Versions 6.4.0, 6.3.2, 6.3.1, 6.3.0 and 6.2.3 and below contain a vulnerability which may allow a subset of authorized users to perform persistent cross-site scripting (XSS) attacks. Version 6.4.0 is also affected by a vulnerability which fails to prevent remote access to the contents of the web application, including key configuration files. More information about these security issues can be found in the official advisories:
https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-2017-5532
https://www.tibco.com/support/advisories/2017/11/tibco-security-advisory-november-15-2017-tibco-jasperreports-server-2017
TIBCO has released updated versions of the affected components which address these issues. For new application deployments, including the Bitnami Launchpad, we have released JasperReports 6.4.2 containers, installers, virtual machines and cloud images that include the security fixes to address these vulnerabilities. Users launching Bitnami JasperReports via a cloud marketplace are advised to select version 6.4.2, once it is published.
If you have further questions about this security issue or about Bitnami JasperReports, please post in our community forum. Our support team will be happy to help you there!