#28418 Vulnerability IBM MQ CVE-2024-35116 and CVE-2024-35156

Enhancement

Major

#28338

Model: Data type for time duration

#28365

Conditional formatting in TreeTableComponents

#28386

Core theme: UX improvements

#28411

ValueListener annotation for model attributes

Detail

#28056

In-App Kafka Consumer

#28318

UI actions: Conditional actions, action on transformed model, close dialog

#28319

Configure column groups InApp

#28335

Configure GotoTargets InApp

#28345

Auto-cleanup of inconsistent data statuses during account migration from #27517

#28350

Template for ExcelWriter

#28366

Tooltips should also support numbered lists.

#28370

Accelerate InternationalizeAttributeProcessor

#28405

Model annotation to create Int fields with [+]/[-] buttons

#28427

Allow StackedGoto with LayoutContainer as context

#28431

Create XML Encoding Function for TLScript

#28438

Core theme: Always display scrollbars in tables

#28439

Making the size of form tables adjustable

Bugfix

Major

#28008

D&D: Application window scrolls upwards when you try to scroll while dragging

#28162

Form editor: "Columns", "Label position" and "Line break" settings do not work properly

#28172

Core theme: Insufficient field sizes in fully editable tables

#28377

Endless loop when starting the AccessManager

#28398

Determining the number of hits of table filters leads to errors in comparison tables

#28419

Security vulnerability in Netty CVE-2024-47535

Detail

#28165

Tooltips are placed incorrectly in diagrams

#28269

Core theme: Scroll bar on HTML attribute in view mode if text contains heading

#28271

Layout editor: Missing selection for "Model component" when defining a dialog

#28280

Model cleanup: Do not derive SecurityStructure:Root from StructuredElement

#28290

TL-Script: isEmpt() does not work for Maps.

#28294

Form editor: Missing domain when setting the disabled status

#28295

ReferencePreload accesses reference columns that are not defined for the respective object

#28298

Substitution rule no longer available

#28301

Unwanted scrollbars in administration / maintenance window

#28304

Missing incremental change of "abstract"

#28307

"Mandatory" change not possible for overwritten attributes

#28313

Error when creating new columns via migration processors

#28316

Button without functionality in the "Currencies" administration view

#28317

Layout editor: Useless error message if component cannot be deleted.

#28321

Images are not scaled smaller in tables

#28322

Buttons in form templates: Error because component not (yet) available

#28323

Automatic model upgrade creates any overrides before definitions

#28326

Crash at app startup when layouts in the DB have become invalid

#28339

Display of documentation in the tooltip of types and attributes

#28340

ID column annotation is not inherited

#28342

Separate include of attribute values in a layout XML not possible

#28343

Calculated I18N attributes provide input fields in the grid

#28349

Migration processor for updating the role assignments fails with correct role assignments

#28351

Migration: Rearrangement of TLClassifer does not work

#28352

Model copy can fail when copying associations

#28353

Automatic data migration sometimes delivers unusable results

#28354

Value suggestions, tree options via TLScript: Context object is not transferred in the creation context

#28355

Error message when right-clicking on tile context table

#28359

Dynamic columns - Not possible for transient objects

#28360

Migration: Crash if annotation is to be removed but no annotation is set

#28385

No authorization for edit buttons in tables

#28390

TreeTableComponent does not work with TreeBuilder

#28399

Error in column tooltip for certain characters

#28404

Form validation fails: "Unable to process all invalids"

#28407

KnowledgeBase: Update event generation of bulk deletions too slow

#28409

Migration for initializing accesses

#28412

CreateTLObjectProcessor does not work

#28413

Newly created persons cannot be assigned to groups in the same transaction

#28417

Proxy bug - no multiple values allowed

#28418

Vulnerability IBM MQ CVE-2024-35116 and CVE-2024-35156

#28420

Vulnerability Apache Commons IO CVE-2024-47554

#28422

FormattedDefault annotation overwrites custom target model changes

#28432

Error when displaying a transient object in a table

#28434

OpenAPI: Under certain circumstances no user context in functions in the user context

#28437

Error during Excel export with large texts

Bugfix

Detail

#28418

Vulnerability IBM MQ CVE-2024-35116 and CVE-2024-35156

IbmMq SecurityIssue

IBM MQ had security vulnerabilities in the current versions, which have been fixed by updating to a new version:

CVE-2024-35116\\

A Denial of Service (DoS) vulnerability that is triggered by an error when applying configuration changes. Affected versions are IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD. (IBM X-Force ID: 290335)

CVE-2024-35156\\

A vulnerability that could allow an attacker to obtain sensitive information when detailed technical error messages are returned in the browser. This information could be used in further attacks on the system. Affected versions are IBM MQ 9.3 LTS and 9.3 CD. (IBM X-Force ID: 292766)

The vulnerabilities have been fixed by upgrading the com.ibm.mq.jakarta. client dependency from version 9.3.4.1 to 9.4.1.0. This version contains fixes for the above issues and improves the security and stability of the application.

Testing

No test.