You are viewing the documentation for Blueriq 14. Documentation for other versions is available in our documentation directory.

1. Bug fixes

Identifier

Component

Issue

Solution

BQ-14595

JAVA Runtime

CVE-2021-3860 is reported for Jenkins plugin. Blueriq is only using the client API which is not related to Jenkins

Suppress because it is a false positive

BQ-14576


CVE-2021-44832 is reported on the log4j-core library. Blueriq does not use this library. The CVE is incorrectly matched to the log4j-api library that uses the same versioning scheme. This library is used by Blueriq, but it is not vulnerable.

To avoid confusion, we upgraded the log4j libraries that Blueriq does use to the latest version.

BQ-14520


Logback contains a CVE which is hard to exploit but has a possible high impact (CVE-2021-42550)

Logback has been upgraded to a new version which no longer contains this vulnarability

CSD-3966, CSD-3403, CSD-2690

JAVA Runtime

When using the AQ_RestServiceClient the response message is not interpreted when the response content type is application/problem+json

application/problem+json is a default content type for REST response which are errors. Therefore we have added application/problem+json and application/problem+xml as accepted default content types.

2. Upgrade Instructions

There are no specific upgrade instructions for this release.

As a best practice

  • backup your repository
  • backup your database before running scripts
  • backup your spring.config.additional-location directory ([Blueriq installation directory]\Runtime)
  • backup any config files you have altered under [Blueriq installation directory]\Services

before you start the upgrade.

3. Artifacts

 The Blueriq artifacts are available under name: 14.7.1.4317

This release includes these versions of Blueriq components with a separate life cycle:

Component

Version

Customer Data Service 3.4.7
DCM Lists Service 1.4.6
Material Theme 1.0.40
Development tools v2 1.1.1

4. Aquima Libraries

There are no changes to the Aquima Libraries for this release.

5. Known issues

For an overview of known issue please refer to: Known issues

6. Libraries

ArtifactId

GroupId

License

Version in 14.7.0

Version in 14.7.1

log4j-api

org.apache.logging.log4j

Apache License 2.0

2.17.0

2.17.1

log4j-to-slf4j

org.apache.logging.log4j

Apache License 2.0

2.17.0

2.17.1

logback-classic

ch.qos.logback

Eclipse Public License - v 1.0

1.2.6

1.2.9

logback-core

ch.qos.logback

Eclipse Public License - v 1.0

1.2.6

1.2.9

security-logging-common

org.owasp

Apache License 2.0

1.1.6

1.1.7

security-logging-logback

org.owasp

Apache License 2.0

1.1.6

1.1.7



ArtifactId

GroupId

License

Version in 3.4.5  (Blueriq 14.7.0)

Version in 3.4.7 (Blueriq 14.7.1

httpcore

org.apache.httpcomponents

Apache License 2.0

4.4.14

4.4.15

jackson-annotations

com.fasterxml.jackson.core

Apache License 2.0

2.12.5

2.12.6

jackson-core

com.fasterxml.jackson.core

Apache License 2.0

2.12.5

2.12.6

jackson-databind

com.fasterxml.jackson.core

Apache License 2.0

2.12.5

2.12.6

jackson-datatype-jdk8

com.fasterxml.jackson.datatype

Apache License 2.0

2.12.5

2.12.6

jackson-datatype-jsr310

com.fasterxml.jackson.datatype

Apache License 2.0

2.12.5

2.12.6

jackson-module-parameter-names

com.fasterxml.jackson.module

Apache License 2.0

2.12.5

2.12.6

log4j-api

org.apache.logging.log4j

Apache License 2.0

2.17.0

2.17.1

log4j-to-slf4j

org.apache.logging.log4j

Apache License 2.0

2.17.0

2.17.1

logback-classic

ch.qos.logback

Eclipse Public License - v 1.0

1.2.6

1.2.9

logback-core

ch.qos.logback

Eclipse Public License - v 1.0

1.2.6

1.2.9

spring-amqp

org.springframework.amqp

Apache License 2.0

2.3.11

2.3.13

spring-aop

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-beans

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-boot

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-autoconfigure

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-starter

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-starter-aop

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-starter-json

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-starter-logging

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-starter-security

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-starter-web

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-context

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-core

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-data-commons

org.springframework.data

Apache License 2.0

2.5.6

2.5.7

spring-expression

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-jcl

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-jdbc

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-messaging

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-orm

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-rabbit

org.springframework.amqp

Apache License 2.0

2.3.11

2.3.13

spring-security-config

org.springframework.security

Apache License 2.0

5.5.3

5.5.4

spring-security-core

org.springframework.security

Apache License 2.0

5.5.3

5.5.4

spring-security-crypto

org.springframework.security

Apache License 2.0

5.5.3

5.5.4

spring-security-web

org.springframework.security

Apache License 2.0

5.5.3

5.5.4

spring-tx

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-web

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-webmvc

org.springframework

Apache License 2.0

5.3.12

5.3.14

ArtifactId

GroupId

License

Version in 1.4.4 (Blueriq 14.7.0)

Version in 1.4.6 (Blueriq 14.7.1)

httpcore

org.apache.httpcomponents

Apache License 2.0

4.4.14

4.4.15

jackson-annotations

com.fasterxml.jackson.core

Apache License 2.0

2.12.5

2.12.6

jackson-core

com.fasterxml.jackson.core

Apache License 2.0

2.12.5

2.12.6

jackson-databind

com.fasterxml.jackson.core

Apache License 2.0

2.12.5

2.12.6

log4j-api

org.apache.logging.log4j

Apache License 2.0

2.17.0

2.17.1

log4j-to-slf4j

org.apache.logging.log4j

Apache License 2.0

2.17.0

2.17.1

logback-classic

ch.qos.logback

Eclipse Public License - v 1.0

1.2.6

1.2.9

logback-core

ch.qos.logback

Eclipse Public License - v 1.0

1.2.6

1.2.9

spring-amqp

org.springframework.amqp

Apache License 2.0

2.3.11

2.3.13

spring-aop

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-beans

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-boot

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-autoconfigure

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-starter

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-starter-aop

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-starter-logging

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-boot-starter-security

org.springframework.boot

Apache License 2.0

2.5.6

2.5.8

spring-context

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-core

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-data-commons

org.springframework.data

Apache License 2.0

2.5.6

2.5.7

spring-data-mongodb

org.springframework.data

Apache License 2.0

3.2.6

3.2.7

spring-expression

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-jcl

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-messaging

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-rabbit

org.springframework.amqp

Apache License 2.0

2.3.11

2.3.13

spring-security-config

org.springframework.security

Apache License 2.0

5.5.3

5.5.4

spring-security-core

org.springframework.security

Apache License 2.0

5.5.3

5.5.4

spring-security-crypto

org.springframework.security

Apache License 2.0

5.5.3

5.5.4

spring-security-web

org.springframework.security

Apache License 2.0

5.5.3

5.5.4

spring-tx

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-web

org.springframework

Apache License 2.0

5.3.12

5.3.14

spring-webmvc

org.springframework

Apache License 2.0

5.3.12

5.3.14