Jump to content
JasperReports Library 7.0 is now available ×
  • This documentation is an older version of JasperReports Server Release Notes. View the latest documentation.

    This section describes new features introduced in the Jaspersoft BI Suite Version 7 release. For information regarding features added to Version 6 releases, see the latest 6.4.x release notes.

    Version 7.1.3

    JasperReports Server 7.1.3 is a maintenance release that includes improvements requested by customers. For information about the status of specific cases, please visit TIBCO Jaspersoft Technical Support (http://support.tibco.com).

    Some components included in the installer have been updated:

    Apache Tomcat 8.5.43
    Oracle JDK 8 version 1.8.0_201 (8u201)
    PostgreSQL 9.3.20
    Phantom JS 2.1.1

    Version 7.1.1

    JasperReports Server 7.1.1 was a maintenance release that included improvements requested by customers. For information about the status of specific cases, please visit TIBCO Jaspersoft Technical Support (http://support.tibco.com).

    note-icon-ns.png.7434c4d48cc7ed73cd1ccca8bf6c8ba3.png

    The configuration of the ResourceForwardingServlet servlet has changed since 7.1. For more information, refer to the New Configuration in Version 7.1, below.

    Version 7.1

    JasperReports Server 7.1 added these features:

    Visualize.js Ad Hoc View Support. Visualize.js provides new building blocks to embed Ad Hoc views, helping application developers build modern, immersive experiences. This release includes:
         A frozen heading pane and infinite scrolling for table and crosstab components; this can greatly improve performance when viewing large result sets.
         CSS inheritance can define crosstab and table styling.
         The ability to capture attributes about table, crosstab, and chart components for use in hyperlinks.
         Object properties that help developers build their own user interfaces for selecting visualization types.
         Parameter and parameter value calls that enable dynamic view updates and custom filter controls in the surrounding application.

    note-icon-ns.png.593c0750624efa9b40a0b9b320c162bf.png

    OLAP Data Sources are not supported by Ad Hoc views in Visualize.js.

    Ad Hoc Views. Ad Hoc views and reports now offer:
         Ad Hoc View Referential Integrity - When items from a Domain are used in a dependent Ad Hoc view, removing the items from the Domain now returns an error message when editing the Ad Hoc view. You're given the option to remove the missing items from the Ad Hoc view to continue using it. The removed items no longer appear in the Data Source Selection panel.
         Time Balance Calculations. The ability to define basic Time Balance properties on measures, providing greater control of time series aggregate data.

    By default, all data are aggregated by summing time series values. New options let the user calculate aggregate time values by taking the first or last values of a time series. This benefits cases where opening and ending balance values (such as Inventory and Cash Balances) are measured. These options can change the totals to the sum of the numeric data for a period of time, as well as an average of the numeric values, the first numeric value entered for the period, and the last numeric value entered for the period.

         Grouping by Day of the Week. There is a new option for grouping time series data into Day of Week.
    Jaspersoft Studio. Several new features are available in our report designer:
         Spotfire (Version 7.5+) Infolink support. The data adapter for connecting to a Spotfire instance uses the latest public Spotfire API. Report developer create content from Spotfire data.
         Support for properties in datasets and query executers. Better support for fields and parameters in the Dataset and Query dialog, including support for field properties on the Fields tab and show and hide built-in parameters and display, create, and edit parameter properties on the Parameters tab. This lets you configure your fields and parameters directly in the Dataset and Query dialog.
         Data adapters that connect to a web service. You can now create data adapters that connect to a web service. You configure these data adapters in the data adapter dialog. When you use this type of data adapter in a report, you can access them in the Dataset and Query dialog: you can auto-discover fields from a node you enter in the query dialog and view and manage HTTP parameters on the Data Adapter tab.
         Enhanced Properties UI. The advanced properties dialog now displays a searchable list of available properties. You can create expressions, toggle the view to the old Properties dialog, and add properties for your custom classes. Most elements now support expressions in properties.
         Support for Data Snapshots. Jaspersoft Studio now lets you create a JasperReports data snapshot, which contains a sample dataset that contains all the data necessary to run the report. Storing the data for a report makes it easier to develop reports while offline or to share a functional report with other developers working on the report design.
    New Platforms. Components included in the installer have been updated to:
         PostgreSQL 9.3.20
         Tomcat 8.5.34
         Oracle JDK version 1.8.0_151 (8u151)
         Spring Framework 3.2.18
    New Third-party Software Support. This release adds support for Oracle 12c as a host for the JasperReports Server repository and WebLogic 12.2.1 as the application server.

