You are viewing the documentation for Blueriq 15. Documentation for other versions is available in our documentation directory.

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Identifier

Component

Issue

Solution

BQ-21304

 

Several CVEs have been reported on the runtime: CVE-2023-44487 (a problem with Netty), CVE-2023-44483 (a problem with xmlsec) and CVE-2023-4759 (a problem with JGit).

All the CVEs have been addressed. CVE-2023-44487 by upgrading Netty, CVE-2023-44483 by upgrading xmlsec and CVE-2023-4759 turned out to be a false positive, it was already fixed in the version we are shipping, but the dependency checker incorrectly links the CVE to the fixed version. This is suppressed.

BQ-21279

 

CVE-2023-34050 has been reported on the spring-amqp library.

For R16/15/14, this has been fixed by upgrading Spring Boot/underlying spring-amqp libraries. For older versions, there is no upgrade path. Upgrade to a more recent version of Blueriq and in the meantime take the measures as outlined by

https://spring.io/security/cve-2023-34050

.

BQ-21223

 

Closing a module in Encore would incorrectly contain a message that indicates that unsaved changes would be saved, but these changes remain unsaved

The message has been removed completely, as it was no longer accurate and could cause confusion

BQ-21220

Encore

BQ-21188

 

Committing on a branch without branch type could report an error in certain circumstances, as commit permissions could not be verified

Branches without branch type can now be committed normally again

CSD-4907

 

The webservice editor in Encore would not show any flows to execute for an exposed operation if the webservice is defined in a library with multiple root modules.

Webservices in libraries will now allow you to select a flow again, as well as including the flow usage as a dependency and reporting an error if the flow does not exist. This is an improvement compared to Blueriq Studio, which would fall back to a raw text input without providing validations and dependencies.

CSD-4606

Document Renderer

Setting configuration properties that already exist inside the YML file as environment variables does not override them. YML file is prioritized over environment variables.

Environment variables are now loaded last and thus override any other configuration properties source.
  • No labels

Didn't find the answer you were looking for? Try the advanced search