Wednesday, April 18, 2018

Security Release: JasperReports 6.4.3

TIBCO JasperReports has released a new update that contains multiple security enhancements, including one that prevents remote code execution. We recommend that all JasperReports installations be upgraded to its new version (JasperReports 6.4.3) immediately.

TIBCO JasperReports Library Code Sandboxing Problem - CVE-2018-5429
TIBCO JasperReports Server Information Disclosure Vulnerability - CVE-2018-5430
TIBCO JasperReports Server Cross Site Scripting Vulnerability - CVE-2018-5431

For more information about these security issues, please refer to the different advisories.

Bitnami has released Bitnami JasperReports 6.4.3 Helm charts, containers, installers, virtual machines, and cloud images in order to address these security vulnerabilities. If you already have Bitnami JasperReports running on any of these platforms, you can upgrade the application by following the official upgrade guide.

Users launching Bitnami JasperReports via a cloud provider's marketplace are advised to select version 6.4.3, once it is published. Installations based on previous versions will need to be upgraded as described above.

If you have additional questions about Bitnami JasperReports, post them in our community forum, and we will be happy to help you.