joaquimvila
commented
1 week ago Resolved in release 1.9.4 of this library
Closed IvanWerfen closed 1 week ago
joaquimvila
commented
1 week ago Resolved in release 1.9.4 of this library
Describe the bug SBOM analysis of this library shows open vulnerabilities due to inclusion of jfreechart component. This component is introduced by jasperreports, the 3rd party library used to generate PDF documents. Moreover, these are the dependency paths for this jfreechart component:
java-report-generator (1.9.1) – CSW
jasperreports (6.20.6) – 3rd party
jfreechart (1.0.19) – 3rd party
To Reproduce Generate an SBOM analysis and check that the output report produces at least the following open vulnerabilities:
Expected behavior Upgrade of jasperreports to latest version, in the new SBOM analysis should not report anymore the before mentioned vulnerabilities.
Additional context The newest version of jasperreports (7.0.1) it does not include the classes of pdf in the principal library. So, we have to include the library jasperreports-pdf and change the paths of 3 imports ((JRPdfExporter, SimplePdfExporterConfiguration, SimplePdfReportConfiguration))