RE: Issue with cleanup extension

What does the last part of the statement refer to with 'undefined report(s) deletion per run'?

That seems to be just a logging issue fixed in the 4.9.0

There is nothing in the logs related to cleanup other than an acknowledgement of the settings.

That is strange, when I run with the short interval, I can immediately see the cleanup logs (at the end). Could you double-check the same and compare with your setup?

C:\work\jsreport\jsreport>docker run -p 5488:5488 -e extensions_reports_cleanInterval=5s -e extensions_reports_cleanThreshold=1m jsreport/jsreport:4.8.0
2026-04-28T19:05:09.581Z - info: Initializing jsreport (version: 4.8.0, configuration file: jsreport.config.json, nodejs: 18.20.5)
2026-04-28T19:05:09.582Z - info: Searching for available extensions in /app/
2026-04-28T19:05:09.583Z - info: Extensions location cache not found, crawling directories
2026-04-28T19:05:09.694Z - info: Found 35 extension(s)
2026-04-28T19:05:09.702Z - debug: Writing extension locations cache to /tmp/jsreport/core/locations.json
2026-04-28T19:05:09.702Z - debug: Discovered 35 extensions
2026-04-28T19:05:09.729Z - info: Using extension authentication@4.2.3
2026-04-28T19:05:09.781Z - debug: Extension authentication@4.2.3 was disabled
2026-04-28T19:05:09.781Z - info: Using extension base@4.0.0
2026-04-28T19:05:09.784Z - info: Using extension child-templates@4.1.0
2026-04-28T19:05:09.784Z - info: Using extension cli@4.1.0
2026-04-28T19:05:09.785Z - info: Using extension components@4.0.2
2026-04-28T19:05:09.786Z - info: Using extension data@4.1.0
2026-04-28T19:05:09.786Z - info: Using extension express@4.2.0
2026-04-28T19:05:09.898Z - info: Using extension freeze@4.0.0
2026-04-28T19:05:09.898Z - info: Using extension fs-store@4.1.0
2026-04-28T19:05:09.936Z - info: Using extension handlebars@4.0.1
2026-04-28T19:05:09.937Z - info: Using extension import-export@4.0.6
2026-04-28T19:05:09.940Z - info: Using extension jsrender@4.0.0
2026-04-28T19:05:09.941Z - info: Using extension licensing@4.0.4
2026-04-28T19:05:09.959Z - info: Using extension localization@4.0.1
2026-04-28T19:05:09.959Z - info: Using extension npm@4.0.0
2026-04-28T19:05:09.962Z - info: Using extension pdf-utils@4.3.0
2026-04-28T19:05:09.964Z - info: Using extension reports@4.1.3
2026-04-28T19:05:09.965Z - info: reports extension has enabled old reports cleanup with interval 5000ms, threshold 60000ms and undefined report(s) deletion per run
2026-04-28T19:05:09.966Z - info: Using extension tags@4.0.1
2026-04-28T19:05:09.966Z - info: Using extension text@4.0.2
2026-04-28T19:05:09.966Z - info: Using extension version-control@4.1.0
2026-04-28T19:05:09.969Z - info: Using extension assets@4.2.1
2026-04-28T19:05:09.973Z - info: Using extension authorization@4.1.0
2026-04-28T19:05:09.974Z - debug: Extension authorization@4.1.0 was disabled
2026-04-28T19:05:09.974Z - info: Using extension browser-client@4.1.0
2026-04-28T19:05:09.975Z - info: Using extension chrome-pdf@4.1.1
2026-04-28T19:05:09.976Z - debug: Chrome strategy is chrome-pool, numberOfWorkers: 1
2026-04-28T19:05:09.977Z - debug: Chrome custom launch options are args=--no-sandbox,--disable-dev-shm-usage, executablePath=/usr/lib/chromium/chrome, protocolTimeout=60000
2026-04-28T19:05:09.977Z - info: Using extension docx@4.7.0
2026-04-28T19:05:09.978Z - info: Using extension html-to-xlsx@4.2.0
2026-04-28T19:05:10.070Z - info: html-to-xlsx detected chrome as available html engine
2026-04-28T19:05:10.070Z - info: Using extension pptx@4.4.0
2026-04-28T19:05:10.071Z - info: Using extension scheduling@4.1.0
2026-04-28T19:05:10.082Z - info: Using extension scripts@4.2.0
2026-04-28T19:05:10.082Z - info: Using extension static-pdf@4.1.0
2026-04-28T19:05:10.082Z - info: Using extension studio@4.3.0
2026-04-28T19:05:10.112Z - info: Using extension xlsx@4.4.0
2026-04-28T19:05:10.113Z - info: Using extension public-templates@4.0.0
2026-04-28T19:05:10.113Z - debug: Extension public-templates@4.0.0 was disabled
2026-04-28T19:05:10.113Z - info: Using extension sample-template@4.0.1
2026-04-28T19:05:10.114Z - info: Using extension studio-theme-dark@4.0.0
2026-04-28T19:05:10.115Z - info: Using general timeout for rendering (reportTimeout: 60000)
2026-04-28T19:05:10.115Z - info: Using fs provider for template store.
2026-04-28T19:05:10.117Z - info: fs store is persisting using fs for /app/data
2026-04-28T19:05:10.121Z - info: fs store is loading data
2026-04-28T19:05:10.129Z - info: fs store is initialized successfully
2026-04-28T19:05:10.132Z - debug: studio default theme is: light
2026-04-28T19:05:10.134Z - info: Creating default express app.
2026-04-28T19:05:10.142Z - info: jsreport server successfully started on http port: 5488
2026-04-28T19:05:10.143Z - info: Verifying license key free
2026-04-28T19:05:10.143Z - info: Using free license
2026-04-28T19:05:10.152Z - info: Migrating templates chrome settings (waitForNetworkIddle -> waitForNetworkIdle)
2026-04-28T19:05:10.154Z - info: Migration successful
2026-04-28T19:05:10.155Z - debug: Creating samples is disabled
2026-04-28T19:05:10.155Z - info: Initializing worker threads
2026-04-28T19:05:10.155Z - debug: Extensions in workers: base, child-templates, components, data, express, handlebars, jsrender, localization, npm, pdf-utils, reports, text, version-control, assets, browser-client, chrome-pdf, docx, html-to-xlsx, pptx, scripts, static-pdf, studio, xlsx
2026-04-28T19:05:10.418Z - info: 2 worker threads initialized in 263ms
2026-04-28T19:05:10.418Z - info: Starting temp files cleanup with 180000ms threshold
2026-04-28T19:05:10.418Z - info: reporter initialized
2026-04-28T19:05:14.967Z - debug: Cleaning up old reports
2026-04-28T19:05:14.969Z - debug: Cleaned 0 old reports
2026-04-28T19:05:19.969Z - debug: Cleaning up old reports
2026-04-28T19:05:19.969Z - debug: Cleaned 0 old reports