    You can still create reports and connect to the latest JasperReports Server with previous versions of Jaspersoft Studio.

    Security Improvement. JasperReports Server implements a new mechanism to protect against clickjacking attacks. To enable this mechanism, edit a configuration file.
    1. Using a text editor, open the applicationContext-security-web.xml file (found in <js-install>apache-tomcatwebappsjasperserver-proWEB-INF).
    2. Locate the antiClickJackingEnabled property in the webAppSecurityFilter bean, and set it to true. Setting this property to true instructs JasperReports Server to include an X-Frame-Options header in every response.
    3. You can also set the antiClickJackingOption property to control the header value. Valid values are:
         DENY - JasperReports Server doesn't load into any iframe.
         SAMEORIGIN - JasperReports Server only loads into an iframe on a page in the same domain as JasperReports Server.
         ALLOW-FROM - JasperReports Server only loads in a frame on a page specified in antiClickJackingUri property.
    4. If you set the antiClickJackingOption property to ALLOW-FROM, also set the antiClickJackingUri property to a valid URI.
    5. Save the file and restart the server.

    note-icon-ns.png.f6588a1751e7a235c4ad5251be600b7d.png

    If you use iframes to embed JasperReports Server (including use of Visualize.js), set the antiClickJackingOption to either SAMEORIGIN (if the embedding host is on the same domain as JasperReports Server) or ALLOW-FROM (if the embedding host is on a different domain than JasperReports Server). If you use ALLOW-FROM, also set the antiClickJackingUri property.

     

    Clickjack protection doesn't support cases in which multiple domains embed JasperReports Server.

    Directory Access Control. A new option controls access to resources in the file system of the JasperReports Server host using the ResourceForwardingServlet servlet. The servlet forwards requests to handle browser caching. For example, when it receives calls to /runtime/<hex-code>/<my-resource>, it forwards them to /<my-resource>.

    The servlet controls access using a whitelist that can include both resource and directory names; for simplicity here, we use the term directories.The whitelist defines the directories to which access is granted; access to other directories is denied. By default, it lists all the directories that JasperReports Server requires.

     

    New Configuration

    warning-icon-ns.png.e14b47a21cb82560fc453da0adb9d1b4.png

    Note that this approach differs from the previous implementation, and requires intervention in fewer cases. In general, you don't need to change it. We recommend that any additions you make to the whitelist be considered carefully and tested thoroughly.

    We advise against removing the default values from the list, as this would impair functionality.

    To configure this list, edit the forwardWhitelist parameter of the ResourceForwardingServlet servlet in the web.xml file.

    1. Using a text editor, open the web.xml file (found in <js-install>apache-tomcatwebappsjasperserver-proWEB-INF).
    2. Locate the init-param section of the ResourceForwardingServlet servlet.
    3. In the param-value section of the forwardWhitelist parameter, review the comma-separated list of directories that JasperReports Server users should be able to access. This parameter can only list directories under the jasperserver-pro deployment directory.
    4. If you make changes, save the file, restart the server, and test the application thoroughly.

    note-icon-ns.png.36a4f78c9161ed4f2942c7d474e82008.png

    In the previous version, access to the application's resources was controlled by a blacklist. The blacklist has been removed in favor of this whitelist.

     

    The previous approach sometimes required additional steps. For example, if you restricted access using the security-constraint tag in web.xml, you may have also restricted that access using the ResourceForwardingServlet servlet. This step is no longer necessary, since access is now denied by default.

    If a high-priority case requires you to customize the ResourceForwardingServlet servlet and use JasperReports Server to cache a third party resource, you might consider editing this list and making further customizations; we advise against such changes due to the security risks they might pose.

     


    User Feedback

    Recommended Comments

    There are no comments to display.



    Guest
    This is now closed for further comments

×
×
  • Create New...