You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.

1. Documentation

Documentation on the new features and improvements of this release is linked in the respective topics.

2. Upgrade Instructions

The upgrade instructions for this release can be found here.

As a best practice

  • backup your repository
  • backup your database before running scripts
  • backup your spring.config.additional-location directory ([Blueriq installation directory]\Runtime)
  • backup any config files you have altered under [Blueriq installation directory]\Services

before you start the upgrade.

3. Artifacts

 The Blueriq artifacts are available under name: 13.13.48.6354

This release includes these versions of Blueriq components with a separate life cycle:

Component

Version

Customer Data Service 3.4.22
DCM Lists Service 1.4.18
Material Theme 1.0.55
Development tools frontend 1.2.3

4. Aquima Libraries

There are no specific Library updates for this release.

5. Libraries

In this release, the set of third party libraries that is used by Blueriq was updated. When your installation of Blueriq includes custom components (artifacts that do not ship with Blueriq, such as proprietary plugins), those components should be tested for compatibility with these changes.

ArtifactId

GroupId

License

Version in 13.13.47

Version in 13.13.48

bcpkix-jdk15on

org.bouncycastle

Bouncy Castle License

1.67

(error)

bcprov-jdk15on

org.bouncycastle

Bouncy Castle License

1.67

(error)

bcpkix-jdk18on

org.bouncycastle

Bouncy Castle License

(error)

1.76

bcprov-jdk18on

org.bouncycastle

Bouncy Castle License

(error)

1.76

bcutil-jdk18on

org.bouncycastle

Bouncy Castle License

(error)

1.76

commons-compiler

org.codehaus.janino

3-clause BSD License

3.1.4

3.1.10

janino

org.codehaus.janino

3-clause BSD License

3.1.4

3.1.10

netty-buffer

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-codec

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-codec-http

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-codec-http2

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-codec-socks

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-common

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-handler

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-handler-proxy

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-resolver

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-transport

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-transport-classes-epoll

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-transport-native-epoll

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

netty-transport-native-unix-common

io.netty

Apache License 2.0

4.1.94.Final

4.1.96.Final

spring-amqp

org.springframework.amqp

Apache License 2.0

2.2.18.RELEASE

2.2.22.RELEASE

spring-ldap-core

org.springframework.ldap

Apache License 2.0

2.3.4.RELEASE

2.3.5.RELEASE

spring-rabbit

org.springframework.amqp

Apache License 2.0

2.2.18.RELEASE

2.2.22.RELEASE

spring-security-config

org.springframework.security

Apache License 2.0

5.3.9.RELEASE

5.3.13.RELEASE

spring-security-core

org.springframework.security

Apache License 2.0

5.3.9.RELEASE

5.3.13.RELEASE

spring-security-crypto

org.springframework.security

Apache License 2.0

5.3.9.RELEASE

5.3.13.RELEASE

spring-security-ldap

org.springframework.security

Apache License 2.0

5.3.9.RELEASE

5.3.13.RELEASE

spring-security-oauth2-client

org.springframework.security

Apache License 2.0

5.3.9.RELEASE

5.3.13.RELEASE

spring-security-oauth2-core

org.springframework.security

Apache License 2.0

5.3.9.RELEASE

5.3.13.RELEASE

spring-security-rsa

org.springframework.security

Apache License 2.0

1.0.9.RELEASE

1.0.12.RELEASE

spring-security-web

org.springframework.security

Apache License 2.0

5.3.9.RELEASE

5.3.13.RELEASE


6. Retirement announcement

There are no specific retirement announcements.

For a full list of deprecated features, go to Deprecated features.

7. Bug fixes

Identifier

Component

Issue

Solution

BQ-20832

Runtime, Customer Data Service

CVE-2023-33546 is reported on the Janino library which is used by older versions of the runtime & CDS

The Janino library has been upgraded to the latest version in which the CVE was fixed.

BQ-20797

Tomcat

The Tomcat server that was bundled with the Blueriq installer was vulnerable to CVE-2023-28709.

Tomcat has been updated to address the vulnerability.

BQ-20782

Runtime

CVE-2021-22097 was detected on Spring amqp

Updated Spring amqp to 2.2.22.RELEASE

BQ-20772

Runtime

CVE-2023-34462 was detected on Netty

Updated netty to 4.1.96.Final

BQ-20771

Runtime

CVE-2021-22095 was detected on Spring amqp

Updated Spring amqp to 2.2.22.RELEASE

BQ-20749

Studio

Various CVEs (CVE-2020-1045, CVE-2022-29117, CVE-2017-11770) were reported for the Studio backend, but none were applicable to the .NET version used by Blueriq

Suppressed the specific CVEs

BQ-20747

Audit Consumer, Customer Data Service, DCM Dashboard, DCM Lists Service, Gateway, Runtime, Maintenance App

CVE-2023-33201 detected for bouncy-castle lower than 1.73

Upgraded to version 1.76

8. Known issues

For an overview of known issue please refer to: Known issue