thomas.bachmann Posted November 26, 2015 Share Posted November 26, 2015 Hi,Did the jasper suite get tested for the Java deserialization vulnerability (http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/)? It seems to also effect groovy so may be double effected.Thanks,Thomas Link to comment Share on other sites More sharing options...
thomas.bachmann Posted December 14, 2015 Author Share Posted December 14, 2015 On https://blog.srcclr.com/commons-collections-deserialization-vulnerability-research-findings/ it was reported that:JasperReports 6.2.0JasperReports 6.0.2JasperReports 3.5.2JasperReports 3.5.1amay be vulnerable to the Java deserialization vulnerability where untrusted data is deserialized. Could we please get a statement if JasperReports is vulnerable or how it can be configured to not be vulnerable? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now