Closed Issues
The following issues have been fixed in this release of JasperReports® Server:
| Key | Summary |
|---|---|
| JS-66980 | The Input Control value is not getting restored to its default value after navigating from child report to parent report using the Back button. |
| JS-66378 |
The proper error message is not displayed when there is an error in AdHoc View. The new AdHoc Designer UI uses a new Error handler. If the Error handler cannot identify the error, instead of showing the proper error message, it displays the following error message: |
| JS-61611 | When using countDistinct in a calculated measure, the grand total is incorrect. |
| JS-64151 |
When adding a File Type for MongoDB file creation, the UI displays two types:
Also, the following file types are mistakenly displayed on the UI:
These file types are meant for internal use only and are unusable from the user/customer side. |
| JS-64130 | A RuntimeException occurs in Jaspersoft® Studio when publishing a Google BigQuery report into JasperReports® Server. |
| JSS-3381 | When you click Edit Map, the Basic Map element displays the following error: c’s server IP address could not be found. |
| JSS-3376 | Problem adding time stamp to the exported file name in Jaspersoft® Studio using com.jaspersoft.studio.exporter.filename. |
| JSS-3360 | The post bundle properties file, the Update JRXML file, gets updated and after publishing the report the following error message was displayed:JasperReports® Server can't find the properties file. The issue was resolved on updating the resource bundle with JasperReports® Web Studio. |
| JSS-3359 | Domain fields are not loading in the JasperReports® Web Studio dataset and query editor. |
| JS-70312 | The current version of Batik 1.16 is vulnerable to CVE-2022-44729. The issue was resolved on upgrading to 1.17. |
| JS-69778 | Unable to replace dashlet when the parameter name is more than one word. |
| JS-69716 | Drill down repository hyperlinks in reports do not work in dashboards for different organizational users. |
| JS-69548 | Dashboard is not bringing the expected results. |
| JS-69507 | Input Control Queries are sent multiple times to the data source. |
| JS-69454 | Issue with report rendering and Jasperserver UI with mobile mode on iPad device. |
| JS-69329 | Reset button for charts not working in dashboard. |
| JS-69286 | When you run multiple report versions using Visualize.js, the following error message is intermittently displayed: resource.of.type.not.found. |
| JS-69067 | A dashboard with an AdHoc chart does not refresh the chart on No Data if the calculation function is Count Distinct. |
| JS-68848 | On applying a filter when the Optimize queries for domain-based reports option is enabled in the AdHoc view, the following error message is displayed: Multi-statement query not supported. |
| JS-68817 | Report with a table created using AdHoc view does not refresh and show new data as per input control selection in the dashboard |
| JS-68701 | In the AdHoc table, the Change Data Format for date column does not resolve to a new AdHoc date format. |
| JS-68632 | Issue with scroll bars in JasperReports® Server v8.1.x. The inner scroll bars in the AdHoc view editor are displayed only when the mouse is hovered around a specific area and disappears when the mouse moves elsewhere. The outer scroll bars were not useful for scrolling and viewing data. |
| JS-68620 | For JNDI jasperserver data sources, you could run report queries that can delete records from tables, posing a potential security threat. |
| JS-68404 | In AdHoc designer, when a Crosstab table is created, the columns are spread out to fill the entire width of the page. For example, if you have 2 columns, the columns are super wide and fill the entire page. |
| JS-68296 | When a table with multiple columns (for example, 20 or more) was opened in the AdHoc designer the right most fields were not displayed. The issue was found on a Windows machine, with a zoom ration of 100% and was resolved only on reducing the zoom ratio to 33%. |
| JS-68291 | JasperReports® Server 8.0 Change Password web flow is broken due to an incorrect URL. |
| JS-67945 | AdHoc crosstab with one measure in columns and many fields in rows have no scroll bars. |
| JS-67857 | Function WEEKNUM is not working. |
| JS-67587 | Calculated measure from domain showing wrong calculation. |
| JS-67350 | The AdHoc editor shows transparent fields after a certain number of columns are added to a table. |
| JS-67296 | Comma replaced decimal in Chrome after a browser language change. |
| JS-67171 | The default implementation of the earlier version of ESAPI defeated the control-flow bypass checks. ESAPI was upgraded to avoid CVE-2022-23457. |
| JS-67049 | You could view the errors from the /jasperserver-pro/rest_v2/contexts file, posing a security threat. |
| JS-66938 | When creating an AdHoc view, with full data selected, only the first 50 records are displayed. When a row is used as filter and only one value is selected in the filter, the More.. option at bottom of page is not displayed. |
| JS-66900 | Some expressions that used to work in older versions no longer work in the bundled installation of 8.1.0. |
| JS-66764 | Calculated field from the domain displays an error when used in the AdHoc view in JasperReports® Server 8.0.0. |
| JS-66759 | Setting a report as the Home page is not working. |
| JS-66402 | AdHoc view reports display blank data when the AdHoc view column is removed. |
| JS-66369 | AdHoc based reports taking time to load. |
| JS-66050 | Object cannot be used to pass container property to report in 8.0 JRS via Visualize.js. |
| JS-65960 | Data with null value cannot be shown in the AdHoc view after upgraded from 6.4.3 into 7.9.0. |
| JS-65803 | When you drill down the report, the Back button also clears the main report for Input Control values. |
| JS-65429 | Using a non-default JBoss profile during war file installation. |
| JS-65145 | Empty dataset in AdHoc can cause the time series chart to spin infinitely in some circumstances. |
| JS-62830 | When exporting the JasperReports® Server 7.5.0 dashboard data using Impala Kerberos authentication through SSL, the following content was displayed on opening the file: Bad Request.
