You are viewing the documentation for Blueriq 17. Documentation for other versions is available in our documentation directory.

1. Upgrade Instructions

There are no specific upgrade instructions for this release.

As a best practice

  • backup your repository
  • backup your database before running scripts
  • backup your spring.config.additional-location directory ([Blueriq installation directory]\Runtime)
  • backup any config files you have altered under [Blueriq installation directory]\Services

before you start the upgrade.

2. Artifacts

 The Blueriq artifacts are available under name: 17.3.1.96

This release includes these versions of Blueriq components with a separate life cycle:

Component

Version

Customer Data Service 5.0.3
DCM Lists Service 4.0.2
Material Theme 1.3.4
Development tools frontend 2.0.1
DCM Maintenance App 5.0.4
Audit Consumer 1.0.3
DCM Dashboard Service 2.0.2
Gateway Service 1.0.3
Document Renderer 2.2.0

3. Blueriq Libraries

ArtifactId

GroupId

License

Version in 17.3

Version in 17.3.1

geronimo-jta_1.1_spec

org.apache.geronimo.specs

Apache License 2.0

1.1.1

(error)

jakarta.activation

com.sun.activation

Eclipse Public License - v 1.0

1.2.2

(error)

asm

org.ow2.asm

3-clause BSD License

9.5

9.7

cxf-core

org.apache.cxf

Apache License 2.0

4.0.4

4.0.5

cxf-rt-bindings-soap

org.apache.cxf

Apache License 2.0

3.5.6

4.0.5

cxf-rt-bindings-xml

org.apache.cxf

Apache License 2.0

3.5.6

4.0.5

cxf-rt-databinding-jaxb

org.apache.cxf

Apache License 2.0

3.5.6

4.0.5

cxf-rt-frontend-jaxws

org.apache.cxf

Apache License 2.0

3.5.6

4.0.5

cxf-rt-frontend-simple

org.apache.cxf

Apache License 2.0

3.5.6

4.0.5

cxf-rt-transports-http

org.apache.cxf

Apache License 2.0

3.5.6

4.0.5

cxf-rt-ws-addr

org.apache.cxf

Apache License 2.0

3.5.6

4.0.5

cxf-rt-ws-policy

org.apache.cxf

Apache License 2.0

3.5.6

4.0.5

cxf-rt-wsdl

org.apache.cxf

Apache License 2.0

3.5.6

4.0.5

woodstox-core

com.fasterxml.woodstox

Apache License 2.0

6.6.1

6.6.2

4. Bug fixes

Identifier

Component

Issue

Solution

BQ-23584

Java Runtime

The XSS blacklist filter could fail to detect some patterns that may be considered potentially harmful.

The XSS blacklist filtering has been improved.

BQ-23558

Encore

In DRDs in Encore, the input node did not have the correct shape.

The shape has been corrected.

BQ-23557

Java Runtime

Three CVE's (CVE-2024-29736, CVE-2024-32007, CVE-2024-41172) have been reported on Apache CXF on versions older than 4.0.5, 3.6.4 and 3.5.9

Updated Apache CXF to the latest patch version.

CSD-5375

Java Runtime

Input values containing backslash-escaped zeroes would inadvertently be interpreted as null bytes in the XSS filtering layer, even if the original input value is not otherwise determed to be malicious.

The XSS filtering has been improved to better account for null bytes that are a result of canonicalization.

CSD-5385

Encore

Start and Message event nodes in Processes have a Message event field. While this field is required in the Runtime, it was optional in Encore. This may cause errors in the Runtime while running a model.

A validation has been added to both types of Message event fields. Encore will display a message when a Message event is not provided.

5. Known issues

For an overview of known issue please refer to: Known issues