The purpose of this article is to provide the list of issues addressed in the most current cumulative hotfix build for JasperReports Server 9.0.x. The hotfix package itself can be downloaded from https://support.tibco.com/wolken-support/file_structure (requires login).
For more details please review the readme file in the hotfix package.
All the hotfixes are cumulative, meaning that the latest one contains all the fixes included in all the previous hotfix builds for the given product version.
Below is the list of issues addressed by each build/package.
hotfix_JRSPro9.0.0_cumulative_20241209_2315.zip
- JS-73388 - Configuration createColumnCrosstabHeaders not working for adhoc reports
hotfix_JRSPro9.0.0_cumulative_20241206_0059.zip
- JS-74097 - Saving dashboard failed with error "Folder not found at xxx"
- JS-71898 - After session timeout, the GUID in the URL resulted in its invalidation, leading to a crash of the user's page intermittently.
hotfix_JRSPro9.0.0_cumulative_20241204_0626.zip
- JS-71751 Remove hibernate-jmx and upgrade hibernate-validator to fix CVE-2019-14900, CVE-2020-25638, CVE-2019-10219, CVE-2020-10693
- JS-70906 [Case #02159689] Duplicate Reports Showing in UI - additional refactors to methodOverride logic.
hotfix_JRSPro9.0.0_cumulative_20241202_2255.zip
- JSSEC-105 - Normalizing the URL to avoid path traversal vulnerability
hotfix_JRSPro9.0.0_cumulative_20241127_1935.zip
- JS-74069 - The cascading date picker input control is not functioning for multiple reports
hotfix_JRSPro9.0.0_cumulative_20241127_1317.zip
- JS-73681 - Ad Hoc View with date filters fails to open with java.util.ConcurrentModificationException
- JS-73689 - Ad Hoc View with date filters intermittently fails to open with QueryValidationException error
hotfix_JRSPro9.0.0_cumulative_20241126_0806.zip
- JS-73692 [Case #02285946] - Not able to use the output filename of the scheduler with special characters
- JRL-1954 - Chart tooltips in PDF export
hotfix_JRSPro9.0.0_cumulative_20241120_0242.zip
- JS-73981 - [case #2296759]Job Status Email Content Repeated Twice After applying JRS 9.0 Hotfixes
hotfix_JRSPro9.0.0_cumulative_20241119_0141.zip
- JS-74103 - [case #2303414]Urgent: Incorrect dest_type Default Value in Oracle Upgrade Script for JasperReports Server 9.0.0 - updated dest_type default value to 1
hotfix_JRSPro9.0.0_cumulative_20241113_0201.zip
- JS-71577 Single Select Query Input Control displaying incorrect selected value when we search for a value
hotfix_JRSPro9.0.0_cumulative_20241110_2315.zip
- JS-73206 - Calculated Measure unable to concatenate more than 2 string with the Amazon Redshift Data Driver
hotfix_JRSPro9.0.0_cumulative_20241028_1241.zip
- JS-73732 - Input control selection is not applied when applying quickly
- JS-74009 - [Case #02299589] Upgraded apache-xmlgraphics-fop from 2.7 to 2.10 to fix CVE-2024-28168
- JS-74010 - [Case #02299589] Upgraded commons-io from 2.11.0 to 2.14.0 to fix CVE-2024-47554
- JS-73859 - CVE-2023-52070 on JFreeChart- Suppressed as CVE is currently awaiting analysis,no reasonable evidence to determine the existence of a vulnerability.
hotfix_JRSPro9.0.0_cumulative_20241024_2258.zip
- JS-73742 - [Case #02300083] Updated Spring from 5.3.37 to 5.3.39 to avoid CVE-2024-38808
- JS-73858 - [Case #02299589] Updated Spring from 5.3.37 to 5.3.39 to avoid CVE-2024-38809
- JS-71565 Added Configurable flag to avoid returning the detailed 404 error message in the response
hotfix_JRSPro9.0.0_cumulative_20241016_0026.zip
- JS-73743 - [case #02299756] Resolved CVE-2024-38816 on spring-webmvc by removing unused FileSystemResource package in jrs
hotfix_JRSPro9.0.0_cumulative_20241014_1712.zip
- JS-73137 - Cannot Activate Paused job using different locale than en
- JS-72997 - accounting for attempt to remove already evicted item when clearing session cache to fix intermittent exception when trying to render report with IC's (after some time)
- JS-68641 - Enhanced Scheduler to handle Duplicate Jobs at the time of upgrade
hotfix_JRSPro9.0.0_cumulative_20240911_1405.zip
- JRL-1926 - The ignoreCellBorder flag does not work for XLSX exports
hotfix_JRSPro9.0.0_cumulative_20240904_0508.zip
- JS-73266 - [Case #02288923] Scheduler sending empty report email when no notifications on empty is set
- JS-33378 - Imported values of java.util.List report parameters produce errors
hotfix_JRSPro9.0.0_cumulative_20240829_2251.zip (AND EARLIER)
- JS-72016 - Disable Alerts Feature. If isAlertEnabled flag is false then existing alerts will be purged
- JRL-1923 - Unpaginated CSV export uses a wrong time zone
- JS-72551 [case 02260555] Ad Hoc editor in NoData mode issues SQL queries when in Chart mode
- JS-73268 - Configuration checkSourcesInStrictMode not working
- JS-72375 - Mailing support for sendGrid integrated for scheduler & alerting
- JS-70500 - When users attempt to log in with a weak password, throwing exception on UI page.
