Closed arlandgoh closed 2 years ago
see https://github.com/intive-FDV/DynamicJasper/pull/119 for a fix.
Until a new Version of Dynamicjasper is released you can simply exclude the dependency in maven/gradle and add Version 2.6 as a dependency. It doesn't require any code changes.
This seems to be fixed in https://github.com/intive-FDV/DynamicJasper/commit/20eb441dd33e4f92a6b5c08b4682c6e556c3bcac
fixed
The xmlgraphics-commons v1.5 is affected by CVE-2020-11988: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11988