This combination of host and port requires TLS. |
| JS-62596 | For JasperReports® Server 7.9.1, when trying to export a report using the Text Only option, the following error message is displayed: Export format txt not supported or misconfigured. |
| JS-62037 | For single value Input Control, the mandatory validation message, This field is mandatory so you must enter data, was displayed even on entering the required data. |
| JS-61832 | During a visualize user session, if the session expires, the JasperReports® Serverlogin pop up was displayed. The pop up should not be displayed. |
| JS-61440 | When picking a date from the calendar, the correct date format is dd-MM-yyyy. But, the following error message is displayed: Specify a valid value for type Date.
On changing the date format to yyyy-MM-dd, it accepts the correct date format and the message is no longer displayed. |
| JS-59656 | On passing a parameter using REST_v2, Input Control does not capture the parameter value if the parameter passed and the value in the database are in different case. |
| JS-58663 | Visualize - AdHoc View resize does not work with more than one view in a page. |
| JS-57559 | Date validation fails for pre-fetched values in AdHoc between filter. |
| JS-57426 | The function calls in JasperReports Server for Highchart properties does not run. |
| JS-57337 | Using an equals filter on a table column of type java.math.BigDecimal displays a blank page. |
| JS-56392 | REST Input Control creation uses a label as the ID. |
| JS-34829 | Exception java.lang.NoClassDefFoundError: org/apache/axis/AxisFault. Licenses not activated. |
| JS-34507 | While creating Calculated field, to reduce confusion between fields with same label ID, local bundles were created for each field. This bundle contained the label and the description for each field. |
| JS-34298 | net.sf.jasperreports.export.character.encoding is not being passed to scheduler jobs. |
| JS-34040 | Hover text is not working on the domain fields displayed in the AdHoc calculated measure web UI without locale bundle |
| JS-33753 | When exporting a JasperReports table to PowerPoint, each value was imported as an individual element. The table must behave like the PowerPoint table, providing all features of PowerPoint. |
| JS-33718 | Reduce the risk in optimizing the script to change the default AdHoc view creation option from Cross tab to Table. |
| JS-32845 | Avoid the risk of overriding the themes in production environment, the Include Themes was disabled in the Import dialog. |
| JS-31849 | Revert the product functionality to change the default AdHoc view creation option to Cross tab in the AdHoc designer. |
| JS-31684 | The REST_v2 Reports service does not set a UTF-8 charset. |
| JS-31226 | Reduce the hurdles of changing the default AdHoc view creation option from Cross tab to Table. |
| JS-30385 | Change the default AdHoc view creation option from Cross tab to Table. |
| JS-24285 | AdHoc parameter values are always NULL in the audit report. |
| JS-21535 | Applying a new bundle to a domain does not localize existing AdHoc views. |
| JS-4805 | For AdHoc Domain report Input Control, you were forced to execute a report as the Always Prompt option is not set as default. |
| JRWS-723 | On installing JasperReports® Web Studio 2.0.0 and trying to create new data adapter from Jaspersoft® Studio, then selecting the option to connect and use JasperReports® Server data source, the following error is displayed: 500: java.lang.NullPointerException. |
| JRL-1837 | Between JasperReports® Server versions 8.0.0 and 8.1.0, there were major differences in exported PDF report output. |
| JRL-1836 | Text is truncating in PDF export of the report with the Arial font extension only. |
| JRL-1832 | Extra cr/lf inserted in text string of numbers. |
| JRL-1818 | Markup regressions after adding bulleted list support in 6.19.0. |
| JRL-1399 | Missing JRPptxExporter support for Powerpoint report using tables as its content. |
| JRL-1376 | Reduce the file size by disabling the bookmarks in the report PDF output. |
| JRL-1092 | Enable locking of cells for XLSX export. |
| JRL-693 | Use password-protect to restrict access to XLSX exports. |
Security Issues
The following security issues have been fixed in this release of JasperReports Server:
| Key | Area of the Product Affected | Type of Vulnerability | Description and Impact on Users |
|---|---|---|---|
| JS-69327 | System JNDI data sources usage | Access to sensitive information |
JNDI security now enables access control to data sources. The new version includes two new JNDI data sources, namely For more information, see JasperReports® Server Administrator Guide and JasperReports® Server Security Guide. |
