tuspatil Posted August 31, 2022 Share Posted August 31, 2022 Hi Team,The Jasperreports library is reliant on "xalan.jar", which has a security vulnerability. Also, there is no latest version without vulnerability of "xalan.jar" available. Hence, we are planning to remove this jar from our environment, but it is causing functionality to break.As per our understanding, the Xalan jar is dormant and, in the future, it will be retired. The solution is that the Java runtime includes the Xalan package in Open JDK, which needs to be used to replace the Apache Xalan jar.Refer:https://mvnrepository.com/artifact/xalan/xalan/2.7.2https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-34169Please let us know if we have any plans to remove the dependency of xalan.jar for the jasperreport library in future releases.Thanks,Tushar Patil Link to comment Share on other sites More sharing options...
jpadre Posted September 12, 2022 Share Posted September 12, 2022 Hi Tushar,Thanks for asking about Xalan. Please see this article: https://community.jaspersoft.com/wiki/xalan-vulnerability-update-jaspersoft-products for more information.Best regards,Joe P. Link to comment Share on other sites More sharing options...
tuspatil Posted September 27, 2022 Author Share Posted September 27, 2022 Hi Joe,As per my understanding, you have provided the solution for "JasperReports Server".Can you please let me know, how to resolve the same for "JasperReports Library". We are just using JasperReports library. Thanks,Tushar Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now