CVE-2020-11988 Apache XmlGraphics Commons Vulnerabilitity

intive-FDV / DynamicJasper

Dynamic Reports using Jasper Reports

http://intive-fdv.github.io/DynamicJasper/

GNU Lesser General Public License v3.0

241 stars 128 forks source link

CVE-2020-11988 Apache XmlGraphics Commons Vulnerabilitity #122

Closed arlandgoh closed 2 years ago

arlandgoh commented 2 years ago

The xmlgraphics-commons v1.5 is affected by CVE-2020-11988: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11988

123Haynes commented 2 years ago

see https://github.com/intive-FDV/DynamicJasper/pull/119 for a fix.

Until a new Version of Dynamicjasper is released you can simply exclude the dependency in maven/gradle and add Version 2.6 as a dependency. It doesn't require any code changes.

123Haynes commented 2 years ago

This seems to be fixed in https://github.com/intive-FDV/DynamicJasper/commit/20eb441dd33e4f92a6b5c08b4682c6e556c3bcac

juanalvarezg commented 2 years ago

fixed