You are viewing the documentation for Blueriq 15. Documentation for other versions is available in our documentation directory.
Identifier |
Component |
Issue |
Solution |
|---|---|---|---|
BQ-20806 |
|
||
BQ-20797 |
|
The Tomcat server that was bundled with the Blueriq installer was vulnerable to CVE-2023-28709. |
Tomcat has been updated to address the vulnerability. |
BQ-20769 |
JAVA Runtime |
CVE-2023-20862 was detected for Spring security |
Fixed upgrading to the latest spring boot version |
BQ-20768 |
JAVA Runtime |
CVE-20873 was detected for spring boot |
Fixed by upgrading spring boot to the latest versions |
BQ-20749 |
|
Various CVEs (OSSINDEXCVE-2020-1045, OSSINDEXCVE-2022-29117, OSSINDEXCVE-2017-11770) were reported for the Studio backend, but none were applicable to the .NET version used by Blueriq |
Suppressed the specific CVEs |
BQ-20747 |
Audit Consumer, Customer Data Service, DCM Dashboard, DCM Lists Service, Gateway, JAVA Runtime, Maintenance App |
CVE-2023-33201 detected for bouncy-castle lower than 1.73 |
upgraded to version 1.76 |
CSD-4853 |
Audit Consumer, Customer Data Service, DCM Lists Service, JAVA Runtime, Maintenance App |
CVE-2023-34034 was detected for spring security |
Blueriq is not affected by CVE-2023-34034 since we do not use '**' matchers and certainly not with Spring WebFlux. Nevertheless we have upgrade the spring dependencies to version that are no longer affected by this CVE. |
CSD-4810 |
Encore |
Complex aggregates were prone to infinite cycles, crashing the application |
Introduced better checks for infinite cycles, preventing crashes |
BQ-20565 |
|
When a non-existent case is tried to read, the service does not end in the "caseNotFound" exit of the service call. Instead, it logs: "Could not load aggregate into profile because the aggregate does not exists in the case" and continues the default exit node |
Case Engine returns proper error code and HTTP status |
Overview
Content Tools