dependabot[bot] opened a new pull request, #1617: URL: https://github.com/apache/struts/pull/1617
Bumps [net.sf.jasperreports:jasperreports](https://github.com/Jaspersoft/jasperreports) from 6.21.3 to 7.0.4. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/Jaspersoft/jasperreports/releases";>net.sf.jasperreports:jasperreports's releases</a>.</em></p> <blockquote> <h2>JasperReports 7.0.4</h2> <ul> <li> <p>add deserialization class filter to fix the CVE-2025-10492 security vulnerability;</p> </li> <li> <p>new net.sf.jasperreports.export.docx.size.page.to.content export configuration property added to support variable DOCX page size;</p> </li> <li> <p>minor bug fixes and improvements;</p> </li> </ul> <h2>JasperReports 7.0.3</h2> <ul> <li>minor bug fixes and improvements;</li> </ul> <h2>JasperReports 7.0.2</h2> <ul> <li> <p>added support for horizontalPosition and shrinkWidth properties to table component and weight property to table columns to better control table resize behavior when table columns are hidden or resized.</p> </li> <li> <p>removed the Google Maps component, the Chrome server side rendering of Javascript visualizations extension, the interactivity extension as well as the PL/SQL and Oracle stored procedure query executer;</p> </li> <li> <p>various dependencies upgrades including: Apache Batik 1.18, Apache POI 5.3.0 and Spring 6.2.3;</p> </li> <li> <p>minor bug fixes and improvements;</p> </li> </ul> <h2>JasperReports 7.0.1</h2> <ul> <li> <p>added automatic module names to manifest files and fixed split packages issues in preparation for Java 9 modules compliance;</p> </li> <li> <p>minor bug fixes and improvements;</p> </li> </ul> <h2>JasperReports 7.0.0</h2> <ul> <li> <p>removal of the Ant build system and replacing it with a Maven build system;</p> </li> <li> <p>deprecated code removed;</p> </li> <li> <p>breaking backward compatibility of serialized/compiled *.jasper report template files, mostly because of historical deprecated serialization code removal/cleanup mentioned above (source *.jrxml report templates need to be recompiled to *.jasper using the new version of the library);</p> </li> <li> <p>breaking backward compatibility of source *.jrxml report template files and *.jrtx style template files by replacing the Apache Commons Digester based parsers with Jackson XML object serialization. *.jrxml and *.jrtx files created with version 6 or older can no longer be loaded with version 7 or newer of the library alone. The conversion from the old file formats to the new file formats and back can be made using Jaspersoft Studio 7 and later versions of it;</p> </li> <li> <p>extracting various optional extension JAR artifacts from the the core library JAR artifact to allow the Jakarta Migration of certain of these optional features while also introducing better third party Maven dependency management of these artifacts;</p> </li> <li> <p>some Java package names have changed as a consequence of separating functionality into optional JAR artifacts;</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/Jaspersoft/jasperreports/blob/master/changes.txt";>net.sf.jasperreports:jasperreports's changelog</a>.</em></p> <blockquote> <h2>JasperReports 7.0.4 (2025-11-03)</h2> <ul> <li> <p>add deserialization class filter to fix the CVE-2025-10492 security vulnerability;</p> </li> <li> <p>new net.sf.jasperreports.export.docx.size.page.to.content export configuration property added to support variable DOCX page size;</p> </li> <li> <p>minor bug fixes and improvements;</p> </li> </ul> <h2>JasperReports 7.0.3 (2025-05-02)</h2> <ul> <li>minor bug fixes and improvements;</li> </ul> <h2>JasperReports 7.0.2 (2025-03-10)</h2> <ul> <li> <p>added support for horizontalPosition and shrinkWidth properties to table component and weight property to table columns to better control table resize behavior when table columns are hidden or resized.</p> </li> <li> <p>removed the Google Maps component, the Chrome server side rendering of Javascript visualizations extension, the interactivity extension as well as the PL/SQL and Oracle stored procedure query executer;</p> </li> <li> <p>various dependencies upgrades including: Apache Batik 1.18, Apache POI 5.3.0 and Spring 6.2.3;</p> </li> <li> <p>minor bug fixes and improvements;</p> </li> </ul> <h2>JasperReports 7.0.1 (2024-09-30)</h2> <ul> <li> <p>added automatic module names to manifest files and fixed split packages issues in preparation for Java 9 modules compliance;</p> </li> <li> <p>minor bug fixes and improvements;</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/Jaspersoft/jasperreports/commit/2b24e9a9b5452f9c039e7b7292c57646079d7975";><code>2b24e9a</code></a> version update</li> <li><a href="https://github.com/Jaspersoft/jasperreports/commit/baf2cd30af0f607499adb7465b6ff4d526a8d95c";><code>baf2cd3</code></a> changes.txt update</li> <li><a href="https://github.com/Jaspersoft/jasperreports/commit/f00cb9343feb972ad68519469e74965610748fbe";><code>f00cb93</code></a> eula update</li> <li><a href="https://github.com/Jaspersoft/jasperreports/commit/83c7f9959c70bb3170364100099d42bb77e6fd40";><code>83c7f99</code></a> version update</li> <li><a href="https://github.com/Jaspersoft/jasperreports/commit/fa6baaa2a1cac075a9f65108318368b586808bd8";><code>fa6baaa</code></a> Merge branch 'develop'</li> <li><a href="https://github.com/Jaspersoft/jasperreports/commit/3d0d3ac66f5c6bcadd564de238ffba785c097451";><code>3d0d3ac</code></a> Merge branch 'develop-JRL-2054' into develop</li> <li><a href="https://github.com/Jaspersoft/jasperreports/commit/bb61b7bcd09751e0189294f5d4e24d2375881b49";><code>bb61b7b</code></a> add ossindex flag</li> <li><a href="https://github.com/Jaspersoft/jasperreports/commit/dbf4add6c6621a1c37f578d167482367a0c28a59";><code>dbf4add</code></a> fix docx empty page issue after size content to page changes</li> <li><a href="https://github.com/Jaspersoft/jasperreports/commit/20092711f6c3815b393e2fbc6b64c7964e006d0f";><code>2009271</code></a> Merge branch 'develop' into develop-JRL-2054</li> <li><a href="https://github.com/Jaspersoft/jasperreports/commit/3541a3e2b1ad8b78388ac505091da75cb652a647";><code>3541a3e</code></a> add more classes to deserialization whitelist</li> <li>Additional commits viewable in <a href="https://github.com/Jaspersoft/jasperreports/compare/6.21.3...7.0.4";>compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/apache/struts/network/alerts). </details> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
