Vulnerable third-party SnakeYAML component used.

SnakeYAML has been upgraded to address CVE-2017-18640.

Project initialization list fails to be generated from Designer.Exporting an Apama project initialization list to a text file from Designer is now fixed.

Vulnerable third-party log4net component used - only affects customers using our .NET client API.

Apache log4net has been upgraded to address CVE-2018-1285.

Generic request content-type preserved in request not reconstituted.

Using a Cumulocity IoT GenericRequest event to send JSON data to Cumulocity IoT is no longer sensitive to the case used when specifying the content-type in the header.

Requests created via CumulocityRequestInterface.createRequest() do not include application key (if available).

The X-Cumulocity-Application-Key header is now included in requests from Apama to Cumulocity IoT using the CumulocityRequestInterface, which means that the deviceRequestCount will not include Apama requests.

Crash in Python plug-ins parsing from any.

A Python plug-in method that takes a parameter of the any type can crash the correlator when invoked with a parameter containing a value that is a dictionary type or an event type. This has now been fixed, along with a second crash at shutdown in certain situations when using a Python plug-in.

Generic JSON chain does not honor user-supplied content type.A regression was introduced in 10.5.3.0 where explicitly overridden content-type headers using the generic HTTP client could have a charset appended to them. This has now been fixed.

Vulnerable third-party CXF component used.

Apache Camel has been updated to 3.3.0 and Apache CXF has been updated to 3.3.6 to resolve vulnerabilities associated with the previous versions. Since this is a major update of these components, users with extensive use of the web services adapter may experience some differences in functionality.