You are viewing the documentation for Blueriq 13. Documentation for other versions is available in our documentation directory.

1. Upgrade Instructions

There are no specific upgrade instructions for this release.

As a best practice

  • backup your repository
  • backup your database before running scripts
  • backup your spring.config.additional-location directory ([Blueriq installation directory]\Runtime)
  • backup any config files you have altered under [Blueriq installation directory]\Services

before you start the upgrade.

2. Artifacts

The Blueriq artifacts are available under name: 13.13.23.5057


Component

Version

Customer Data Service 3.4.13
DCM lists 2.0.4
Blueriq material theme 1.0.46
Development tools 1.1.3

3. Aquima Libraries

There are no specific Library updates for this release.

4. Libraries

ArtifactId

GroupId

License

Version in 13.13.22

Version in 13.13.23

netty-tcnative-classes

io.netty

Apache License 2.0

2.0.46.Final

(error)

netty-buffer

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-codec

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-codec-http

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-codec-http2

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-codec-socks

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-common

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-handler

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-handler-proxy

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-resolver

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-transport

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-transport-classes-epoll

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-transport-native-epoll

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

netty-transport-native-unix-common

io.netty

Apache License 2.0

4.1.72.Final

4.1.77.Final

spring-aop

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-beans

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-context

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-context-support

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-core

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-expression

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-jcl

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-jdbc

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-messaging

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-orm

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-oxm

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-tx

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-web

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-webflux

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

spring-webmvc

org.springframework

Apache License 2.0

5.2.21.RELEASE

5.2.22.RELEASE

5. Retirement announcement

There are no specific retirement announcements.

For a full list of deprecated features, go to Deprecated features.

6. Bug fixes

Identifier

Component

Issue

Solution

BQ-16097

Runtime

CVE-2022-22976 and CVE-2022-2298 have been detected on the Runtime. While we don't use RegexRequestMatcher, we are not vulnerable to CVE-2022-22978. We are however vulnerable to CVE-2022-22976 but only if BCrypt password encryption is used with 31 rounds.

We've updated the Spring libraries for Blueriq version 15, 14 and 13. If your project uses BCrypt encryption with 31 rounds (blueriq.security.bcrypt-strength) please follow the instructions on the this page. We have also removed the option to use 31 rounds to mitigate the CVE for Blueriq version 12.

BQ-16096

Runtime

CVE-2022-22970 and CVE-2022-22971 have been detected on the Runtime. While we don't use STOMP over Web Socket, we are not vulnerable to CVE-2022-22971. We are however vulnerable to CVE-2022-22970 due to the usage of MultipartFile in the file upload component endpoint.

We have updated the spring-boot version to 2.6.8 (spring-framework 5.3.20) for version 15 and 14. For version 13 we have updated the spring-framework version to 5.2.22.

BQ-16092

Runtime

CVE-2022-24823 was reported for netty-transport-http.

Netty has been upgraded to version 4.1.77.Final, which doesn't have the vulnerability.

CSD-4123

Runtime

Function calls from a flow would not preserve the test path.
Function calls via Rest would not take test paths into account at all.

The test path is preserved in function calls from a flow.
You can now specify test paths in function shortcuts and the function call via Rest will take the specified test path to select the project version.

CSD-4117

Runtime

Unable to upload the same document twice.

Fixed by clearing the file input value before uploading the next file.

CSD-3947

Runtime

A test path passed to an external flow would not be propagated to services that would be called before the first page in a flow.

This has been fixed.

CSD-4101

Runtime

In a BAAS, the test path would not be stored to propagate it to other services.

This has been fixed.

CSD-4053

Runtime

Sending an invalid valuelist value to a BAARS resulted in a 500 http status code, which should be a 400 status code

When sending an invalid valuelist value to a BAARS it will now send a 400 http status code, with a message that contains the invalid field.

BQ-15355 Runtime Request parameters on the url are not passed on to the Blueriq Runtime Request Parameters on URL are added as a default feature in the Blueriq Material theme. When customers base their new custom theme on the Material theme they will have this feature enabled by default.

7. Known issues

For an overview of known issue please refer to: Known issues