Jump to content

Recommended Posts

  • 3 weeks later...
  • Replies 1
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Posted

On https://blog.srcclr.com/commons-collections-deserialization-vulnerability-research-findings/ it was reported that:

  • JasperReports 6.2.0
  • JasperReports 6.0.2
  • JasperReports 3.5.2
  • JasperReports 3.5.1

amay be vulnerable to the Java deserialization vulnerability where untrusted data is deserialized. Could we please get a statement if JasperReports is vulnerable or how it can be configured to not be vulnerable?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...