Skip to Content

Changes for page eMagiz Runtime - 5.0.4

Last modified by Erik Bakker on 2023/01/23 13:55
From version 8.2
edited by Erik Bakker
on 2022/06/16 13:26
Change comment: Update document after refactoring.
To version 11.1
edited by eMagiz
on 2022/06/22 13:56
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -eMagiz Mendix Connector - 5.1.0
1 +eMagiz Runtime - 5.0.4
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.ebakker
1 +XWiki.eMagiz
Content
... ... @@ -1,20 +1,12 @@
1 -Small update that fixes three specific issues.
1 +Fourth maintenance release in the eMagiz 5.0.x line. This release fixes Log4J security vulnerabilities CVE-2021-44228 and CVE-2021-45046.
2 2  
3 -Find out more in our [release blog]
3 +Find out more in our [[Release blog>>Main.Release Information.Release Blogs.pache Log4J vulnerability patch - Release blog.WebHome||target="blank"]].
4 4  
5 5  
6 -===== Minor Changes =====
7 -
8 -* Updated bundle 'com.emagiz.bundles.groovy-all' from 3.0.9.1 to 3.0.9.2
9 -* Removed bundle 'com.sun.mail.javax.mail' because it was not used anymore
10 -* Updated bundle 'com.emagiz.components.security' from 7.1.1 to 7.2.0
11 -* Updated bundle 'com.emagiz.components.http' from 7.2.1 to 7.2.2
12 -* Updated bundle 'com.emagiz.util.codec' from 6.1.0 to 6.1.1
13 -
14 14  ===== Bug Fixes =====
15 15  
16 -* The OAuth 2.0 authorization interceptor in the Rest Template component contained client 'Authentication methods’ that were invalid and caused a flow not to start in build 59. Also the clockskew is now configurable so we can handle the requirements of more oauth2 authentication providers.
17 -* The Amazon S3 authentication interceptor in the Rest Template component had a threading issue where the key would be invalid on heavy usage. The threading has been changed and is now behaving correctly.
18 -* In several flow designer components you can add Groovy scripts. Since build 59 using FastStringUtils (JSON parsing) did not work.
19 -* For Gen3 runtimes we upgraded to Spring Boot 2.6.6 to bring the latest security patches.
8 +* Updated OPS4J Pax Logging version 1.10.1 to version 1.11.11. Internally this uses Apache Log4j 2, which is updated from version 2.8.2 to 2.16.0 in this release. This fixed the following two security vulnerabilities:
9 + ** https://nvd.nist.gov/vuln/detail/CVE-2021-44228 (CVSS score 10.0 - Critical)
10 + ** https://nvd.nist.gov/vuln/detail/CVE-2021-45046 (CVSS score 3.7 - Low)
20 20  
12 +