Skip to Main Content
IBM Sterling


This portal is to open public enhancement requests for IBM Sterling products and services. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Planned for future release
Categories Security
Created by Guest
Created on Mar 21, 2024

Upgrade Jasper Reports for the PDF Creation in Myfilegateway

For Myfilegateway version 6.1.X and 6.2.X the current version of Jasper Reports 6.19.0 used to create PDF reports is outdated and affected by several vulnerabilities.

Also the metadata of all pdf created by Myfilegateway provided info of the PDF Creator user and version


Creator: JasperReports Library version 6.19.0-646c68931cebf1a58bc65c4359d1f0ca223c5e94

Producer: iText 2.1.7 by 1T3XT

PDF version: 1.5


We want this following information to be disclosed so possibe attackes doesn't know the software and version used to create PDF.


Also we want Japer Reports Version to be upgraded to a more secure version.


What is your industry? Healthcare
How will this idea be used?
  • Penetration Test marks this version of Jasper Reports as vulnerable and affect to the final score of the B2B installation.

  • Admin
    Mark Allen
    Reply
    |
    Jun 19, 2024

    Thank you for taking the time to provide your ideas to IBM. Your request may not be delivered within the release currently under development, but the theme aligns with our current roadmap and your request is now a candidate for a future generally available (GA) release.


    Currently there is no vulnerabilities in Jasper, but we have plans to update iText libraries in an upcoming mod release. We will also look to secure the metadata that gets added during PDF creation.

    If you have any additional feedback or thoughts in the meantime, or if there is anything else I can do, please do not hesitate to reply to this message to continue the conversation.

    Please note: IBM's statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM's sole discretion.