Update jasperreportVersion to v7 [SECURITY] (3.28)#4203
Open
renovate[bot] wants to merge 1 commit into
Open
Conversation
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
renovate
Bot
force-pushed
the
renovate/3.28-major-jasperreportversion
branch
5 times, most recently
from
3af3831 to
c651eed
Compare
renovate
Bot
changed the title
auto-merge was automatically disabled
June 5, 2026 13:52
Pull request was closed
renovate
Bot
changed the title
renovate
Bot
force-pushed
the
renovate/3.28-major-jasperreportversion
branch
2 times, most recently
from
c651eed to
dddec19
Compare
renovate
Bot
force-pushed
the
renovate/3.28-major-jasperreportversion
branch
from
dddec19 to
7343fd2
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
6.20.6→7.0.4JasperReports has a Java deserialisation vulnerability
CVE-2025-10492 / GHSA-7c3f-cg9x-f3gr
More information
Details
A Java deserialisation vulnerability has been discovered in the Jaspersoft Library. Improper handling of externally supplied data may allow attackers to execute arbitrary code remotely on systems that use the affected library.
Severity
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:NReferences
This data is provided by OSV and the GitHub Advisory Database (CC-BY 4.0).
Release Notes
Jaspersoft/jasperreports (net.sf.jasperreports:jasperreports)
v7.0.4Compare Source
add deserialization class filter to fix the CVE-2025-10492 security vulnerability;
new net.sf.jasperreports.export.docx.size.page.to.content export configuration property
added to support variable DOCX page size;
minor bug fixes and improvements;
v7.0.3Compare Source
v7.0.2Compare Source
added support for horizontalPosition and shrinkWidth properties to table component and weight
property to table columns to better control table resize behavior when table columns are hidden or resized.
removed the Google Maps component, the Chrome server side rendering of Javascript visualizations extension,
the interactivity extension as well as the PL/SQL and Oracle stored procedure query executer;
various dependencies upgrades including: Apache Batik 1.18, Apache POI 5.3.0 and Spring 6.2.3;
minor bug fixes and improvements;
v7.0.1Compare Source
added automatic module names to manifest files and fixed split packages issues in preparation for
Java 9 modules compliance;
minor bug fixes and improvements;
v7.0.0Compare Source
removal of the Ant build system and replacing it with a Maven build system;
deprecated code removed;
breaking backward compatibility of serialized/compiled *.jasper report template files,
mostly because of historical deprecated serialization code removal/cleanup mentioned above
(source *.jrxml report templates need to be recompiled to *.jasper using the new version of
the library);
breaking backward compatibility of source *.jrxml report template files and *.jrtx style
template files by replacing the Apache Commons Digester based parsers with Jackson XML object
serialization. *.jrxml and *.jrtx files created with version 6 or older can no longer be loaded
with version 7 or newer of the library alone. The conversion from the old file formats to the new
file formats and back can be made using Jaspersoft Studio 7 and later versions of it;
extracting various optional extension JAR artifacts from the the core library JAR artifact
to allow the Jakarta Migration of certain of these optional features while also introducing
better third party Maven dependency management of these artifacts;
some Java package names have changed as a consequence of separating functionality into optional JAR artifacts;
upgraded JFreeChart to version 1.5.4 which no longer has support for 3D charts. Reports having
Pie 3D, Bar 3D and Stacked Bar 3D charts would continue to work, but will be rendered as 2D,
all their 3D effects being ignored;
minor bug fixes and improvements;
v6.21.5: JasperReports 6.21.5Compare Source
added support for horizontalPosition and shrinkWidth properties to table component and weight
property to table columns to better control table resize behavior when table columns are hidden or resized.
various dependencies upgrades including: Spring 6.2.3, Apache Batik 1.18,
Apache Commons Codec 1.18.0, Apache Commons IO 2.18.0, Apache Commons Logging 1.3.5,
Apache Log4J 2.24.3, Apache Commons Collections 4.5.0 and Apache POI 5.4.1;
minor bug fixes and improvements;
v6.21.4: JasperReports 6.21.4Compare Source
various dependencies upgrades including: Jackson 2.17.1, RequireJS 2.3.7, Apache POI 5.3.0
and Apache Xalan 2.7.3;
minor bug fixes and improvements;
v6.21.3Compare Source
allow background section elements to be exported as page header content in the DOCX exporter
so that watermark type effects could be achieved;
minor bug fixes and improvements;
v6.21.2Compare Source
v6.21.0Compare Source
added support for PDF/A-2a, PDF/A-2b, PDF/A-2u, PDF/A-3a, PDF/A-3b, PDF/A-3u;
added support for WEBP images;
minor bug fixes and improvements;
Configuration
📅 Schedule: (in timezone Europe/Zurich)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.