What jsreport version do you use? What template store do you use?

With the debug logs, you should see this

Cleaning up old reports
Cleaned ${removedReports} old reports

and when something fails you should see

Failed to clean up old reports

Could you share these logs?

This could mean that Chrome or Node.js is just lazy in releasing the memory.
The idle time doesn't necessarily mean the memory gets released.

Try to run the container with limited memory. This should force the memory release.

docker run -d --name jsreport-memtest --memory=500m -p 15488:5488 \
  -e "extensions_authentication_enabled=false" \
  jsreport/jsreport:4.12.0

With the 500m memory limit, I can run 10 000 reports without OOM.

Thank you for the topic. I've tried to replicate the issue, but I can't reproduce it so far.

Some questions to help me isolate the problem...

Do you have authentication enabled?
Do you reproduce the same with the local mongo single node replica?
Could you upload somewhere an export with "many child entities" so we test on the same?

The Chromium pdf printing evolves in time. The later versions add accessibility, image masking, and other implementation changes that may increase the final PDF size. We update Chromium every time when releasing jsreport, that's the reason why v2 and v4 pdf outputs differ.

There are 3 visible images in the flight ticket showcase, but every image also has an alpha mask. That's why you see 6 images in the PDF source.

You can try to enable the pdf compression feature

We have fixed the performance regression issue for v2-based templates where there are no handlebars tags present in the xlsx file. In other words, for templates that use just xlsxAdd, xlsxMerge... transformations.

The fix is currently in the master branch waiting for the next release, however you can already test it in the docker nightly build

docker run -p 5488:5488 jsreport/jsreport:nightly

I can imagine that the Chromium update included in v4.8.0 is causing the issue. That Chromium, for some reason, like insufficient resources, fails. While it was working fine with the older Chromium from v4.7.0.

Any chance you would be able to email me a working workspace/demo that I can use and try to replicate the issue?

Automated audit tools can be useful, but they often report false positives. In large, dependency-heavy projects like jsreport, these reports frequently flag issues that are not exploitable in practice and therefore don’t always provide meaningful, actionable security value.

For this reason, we won’t be releasing jsreport hotfixes on a more frequent schedule.

We take security seriously and run multiple audit scans as part of every release, working to satisfy their requirements. This process already requires significant time and effort, and we don’t plan to extend it beyond our current scope.

This is likely because you have updated the nodejs.

You have several options.

• downgrade back nodejs
• suppress warnings node --no-deprecation server.js or env NODE_NO_WARNINGS=1
• update jsreport, there seems to be no such warning in the latest jsreport, latest nodejs

Unfortunately, there is 60s hard limit in jsreportonline
https://jsreport.net/learn/online-limits

If you want to render big reports with longer execution, you will need to switch to the onprem deployment.