- JS-71672 - Report IC always prompt prevent report from automatic execution when invoked through a hyperlink
- JSSEC-72, JSSEC-90 - HTML Injection Vulnerability in JNDI and Bean data source creation
- JS-70624 - Java 17 source build
- JRWS-1131 Issue in configuring data adapters in Web Studio
- JS-68659 Ad Hoc Table column data formatted Percentage % Symbol not working in Dashboard and PDF export
- JS-64794: Text right align does not work in reports
- JS-73000 - Adhoc - Table columns right click menu not working with 'No Data' Selection
- JS-71516 Redshift view having clause WITH NO SCHEMA BINDING causes domain to break
- JS-71565: a validation was added to know if a resource not found exception will be returned, if so, then we scape the return message
- JS-71233 - Upgrading mongo-java-driver-3.10.2.jar to 3.12.14 to fix CVE-2021-20328
- JS-71972 - Cascaded multi-select input control keeps loading frequently and unable to select any values
- JS-72883 - Enable base64 images for CVC components in JRS
- JS-72932 - Searching on terms with word-break(s) does not highlight the last character(s)
- JS-71689 CASE-8436 - CVE-2021-22569 on infinispan-core-10.1.8.Final.jar in SQE
- JS-69782 - [Case# 02194992] Search throwing ArrayIndexOutOfBounds
- JS-71446 - Changes for AzureSQL Native connector certification, Re-map -2 to Timestamp for MS AzureSQL to fix the issue with the Timestamp datatype column not visible on UI
- JS-71069 - JRS - Amazon Athena Native Connector Certification
- JS-72181 - [02249038] fix WS-2021-0646, Update Lucene JARs to 8.11.3
- JS-72051 [case #2242330]Resource bundle adhoc_Mask is not working JRS 9.0 Docker
- JS-72608 - Fixing JS-72180 and JS-71042. Making key more unique by adding tenant, user and datasource url. Changes to controlLogicCacheManager bean to control cachePerTenant (true) and cachePerUser (false); Reduced defaults on engineCache to 5 min.
- JS-69791 [Case #02191928] Adhoc date/timestamp format seems to be different in the table column than the format selected in 8.1 JRS
- JS-72164 - [02226484] CVE-2024-29133 & CVE-2024-29131 upgrading commons-configuration2 to 2.10.1,js-crypto to 3.1.2.1 and org.owasp.esapi to 2.5.3.1
- JS-72660 - [Jaspersoft Case #02258438] - Unable to edit domains after 9.0 upgrade
- JS-72091 - Fixed the issue of bypassing the password change dialog by updating the sequence of UserPreferencesFilter in the filter chain, introduced a new property called passwordExpirationInDays for UserPreferencesFilter, that takes value from passwordExpirationProcessingFilter, to redirect requests to the password change screen in case of password expiration. Also, added a 401 response in the case of basic authentication.
