Changes in Previous Versions

This section describes new features introduced in the Jaspersoft BI Suite Version 7.1.0 to 7.5.0 releases. For information regarding features added to Version 6 releases, see the latest 6.4.x release notes.

Version 7.5.0

JasperReports Server 7.5.0 adds these improvements:

Updated user interface. This release includes a new look and feel that is crisp and easy to navigate. It keeps the familiar layout and provides updated icons, styling, and colors throughout the application:
     The home page has a simpler layout with all BI tools in a single column and introduces a color-coding of features that is consistent throughout the application.
     The pages for creating data sources have been streamlined and color-coded.
     The Report Viewer is updated with color-coding and matching styles.
Three new visualizations. The new gauge types are the circular gauge, the multi-level gauge, and the arc gauge. These gauges have formatting properties to set minimum and maximum values, colors for value ranges, whether the value is displayed, and if so the number of decimal places and a suffix string such as the % sign.
Security. This release of JasperReports Server updates its use of cryptographic keys, for example to encrypt user passwords internally. All keys are now generated and managed in a single keystore for consistency. Keys used for encrypting export catalogs from older versions of the server have new procedures and user interface for importing into this version of the server. For more details, see the TIBCO JasperReports Server Security Guide.
Java 11. JasperReports Server runs with Java 8 and Java 11 for certain platforms, see the Platform Support document for more details.

Version 7.2

JasperReports Server 7.2 added these features:

New platforms. This release adds several new third-party platforms:
     Application servers:
Tomcat versions 9.0.1 through 9.0.17
WildFly 13, 14, 15, and 16
     Database Servers:
PostgreSQL 10.5
Accessibility Support. To help visually impaired users, we improved keyboard and screen-reader support in the report viewer. You can now navigate the main report viewer menu structure using the keyboard and hear interface descriptions using JAWS-enabled screen readers.
JasperReports Library. This new version provides dynamic control of page numbers.
Jaspersoft Studio 7.3. This new version supports Spotfire 7.11 and higher.

The configuration of the ResourceForwardingServlet servlet has changed since Release 6. For more information, refer to the New Configuration in Version 7.1.0, below.

Version 7.1.1

Version 7.1.1 was a maintenance release that included improvements requested by customers. For information about the status of specific cases, please visit TIBCO Jaspersoft Technical Support ( In addition, we updated the version of Tomcat: Apache Tomcat 8.5.34.

Version 7.1.0

JasperReports Server 7.1.0 added these improvements:

Jaspersoft Studio. Several new features are available in our report designer:
     Support for properties in datasets and query executers. Better support for fields and parameters in the Dataset and Query dialog, including support for field properties on the Fields tab and show and hide built-in parameters, and the ability to display, create, and edit parameter properties on the Parameters tab. This lets you configure your fields and parameters directly in the Dataset and Query dialog.
     Data adapters that connect to a web service. You can now create data adapters that connect to a web service. You configure these data adapters in the data adapter dialog. When you use this type of data adapter in a report, you can access it in the Dataset and Query dialog: you can auto-discover fields from a node you enter in the query dialogs and view and manage HTTP parameters on the Data Adapter tab.
     Enhanced Properties UI. The advanced properties dialog now displays a searchable list of available properties. You can create expressions, toggle the view to the old Properties dialog, and add properties for your custom classes. Most elements now support expressions in properties.
     Support for Data Snapshots. Jaspersoft Studio now lets you create a JasperReports data snapshot, which contains a sample dataset that contains all sample data necessary to run the report. Storing the data for a report makes it easier to develop reports while offline or to share a functional report with other developers.

You can still create reports and connect to the latest JasperReports Server with previous versions of Jaspersoft Studio.

New Platforms. Components included in the installer have been updated to:
     PostgreSQL 9.3.20
     Tomcat 8.5.34
     Oracle JDK 8 version 1.8.0_201 (8u201)
     Spring Framework 3.2.18
New Third-party Software Support. This release adds support for Oracle 12c as a host for the JasperReports Server repository and WebLogic 12.2.1 as the application server.
Security Improvement. JasperReports Server implements a new mechanism to protect against clickjacking attacks. To enable this mechanism, edit a configuration file.
1. Using a text editor, open the applicationContext-security-web.xml file (found in <js-install>\apache-tomcat\webapps\jasperserver-pro\WEB-INF).
2. Locate the antiClickJackingEnabled property in the webAppSecurityFilter bean, and set it to true. Setting this property to true instructs JasperReports Server to include an X-Frame-Options header in every response.
3. You can also set the antiClickJackingOption property to control the header value. Valid values are:
     DENY - JasperReports Server doesn't load into any iframe.
     SAMEORIGIN - JasperReports Server only loads into an iframe on a page in the same domain as JasperReports Server.
     ALLOW-FROM - JasperReports Server only loads in a frame on a page specified in antiClickJackingUri property.
4. If you set the antiClickJackingOption property to ALLOW-FROM, also be sure to set the antiClickJackingUri property to a valid URI.
5. Save the file and restart the server.

If you use iframes to embed JasperReports Server (including use of Visualize.js), set the antiClickJackingOption to either SAMEORIGIN (if the embedding host is on the same domain as JasperReports Server) or ALLOW-FROM (if the embedding host is on a different domain than JasperReports Server). If you use ALLOW-FROM, also set the antiClickJackingUri property.


Clickjack protection doesn't support cases in which multiple domains embed JasperReports Server.

Directory Access Control. A new option controls access to resources in the file system of the JasperReports Server host using the ResourceForwardingServlet servlet. The servlet forwards requests to handle browser caching. For example, when it receives calls to /runtime/<hex-code>/<my-resource>, it forwards them to /<my-resource>.

The servlet controls access using a whitelist that can include both resource and directory names; for simplicity here, we use the term directories.The whitelist defines the directories to which access is granted; access to other directories is denied. By default, it lists all the directories that JasperReports Server requires.


New Configuration

Note that this approach differs from the previous implementation, and requires intervention in fewer cases. In general, you don't need to change it. We recommend that any additions you make to the whitelist be considered carefully and tested thoroughly.

We advise against removing the default values from the list, as this would impair functionality.

To configure this list, edit the forwardWhitelist parameter of the ResourceForwardingServlet servlet in the web.xml file.

1. Using a text editor, open the web.xml file (found in <js-install>\apache-tomcat\webapps\jasperserver-ce\WEB-INF).
2. Locate the init-param section of the ResourceForwardingServlet servlet.
3. In the param-value section of the forwardWhitelist parameter, review the comma-separated list of directories that JasperReports Server users should be able to access. This parameter can only list directories under the jasperserver-ce deployment directory.
4. If you make changes, save the file, restart the server, and test the application thoroughly.

In a previous version, access to the application's resources was controlled by a blacklist. The blacklist has been removed in favor of this whitelist.


The previous approach sometimes required additional steps. For example, if you restricted access using the security-constraint tag in web.xml, you may have also restricted that access using the ResourceForwardingServlet servlet. This step is no longer necessary, since access is now denied by default.

If a high-priority case requires you to customize the ResourceForwardingServlet servlet and use JasperReports Server to cache a third-party resource, you might consider editing this list and making further customizations; we advise against such changes due to the security risks they might pose.