Thursday, March 7, 2019

JasperReports 7.1.1 security release

TIBCO JasperReports has recently been updated to fix five security vulnerabilities in the application.

Community Edition versions 7.1.0 and below are affected by four vulnerabilities that allow unauthenticated read access to the contents of the host system and a race-condition vulnerability that may allow any user with domain save privileges to gain superuser privileges. More information about these security issues can be found in the official advisories:

TIBCO has released an updated version of the application which addresses these issues. For new application deployments, including the Bitnami Launchpad, we have released JasperReports 7.1.1 containers, installers, virtual machines and cloud images that include the security fixes to address these vulnerabilities. Users launching Bitnami JasperReports via a cloud marketplace are advised to select version 7.1.1, once it is published.

In case you already have a JasperReports server, use the official documentation to upgrade the application and address these issues.

If you have further questions about this security issue or about Bitnami JasperReports, please post in our community forum. Our support team will be happy to help you there!