Security issues with BIRT

<p>Good day. Recently, I've notice that the following JAR APIs embedded into the BIRT framework have security vulnerabilities and exposures opened against them.<br><br>
Do you have any plan to address these security issues? Thanks a lot in advance.<br>
</p>
<div><strong>axis.jar</strong></div>
<div>CVE-2012-5784</div>
<div>CVE-2014-3596</div>
<div> </div>
<div><strong>derby.jar</strong></div>
<div>CVE-2009-4269</div>
<div>CVE-2015-1832</div>
<div> </div>
<div><strong>org.apache.batik.css_1.6.0.v201011041432.jar</strong></div>
<div>CVE-2015-0250</div>
<div> </div>
<div><strong>org.apache.batik.pdf_1.6.0.v201105071520.jar</strong></div>
<div>CVE-2015-0250</div>
<div> </div>
<div><strong>org.apache.poi_3.9.0.v201303080712.jar</strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<div> </div>
<div><strong>org.eclipse.birt.report.data.oda.excel_4.4.1.v201408290142.jar: poi-ooxml-3.9-20121203.jar </strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<div> </div>
<div><strong>poi-ooxml-3.9-20121203.jar </strong></div>
<div>CVE-2014-3529</div>
<div>CVE-2014-3574</div>
<div>CVE-2014-9527</div>
<div>CVE-2016-5000</div>
<div>CVE-2017-5644</div>
<p><br>
</p>

Find more posts tagged with

Comments

Virgil Dodson

<p>Hi Marcelo, the way to communicate to the BIRT development team is through Eclipse Bugzilla <a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/enter_bug.cgi?product=BIRT'>https://bugs.eclipse.org/bugs/enter_bug.cgi?product=BIRT</a></p>
<p> </p>
<p>I did a quick search in Bugzilla and can see most of the vulnerabilities listed above have been reported for POI, Batik, and Axis. If there are vulnerabilities with Derby that effect you and other BIRT users, please report it in Bugzilla.</p>
<p> </p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=480067'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=480067</a></p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=517094'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=517094</a></p>
<p><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=452427'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=452427</a></p>
<p> </p>
<p>In Bugzilla, you can vote up the priority of a bug, add additional details, and add yourself to the CC list to get notified whenever that bug changes.</p>

MarceloHC

<p>Thanks for the prompt reply. I've opened the bug report:<br><br><a data-ipb='nomediaparse' href='https://bugs.eclipse.org/bugs/show_bug.cgi?id=517472'>https://bugs.eclipse.org/bugs/show_bug.cgi?id=517472</a></p>
<p> </p>
<p>As this is security related issue, do you know how this request can be expedited / prioritized? </p>
<p> </p>
<p>Thanks in advance.</p>