- JS-71711 - Adhoc - Calculated field based on Decimal function in adhoc breaks the adhoc view
- JS-72206 - [Case #02236509 ]CVE-2024-29025 on netty-codec-http-4.1.106.Final.jar,Upgrading netty-codec-http and netty-handler to 4.1.109.Final
- JS-67848: [Case #02147852] Dashboard in 8.1 JRS embedding an adhoc view auto selects all the filter value whereas running the running the Ad Hoc View standalone shows where (1=1) instead of all the values
- JS-72550 - Not able to connect to DB2 AS400 using customer driver(Select 1 doesn't work)
- JS-70958 - Not able to add conditional formatting in report
- JS-71754 - Updated json jar from 20231013 to 20240303 to avoid CVE-2023-5072
- JS-71746 Removed ftpserver-core-1.0.3.jar to avoid CVE-2023-22551
- JS-71935 : updated js-crypto to 3.1.5 to fix CVE-2023-33201, CVE-2023-33202
- JS-71801 - Removed quartz-backward-compat jar to fix CVE-2019-13990
- JS-71799 Updated jboss-modules from 1.3.0.Final to 1.3.11.Final to fix CVE-2014-0093
- JS-71394 - Removed iReport-utils jar as it's replaced by built-in features in JRL
- JS-71745 upgrading bcpkix/bcprov-jdk15on-1.68 to bcpkix/bcprov-jdk18on-1.77 to fix CVE-2023-33201, CVE-2023-33202
- JS-72271 - unable to create any chart from Parameterized Report topic
- JS-72030 - [CASE-8376] - Jar Uploads should be controlled by OS user only
- JRL-597 - support for report background section in DOCX export
- JS-72442 - Upgrading Spring from 5.3.33 to 5.3.37 to avoid CVE-2024-22262
- JS-70424 [Case #02193534] - For external database authentication added multiTenancyConfiguration for updateInternalUserRecord method and updated applicationContext-externalAuth-db-mt xml
- JS-71753 - Upgrading jackson jar from 2.15.2 to 2.16.1 to avoid multiple CVE's
- JS-71749 - Upgraded guava from 32.1.2-jre to 33.0.0-jre to avoid CVE-2020-8908 and CVE-2023-2976
- JS-71747 - Updated grizzly from 2.3.25 to 2.4.4 to avoid CVE-2017-1000028
- JS-72210 [Case #02250438] JRS 8.2.0,9.0 Scheduler job edit issue.
- JS-72315 [Case #02229292] Error During Report Execution in JRS: net.sf.jasperreports.engine.JRException: java.lang.NumberFormatException: Input String '4100028930'
- JS-71407 - [02243632] Upgraded microsoft-graph to 5.80.0 to avoid CVE-2023-3635 in okio-jvm
- JS-72121 - [02234034] fix CVE-2023-52428, upgraded nimbus-jose-jwt to 9.37.3
- JS-72027 - [Case #02243694 ] Getting hibernate error when opening some domains in AdHoc
- JS-72194 [Case #02251072] Drilldown functionality is not working properly when display mode is selected as View in adhoc view
- JS-57052 [case 01843572 +1] exception occurs using ad hoc filter on datetime from AWS Redshift
- JS-72198 [Case #02251270 ]While trying to export the Adhoc View report (chart) in the dashboard after clicking on drill-down, there is no chart present in the exported PDF(basically it is blank).
- JS-72080 [Case #02245151] JRS 9.0 unable to pass input control values to the ad-hoc reports using visualize.js while display mode is in view mode
- JS-72074 - [02226484 02234034] fixing CVE-2024-22257, upgrading Spring Security to 5.7.12
- JS-72073 - [02226484 02234034] fixing CVE-2024-22259, upgrading Spring to 5.3.33
- JS-71072 - enhancements and Fixes for Simba Google BigQuery Driver
- JS-71652 - Fixed NullPointerException error when importing v7.5 domains with missing field Type into v8.x
- JS-71949 - [02226484] Upgraded commons-compress 1.21 to 1.26.0 to fix CVE-2024-25710
- JS-71876 Update Spring And Spring Security jars to avoid CVEs
- JS-71847 - Upgrade ehcache to 2.10.10.18.17 to resolve CVE-2020-36518 and CVE-2023-36478
- JS-70923 - Added non-null filter for user attributes and jackson annotation to resolve bi-directional recursion issue.
- JS-71070 - Fixed Cassandra's connection validation statement
- JS-71852 - Upgraded postgresql-42.5.4.jar to postgresql-42.5.5.jar to fix CVE-2024-1597
- JS-71914 - JSON 20231013 upgrade caused String <-> Object conversion issue
- JS-71651 - [case #2234990, 2234994]JRS 9.0 WAR installation problem
- JS-71676 - [02234034] Upgrading reactor-netty-core to version 1.0.39 and azure-* libs to fix CVE-2023-34062 and CVE-2023-41329
- JS-71675 - [02234034] Upgrading netty to 4.1.106.Final to fix CVE-2023-44487
- JS-71591 - [02234034] downgrading elasticsearch driver x-pack-sql-jdbc to 7.17.18 to fix CVE-2020-28491
- JS-70795 - CVE-2023-5072 on json-20090211.jar
- JS-71295 - Added new implementation for TilesConfigurer & SpringLocaleResolver class in jrs to avoid CVE-2023-49735
- JS-71687 - [02234034] upgrading snowflake-jdbc to 3.14.4 to fix CVE-2021-22573
- JS-71262 - [CASE-8436] CVE-2023-31826 on nevado-jms-1.3.2-JS.jar
- JS-71620 - [CASE-8436] removing ion-java and upgrading aws-java-sdk-ec2 to 1.12.653 to fix CVE-2024-21634
Recommended Comments
There are no comments to display.
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now