.0.6

spring-retry

org.springframework.retry

Apache License 2.0

2.0.1

2.0.2

spring-security-config

org.springframework.security

Apache License 2.0

6.0.3

6.0.5

spring-security-core

org.springframework.security

Apache License 2.0

6.0.3

6.0.5

spring-security-crypto

org.springframework.security

Apache License 2.0

6.0.3

6.0.5

spring-security-ldap

org.springframework.security

Apache License 2.0

6.0.3

6.0.5

spring-security-oauth2-client

org.springframework.security

Apache License 2.0

6.0.3

6.0.5

spring-security-oauth2-core

org.springframework.security

Apache License 2.0

6.0.3

6.0.5

spring-security-oauth2-jose

org.springframework.security

Apache License 2.0

6.0.3

6.0.5

spring-security-oauth2-resource-server

org.springframework.security

Apache License 2.0

6.0.3

6.0.5

spring-security-rsa

org.springframework.security

Apache License 2.0

1.0.11.RELEASE

1.0.12.RELEASE

spring-security-web

org.springframework.security

Apache License 2.0

6.0.3

6.0.5

spring-session-core

org.springframework.session

Apache License 2.0

3.0.1

3.0.2

spring-session-data-redis

org.springframework.session

Apache License 2.0

3.0.1

3.0.2

spring-tx

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-web

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-webflux

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-webmvc

org.springframework

Apache License 2.0

6.0.9

6.0.11

spring-ws-core

org.springframework.ws

Apache License 2.0

4.0.4

4.0.5

spring-ws-security

org.springframework.ws

Apache License 2.0

4.0.4

4.0.5

spring-xml

org.springframework.ws

Apache License 2.0

4.0.4

4.0.5

txw2

org.glassfish.jaxb

Eclipse Public License - v 1.0

4.0.2

4.0.3

5. Retirement announcement

There are no specific retirement announcements.

For a full list of deprecated features, go to Deprecated features.

6. Bug fixes


Identifier

Component

Issue

Solution

BQ-20797

Tomcat

The Tomcat server that was bundled with the Blueriq installer was vulnerable to CVE-2023-28709.

Tomcat has been updated to address the vulnerability.

BQ-20769

Runtime

CVE-2023-20862 was detected for Spring security

Fixed upgrading to the latest spring boot version

BQ-20768

Runtime

CVE-20873 was detected for spring boot

Fixed by upgrading spring boot to the latest versions

BQ-20752

Gateway

CVE-2023-34035 was detected for Spring Security

upgraded spring security libraries to 6.0.5

BQ-20749

Studio

Various CVEs (CVE-2020-1045, CVE-2022-29117, CVE-2017-11770) were reported for the Studio backend, but none were applicable to the .NET version used by Blueriq

Suppressed the specific CVEs

BQ-20747

Audit Consumer, Customer Data Service, DCM Dashboard, DCM Lists Service, Gateway, Runtime, Maintenance App

CVE-2023-33201 detected for bouncy-castle lower than 1.73

upgraded to version 1.76

CSD-4853

Audit Consumer, Customer Data Service, DCM Lists Service, Runtime, Maintenance App

CVE-2023-34034 was detected for spring security

Blueriq is not affected by CVE-2023-34034 since we do not use '**' matchers and certainly not with Spring WebFlux. Nevertheless we have upgrade the spring dependencies to version that are no longer affected by this CVE.

BQ-20679

Encore

After removing the root node in a content item, the buttons for adding an inline text item node or an image nod did not add the node.

The buttons correctly add the root node when clicked.

CSD-4810

Encore

Complex aggregates were prone to infinite cycles, crashing the application

Introduced better checks for infinite cycles, preventing crashes

BQ-20565

Case engine

When a non-existent case is tried to read, the service does not end in the "caseNotFound" exit of the service call. Instead, it logs: "Could not load aggregate into profile because the aggregate does not exists in the case" and continues the default exit node

Case Engine returns proper error code and HTTP status


7. Known issues

For an overview of known issue please refer to: Known issues