3. JSReport Puppeteer vulnerabilities

JSReport Puppeteer vulnerabilities

  • S

    Hello JSReport Support Team,

    During our latest AWS Inspector security scan on the JSReport production deployment, multiple critical and high-level vulnerabilities were detected originating from the Puppeteer dependency bundled with JSReport.

    We request guidance on the following:
    • Whether there is a patched/updated JSReport release that resolves the Puppeteer-related vulnerabilities.
    • If there is a recommended workaround or manual upgrade process for Puppeteer versions inside JSReport.
    • Any official security best practices to mitigate this issue while continuing to run JSReport in production?

    This vulnerability is impacting our production security compliance, so we request your assistance as soon as possible.

    Thanks and Regards,

    Gaurav Kelkar

    0

  • The dependencies will be updated with the next release as always.
    https://github.com/jsreport/jsreport?tab=readme-ov-file#vulnerabilities

    The release is scheduled for this week.

    0
Log in to reply
 

Looks like your connection to jsreport forum was lost, please wait while we try to reconnect.