Bump net.sf.jasperreports:jasperreports from 6.21.3 to 7.0.4#3
Bump net.sf.jasperreports:jasperreports from 6.21.3 to 7.0.4#3dependabot[bot] wants to merge 1 commit into
Conversation
Bumps [net.sf.jasperreports:jasperreports](https://github.com/Jaspersoft/jasperreports) from 6.21.3 to 7.0.4. - [Release notes](https://github.com/Jaspersoft/jasperreports/releases) - [Changelog](https://github.com/Jaspersoft/jasperreports/blob/master/changes.txt) - [Commits](Jaspersoft/jasperreports@6.21.3...7.0.4) --- updated-dependencies: - dependency-name: net.sf.jasperreports:jasperreports dependency-version: 7.0.4 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
|
Per the AbraFlexi/FlexiBee support documentation on user reports, custom user reports must be compiled against exactly version 6.21.3 — newer JasperReports releases are not guaranteed compatible with AbraFlexi's report templates and integration. This version is affected by GHSA-9wxq-mwqw-8hhg, a high-severity Java deserialization vulnerability leading to remote code execution, fixed upstream in 7.0.7. Do not bump this dependency to silence the security alert without first confirming AbraFlexi/FlexiBee has certified compatibility with a newer JasperReports release — doing so risks breaking report compilation for all users of this tool. |
Bumps net.sf.jasperreports:jasperreports from 6.21.3 to 7.0.4.
Release notes
Sourced from net.sf.jasperreports:jasperreports's releases.
... (truncated)
Changelog
Sourced from net.sf.jasperreports:jasperreports's changelog.
... (truncated)
Commits
2b24e9aversion updatebaf2cd3changes.txt updatef00cb93eula update83c7f99version updatefa6baaaMerge branch 'develop'3d0d3acMerge branch 'develop-JRL-2054' into developbb61b7badd ossindex flagdbf4addfix docx empty page issue after size content to page changes2009271Merge branch 'develop' into develop-JRL-20543541a3eadd more classes to deserialization whitelistDependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.