Note that Publisher 5 is already available, so please try to upgrade to the newest version.

Bugfixes

Incident number

Summary (problem description)

Resolution

PUB-212

Environments with sortvalue = null caused errors.

If sortvalue is missing the environments are shown at the end.

PUB-202

The following vulnerabilities on 3rd party dependencies were reported:

CVE / vulnerability	Library	Resolution
CVE-2019-11358	jquery-3.0.0.min.js	Fixed by upgrading jQuery to 3.1.4
CVE-2019-16942 CVE-2019-16943 CVE-2019-17531	jackson-databind-2.9.10.jar	Fixed by upgrading jackson libraries to 2.10.0
CVE-2019-11065, CVE-2019-15052, CVE-2019-16370	plexus-utils-2.0.6.jar	Suppressed as false positive, as it is not part of delivered code.
Directory traversal in org.codehaus.plexus.util.Expand	plexus-utils-2.0.6.jar
Possible XML Injection	plexus-utils-2.0.6.jar
A prototype pollution vulnerability in handlebars is exploitable if an attacker can control the template	handlebars-4.0.5.js	This library is used by Swagger UI 2.x, which is only available in development mode.

Upgrade Instructions

There are no upgrade instructions.

There is also a page available which lists all the 3rd party libraries that are used in the Publisher. See for more information: Blueriq Publisher 4 libraries. For a list of all known vulnerabilities please view Blueriq Publisher Vulnerabilities.

Release Date	19 Dec 2019
Content	Release 4.1.5
Download	Please contact support@blueriq.com