Currently Jaspersoft supported/certified versions of Apache Tomcat that bundle with any JRS installation are: 8.5.0 - 8.5.43, 8.5.54, 8.5.57 9.0.1 - 9.0.27, 9.0.34, 9.0.37
On performing Tenable security scanning on the bundle JRS installation, we found that there exist few high security vulnerabilities with all these certified versions of Apache tomcat as listed in this link below:
https://www.tenable.com/plugins/nessus/152183
Considering security is the top priority for an application, request to certify vulnerability free application server versions like "8.5.68", "9.0.50" etc. at least from the latest release onward i.e. 7.9.1.
Looking forward to get Apache Tomcat v9.0.50 certified and Bundled with JRS v7.9.1.
Components | JasperReports Server, Deployment/ Installation, Platforms |