rshanlever Posted July 9, 2018 Share Posted July 9, 2018 “Description The component listed above contains a vulnerability which may allow analytic reports that contain scripting to perform arbitrary code execution. Impact The impact of this vulnerability includes the possibility of arbitrary code execution with the privileges of the operation system process that contains the affected component.” “TIBCO JasperReports Library versions 6.3.0, 6.3.2, and 6.3.3 update to version 6.3.4 or higher” https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5429 https://nvd.nist.gov/vuln/detail/CVE-2018-5429 I am having difficulty locating the recommended upgrade library for the 6.3.x series. (6.3.4) https://mvnrepository.com/artifact/net.sf.jasperreports/jasperreports Anyone know where to locate releases of jasper reports library that are not in maven central? Link to comment Share on other sites More sharing options...
reportdev Posted July 9, 2018 Share Posted July 9, 2018 https://sourceforge.net/projects/jasperreports/files/jasperreports/Not able to find 6.3.4. The next best option would be 6.4 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now