JasperReportsIntegration 2.7.1 released

UPDATE: version 2.8.0 has been released: Version 2.8.0 (release: 09.02.2022).

Version 2.7.1 (release: 14.12.2021)

You can see the full list of issues with details in the milestones page.

## New features
  * *none*

## Bug fixes / Security fixes
  * #87 - (CVE-2021-44228) Security warning: New zero-day in the Log4j Java library

## Changed behaviour
  * *none*

## Deprecated features (still available but will go away eventually)
  * *none*

## Obsoleted features (no longer available)
  * *none*

## Known issues
  * Please check the current list of open issues: https://github.com/daust/JasperReportsIntegration/issues. 

Due to the current Zero-Day Exploit Targeting Popular Java Library Log4j (https://www.govcert.admin.ch/blog/zero-day-exploit-targeting-popular-java-library-log4j/), I have created a new version of the JasperReportsIntegration (JRI).


You can find the details in this ticket: https://github.com/daust/JasperReportsIntegration/issues/87

From my point of view, JRI seems to be NOT vulnerable, since it uses log4j1.x for its internal logging.

The vulnerable libraries which are included with JasperReports itself can be removed, they are actually NOT USED. They just ended up in the .war file for technical reasons. But JasperReports only uses them for testing ... not for the actual runtime.

Thus, in the updated release, I have simply removed the libraries, you can do it yourself already now with JRI 2.7.0.


3 replies

Trackbacks & Pingbacks

  1. […] October 24, 2017/73 Comments/in JasperReportsIntegration /by dietmaraustUPDATE: A more recent version 2.7.1 is available: Version 2.7.1 (release: 14.12.2021). […]

  2. […] I have provided a fix for the JasperReportsIntegration toolkit, you can find the details here: JasperReportsIntegration 2.7.1 released. […]

  3. […] November 18, 2020/1 Comment/in JasperReportsIntegration, Oracle /by dietmaraustUPDATE: version 2.7.1 has been released: Version 2.7.1 (release: 14.12.2021). […]

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published.