thomas.bachmann Posted November 26, 2015 Posted November 26, 2015 Hi,Did the jasper suite get tested for the Java deserialization vulnerability (http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/)? It seems to also effect groovy so may be double effected.Thanks,Thomas
thomas.bachmann Posted December 14, 2015 Author Posted December 14, 2015 On https://blog.srcclr.com/commons-collections-deserialization-vulnerability-research-findings/ it was reported that:JasperReports 6.2.0JasperReports 6.0.2JasperReports 3.5.2JasperReports 3.5.1amay be vulnerable to the Java deserialization vulnerability where untrusted data is deserialized. Could we please get a statement if JasperReports is vulnerable or how it can be configured to not be vulnerable?
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now