Birt Report runtime version 4.4.2 uses iText 2.1.7 version and iText 2.1.7 has XXE vulnerability.
Currently I am using Birt Report runtime version 4.4.2 and it internally uses iText version - 2.1.7
I have Birt report .rptdesign files as template and using Birt Report runtime engine to create/render pdfs where data comes from database and pdf will be rendered on web browser.
as per below link there is XXE vulnerability in iText 2.1.7 version
To fix this vulnerability I need to use latest iText version 7.X release.
After some research I have found that I can't use latest iText version 7.X release because Birt Report runtime version 4.4.2 is using internally old iText version classes.
I am looking for new Birt Report runtime jar version.
if Birt Report Runtime latest version is not available then I would like to know what are the options to replace my existing create/render pdf functionality - data comes through database.
I am ready to take license version with paid option