| JS-67049 | Query execution via Domain Designer and REST API | Access to sensitive information | A fix has been implemented to address the security vulnerability. The configuration has been extended to enhance access control, ensuring better protection of sensitive information during query execution via Domain Designer and the REST API. For more information, see JasperReports® Server Security Guide. |
| JS-67608 | N/A | Dependency on third-party libraries |
Upgraded woodstox-core and jackson to resolve following CVEs:
|
| JS-70861 | N/A | Dependency on third-party libraries |
Upgraded activemq-client to resolve following CVE:
|
| JS-70896 | N/A | Dependency on third-party libraries |
Upgraded snappy-java to resolve following CVEs:
|
| JS-70077 | N/A | Dependency on third-party libraries |
Upgraded spring-core to 5.3.29 and spring-security to 5.7.10, sqlite-jdbc to 3.42.0.0, and removed dependency on quartz-commonj to resolve following CVEs:
|
| JS-69762 | N/A | Dependency on third-party libraries |
Upgraded sqlite-jdbc to 3.42.0.0, and removed dependency on quartz-commonj to resolve following CVEs:
|
| JS-69772 | N/A | Dependency on third-party libraries |
Upgraded accessors-smart, ftpserver-core, guava, jackson, removed dependency on snappy-java to resolve following CVEs:
|
| JS-70098 | N/A | Dependency on third-party libraries |
Upgraded snowflake-jdbc, jjwt-api, json-path, mariadb-java-client to resolve following CVEs:
|
| JS-71131 | Scheduler messages | Access to sensitive information |
Previously, there was a risk of unauthorized access to sensitive information in the form of scheduled job messages. With the implemented fix:
|
| JS-71130 | Query execution using AdHoc REST API | Access to sensitive information | Earlier, there was a potential risk of executing custom functions with a vulnerable payload, leading to the unauthorized access of restricted information. To mitigate this risk, an additional validation layer has been implemented for all AdHoc functions. This validation layer is enabled by default. For detailed information, see JasperReports® Server Administrator Guide. |
| JS-71128 | Multi-tenancy UI | Cross-Site Scripting (XSS) Vulnerability | Potential XSS vulnerability fixed on mutli-tenancy page. The fix for this XSS vulnerability is implemented and active by default. No additional configuration is required. |
| JS-71122 | Repository | Cross-Site Scripting (XSS) Vulnerability | Potential XSS vulnerability fixed on repository page. The fix for this XSS vulnerability is implemented and active by default. No additional configuration is required. |
| JS-71333 | Multiple pages | Cross-Site Scripting (XSS) Vulnerability | Potential XSS vulnerability fixed across various product pages. To fix this vulnerability, additional validation layer for requests and payloads sent from the front-end side is implemented. If a request or payload is confirmed as unauthorized, you are automatically redirected to a dedicated error page. This fix is enabled by default and requires no additional configuration. |
| JS-71129 | Repository files | Malicious code execution | A security vulnerability is identified in the repository files functionality of JasperReports® Server. Previously, there was a risk of executing malicious code that could originate from files uploaded into the repository. To enhance security, additional validation measures to restrict the uploading and execution of potentially harmful files are implemented. This validation is enabled by default. However, if there is a specific requirement to modify the approved file types, see JasperReports® Server Administrator Guide for detailed instructions. |
| JS-71300 | Repository files | Malicious code execution | A security vulnerability is identified in the repository files functionality of JasperReports® Server. Previously, there was a risk of executing malicious code when downloading or opening files from the repository. To address this vulnerability, special validation measures to control which files can be opened in the browser are implemented. As a best practice the default behavior of this validation is configured to maximize security. However, if there are specific requirements to modify this default behavior, see JasperReports® Server Administrator Guide. |
| JS-71332 | JDBC drivers | Malicious code execution | A security vulnerability is identified in the JDBC drivers functionality of JasperReports® Server. Previously, there was a risk of executing malicious code when defining datasource credentials and JDBC URL with certain JDBC drivers. To address this, additional validation for JDBC datasource URLs is implemented. This validation is enabled by default, however, if there is a specific requirement to change these validation rules, see JasperReports® Server Administrator Guide. |
For information about cases fixed in previous releases, see that version's release notes. For information about your specific cases, please visit Jaspersoft Technical Support (https://www.jaspersoft.com/support).
Recommended Comments
There are no comments to display.