Bloomreach Experience Manager (PaaS/Self-Hosted) - The Fast and Flexible Headless CMS

Apache CXF vulnerability (CVE-2021-22696)

06-07-2021 affects versions : 14.5, 13.4, 12.6

PDFBox Vulnerability (CVE-2021-27906, CVE-2021-27807)

06-07-2021 affects versions : 14.5, 13.4, 12.6

Elasticsearch REST client vulnerability (CVE-2021-22134)

06-07-2021 affects versions : 14.5, 13.4, 12.6

RESTEasy vulnerability (CVE-2021-20289)

06-07-2021 affects versions : 14.5, 13.4, 12.6

CKEditor vulnerability

06-07-2021 affects versions : 14.5, 13.4, 12.6

Improve disabling access to external entities in XML parsing for TransformerFactory

10-05-2021 affects versions : 14.5

Groovy XML vulnerability

13-04-2021 affects versions : 14.4, 13.4, 12.6

Moment.js vulnerability

13-04-2021 affects versions : 13.4, 12.6

Minimist.js vulnerability

13-04-2021 affects versions : 13.4

Apache HttpClient vulnerability (CVE-2020-13956)

13-04-2021 affects versions : 14.4, 13.4, 12.6

Vulnerability in Bouncy Castle Crypto Package

13-04-2021 affects versions : 14.4, 13.4, 12.6

Vulnerability in MyBatis before 3.5.6

08-12-2020 affects versions : 14.3, 13.4, 12.6

Elasticsearch REST client vulnerability

08-12-2020 affects versions : 14.3, 13.4, 12.6

Vulnerabilities in jQuery library before version 3.5.0

08-12-2020 affects versions : 14.3, 13.4, 12.6

Apache Groovy Information Disclosure

08-12-2020 affects versions : 14.3, 13.4, 12.6

Vulnerability in Spring Core 5

29-10-2020 affects versions : 14.2, 13.4, 12.6

Reported vulnerability in hippo-addon-2fa-duosecurity related to embedded jquery

27-10-2020 affects versions : 14.2, 13.4, 12.6

Spring security core v.5.3 null initialization vector

27-10-2020 affects versions : 14.2, 13.4, 12.6

Vulnerability in embedded resteasy-jaxrs for Camunda

27-10-2020 affects versions : 14.2, 13.4, 12.6

Multiple vulnerabilities in Apache Solr dependency

27-10-2020 affects versions : 14.2, 13.4, 12.6

DoS attack vulnerabilities in Apache Sanselan

27-10-2020 affects versions : 13.4, 12.6

The text editor contains a Stored Cross-Site Scripting vulnerability

27-10-2020 affects versions : 14.2

Reflected Cross-Site Scripting found in the “loginmessage” parameter.

27-10-2020 affects versions : 14.2

Cross-site scripting found in the translations folder menu

27-10-2020 affects versions : 14.2, 13.4, 12.6

Error Handling - Do not include error details in the default jsp error pages

27-10-2020 affects versions : 14.2, 13.4, 12.6

Get Started

Build a Website

Relevance Trail

Feed an AngularJS App

Deploy in BloomReach Cloud

Use Blue-Green Deployment in BloomReach Cloud

Understand

Implement

Extend

Integrate

Run

Upgrade

Develop

Use

Bloomreach Documentation version

Security Updates