First off the requirements for the following guide are the following:
Now we want to explain the guide in several steps containing pictures for certain steps. But before the explanation starts we need to make sure to have the requirements set for this guide which look like this:
A complete backup in case something goes wrong. This includes at least:
The easiest and most complete backup is a complete SNAPSHOT of your current installation. Be sure you can return to the previous state in case something goes wrong.
Lets start with the explanation of this guide and a how-to explaining the steps with some pictures mixed in:
mysqldump -u bn_reportserver -pa95f96a6d1 bitnami_reportserver > <path_to_dumpfile_on_hdd_or_ssd>in the cli:
mysql -u bn_reportserver -pa95f96a6d1to activate the mysql environment for further code to be written.
mysql -u bn_reportserver -pa95f96a6d1 bitnami_reportserver < <path_of_the_drop_ddl_sqls>:
mysql -u bn_reportserver -pa95f96a6d1 bitnami_reportserver < <path_to_dumpfile_backup>:
Performing database update RS3.0-XY -> RS3.0-XYand the
Update Running script RS3.0-XY-MySQL5_UPDATE.sql
as many of you probably heard, log4j 2 (2.0 until 2.14.1) has this critical security issue: CVE-2021-44228
ReportServer is not affected by this on its default configuration. Why?
– ReportServer does not use log4j 2, only log4j-over-slf4j-1.7.12 and slf4j-jdk14 1.7.12, which are not affected, refer to: http://slf4j.org/log4shell.html
– If you use Crystal Reports as described here: https://reportserver.net/en/guides/admin/chapters/SAP-Crystal-Reports/ you are, affected, though, as Crystal (on its current version CR4ERL27_0-80004572) uses log4j-2.14.0 (both log4j-core.jar and log4j-api.jar). In this case, you can upgrade to at least log4j-2.17.0 by removing log4j-core.jar and log4j-api.jar and replacing them by a version >= 2.17.0.
– Tomcat is not affected on its default configuration: https://www.geekyhacker.com/2021/12/11/three-ways-to-patch-log4shell-cve-2021-44228-vulnerability/
The following libraries/frameworks don’t appear to use Log4j by default, though they may optionally be configured to use it.
If your Tomcat is configured to use Log4j, you can run the mitigation steps described in the link or, better, upgrade to to log4j >= 2.17.0.
Your ReportServer Team
We are pleased to announce that the 3.7.1 version of ReportServer is now available for download.
The javadocs can be found here: https://reportserver.net/api/current/javadoc/index.html
List of entities: https://reportserver.net/api/current/entities.html
List of hooks: https://reportserver.net/api/current/hooks.html
List of services: https://reportserver.net/api/current/services.html
Your ReportServer Team