Clarity
OData
Jaspersoft
Jaspersoft is vulnerable. Tibco's response can be accessed here.
Following steps can be taken to mitigate it:
- Stop tomcat service. Uninstall if configured as service
- Take a backup of the existing Tomcat folder.
- Install a new version of Tomcat(9.0.62), attached with this document
- Copy the older reportservice directory $TOMCAT_OLD_HOME/webapps/reportservice to new tomcat folder $TOMCAT_NEW_HOME/webapps.
- Copy the .jaspersoft folder from older directory and move it to new installed Tomcat directory i.e. $TOMCAT_NEW_HOME/
- Navigate to newly installed Tomcat $TOMCAT_NEW_HOME/.jaspersoft and edit the file called “default_master.properties” and look for appServerDir property and update the new tomcat_home
Sample entry looks as below
# Enter Apache Tomcat 9.0.37 Directory
appServerDir=C:\\TOMCAT_NEW_HOME
- Navigate to $TOMCAT_OLD_HOME/lib and copy the drivers file to $TOMCAT_NEW_HOME/lib.
- Oracle Customers - Please copy ojdbc8-19.8.0.0.0.jar
- MS SQL Customers - Please copy mssql-jdbc-8.2.1.jre11.jar
- PostgreSQL Customers - Please copy postgresql-42.2.5.jar & postgresql-42.2.6.jar
- Copy the server.xml from $TOMCAT_OLD_HOME/conf directory to $TOMCAT_NEW_HOME/conf
- Reconfigure the memory parameters
- Windows - If you have installed as service, uninstall as service and reinstall again by following the document, else Navigate to $TOMCAT_OLD_HOME/bin/setenv.bat and adjust the memory parameters
- Linux - Navigate to $TOMCAT_OLD_HOME/bin/setenv.sh and adjust the JAVA_OPTS value
- Startup tomcat in new version and validate
Note: There are no changes needed for Jaspersoft Studio.