We are planning to migrate to latest version "jasperreports-6.19.0", but we observed below two vulnerabilities from dependencies:
These vulnerabilities are because of "metadata-extractor-2.16.0", same vulnerabilities are fixed under "metadata-extractor-2.17.0".
Do we have any plan at jaspersoft to use "metadata-extractor-2.17.0" instead of "2.16.0" to fix this vulnerabilities? Please provide us the CVSS score & severity of these vulnerabilities from JasperReport's points of view.
Thanks, we are eagerly waiting for your response.