hozawa Posted March 28, 2019 Share Posted March 28, 2019 JasperReports 6.7.1 has security vulnerability CVE-2018-12022 because it's using jackson-databind 2.9.5. It's recommended to upgrade to 2.9.7 or later.https://nvd.nist.gov/vuln/detail/CVE-2018-12022pom.xml (jasperreports 6.7.1) <dependency> <groupId>com.fasterxml.jackson.core</groupId> <artifactId>jackson-databind</artifactId> <version>2.9.5</version> <scope>compile</scope> </dependency>[/code] Link to comment Share on other sites More sharing options...
Solution hozawa Posted April 4, 2019 Author Solution Share Posted April 4, 2019 This is resolved in jasperreports v6.8.0 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now