We distribute a customized build of JasperReports server in a container. Every installation is a full installation, not an upgrade of an existing server. To incorporate security fixes, we need a full distribution of JasperReports server that includes these fixes.
Unfortunately, the fixes for the October security issues (2021-35494, 2021-35495, and 2021-35496) were only distributed as a service pack that must be installed on top of an older release. We have been using JasperReports Server 7.5.1, which does not include the fixes. The release with the fixes (7.5.2 for us) does not include a full distribution of the product; it is just an incremental overlay over 7.5.1.
Note that 7.5.1 was released as a full installation; this request is just to make 7.5.2 and other security-patch releases follow the same pattern.
This was originally requested in case 02061666, which was dismissed as an enhancement request.
Guest
| Components | JasperReports Server |
Especially relevant for Log4Shell
I too lost over a day of my time on this one.
Adding to this the format/structure of the readme files changed to no longer have a blank line after added/updated/deleted files which makes automated parsing more difficult.