ReportServer 3.3.0

The 3.3.0 version is now available for all users.

Some Important Features and Noteworthy Improvements for ReportServer RS3.3.0

Library Deletions and Upgrades

The following important libraries are upgraded in ReportServer 3.3.0:

  • Sencha GXT: upgraded to 4.0.2
  • GWT: upgraded to 2.8.2

These libraries basically determine the ReportServer’s client-side look-and-feel (among other functionalities).

Numerous other libraries were upgraded and some unnecessary libraries were deleted. Refer to the release notes for details.

Email Notifications

Users can be now notified when their password has been created the first time or when their password was changed (by an administrator). The notification is done via email (note that for this the mail server must be correctly configured). For this purpose, the following new configuration file is available: /etc/security/notifications.cf. This configuration file allows to configure the texts sent by email and further allows to disable this functionality, if desired.

Note that from RS 3.3.0 the old lostpassword.cf configuration file is no longer available. This configuration is now done in the new notifications.cf file. Please rename your old lostpassword.cf to notifications.cf after performing an upgrade.

<createdpassword disabled="false">
	<email>
		<subject>Email Subject</subject>
		<text>Email Text
			Username: ${user.getUsername()}
		</text>
	</email>
</createdpassword>
<changedpassword disabled="false">
	<email>
		<subject>Email Subject</subject>
		<text>Email Text
			Username: ${user.getUsername()}
		</text>
	</email>
</changedpassword>

The complete default notifications.cf file is the following:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
  <createdpassword disabled="false">
    <email>
      <subject>${msgs['net.datenwerke.security.ext.server.locale.DwSecurityMessages']['createdPasswordSubject']}</subject>
      <text>${msgs['net.datenwerke.security.ext.server.locale.DwSecurityMessages']['createdPasswordSalutation']} ${user.getFirstname()} ${user.getLastname()},

${msgs['net.datenwerke.security.ext.server.locale.DwSecurityMessages']['createdPasswordIntro']}

${user.getUsername()}

${msgs['net.datenwerke.security.ext.server.locale.DwSecurityMessages']['createdPasswordEnd']}

      </text>
    </email>
  </createdpassword>
  <changedpassword disabled="false">
    <email>
      <subject>${msgs['net.datenwerke.security.ext.server.locale.DwSecurityMessages']['changedPasswordSubject']}</subject>
      <text>${msgs['net.datenwerke.security.ext.server.locale.DwSecurityMessages']['changedPasswordSalutation']} ${user.getFirstname()} ${user.getLastname()},

${msgs['net.datenwerke.security.ext.server.locale.DwSecurityMessages']['changedPasswordIntro']}

${user.getUsername()}

${msgs['net.datenwerke.security.ext.server.locale.DwSecurityMessages']['changedPasswordEnd']}
      </text>
    </email>
  </changedpassword>
  <lostpassword indicateWrongUsername="false">
    <email>
      <subject>${msgs['net.datenwerke.rs.passwordpolicy.service.locale.PasswordPolicyMessages']['lostPasswordSubject']}</subject>
      <text>${msgs['net.datenwerke.rs.passwordpolicy.service.locale.PasswordPolicyMessages']['lostPasswordSalutation']} ${user.getFirstname()} ${user.getLastname()},

${msgs['net.datenwerke.rs.passwordpolicy.service.locale.PasswordPolicyMessages']['lostPasswordIntro']}

        ${msgs['net.datenwerke.rs.passwordpolicy.service.locale.PasswordPolicyMessages']['lostPasswordUsername']}: ${user.getUsername()}
        ${msgs['net.datenwerke.rs.passwordpolicy.service.locale.PasswordPolicyMessages']['lostPasswordPassword']}: ${password}

 ${msgs['net.datenwerke.rs.passwordpolicy.service.locale.PasswordPolicyMessages']['lostPasswordEnd']}
      </text>
    </email>
  </lostpassword>
</configuration>

Currency Locales

The currency locales may be now configured in the following section of the /etc/main/localization.cf file:

<currencies>
       <currency language="de" region="DE">currencyEuro</currency>
       <currency language="en" region="US">currencyDollar</currency>
       <currency language="en" region="GB">currencyPound</currency>
       <currency language="ar" region="AE">AED</currency>
       <currency language="ps" region="AF">AFN</currency>
       ...
</currencies>

In the example above, the Euro currency is localized to the de_DE locale. If you need to change this, e.g. to fr_FR, you may change this to:

<currencies>
       <currency language="fr" region="FR">currencyEuro</currency>
       <currency language="en" region="US">currencyDollar</currency>
       <currency language="en" region="GB">currencyPound</currency>
       <currency language="ar" region="AE">AED</currency>
       <currency language="ps" region="AF">AFN</currency>
       ...
</currencies>

As currency is locale-specific, the format may change depending on the locale configured here.
For example, 123456.79 dollars will be printed as follows in the default locale:

US$123,456.79

In en_US locale, the same will be printed as:

$123,456.79

Note that you have to restart ReportServer if you change your currency locale configuration.

More details on currency locales may be found here: http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/NumberFormat.html. The complete default localization.cf file is the following:

More details on currency locales may be found here: http://www.gwtproject.org/javadoc/latest/com/google/gwt/i18n/client/NumberFormat.html. The complete default localization.cf file is the following:

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
   <localization>
     <default>en</default>
     <!-- <locales>en,fr,de</locales> -->
     <format>
     <!--
         <shortDatePattern></shortDatePattern>
	     <longDatePattern></longDatePattern>
	     <shortTimePattern></shortTimePattern>
	     <longTimePattern></longTimePattern>
	     <shortDateTimePattern></shortDateTimePattern>
	     <longDateTimePattern></longDateTimePattern>
	     <numberPattern></numberPattern>
	     <currencyPattern></currencyPattern>
	     <integerPattern></integerPattern>
	     <percentPattern></percentPattern>
	  -->
     </format>
     <currencies>
       <currency language="de" region="DE">currencyEuro</currency>
       <currency language="en" region="US">currencyDollar</currency>
       <currency language="en" region="GB">currencyPound</currency>
       <currency language="ar" region="AE">AED</currency>
       <currency language="ps" region="AF">AFN</currency>
       <currency language="sq" region="AL">ALL</currency>
       <currency language="hy" region="AM">AMD</currency>
       <currency language="pap" region="CW">ANG</currency>
       <currency language="pt" region="AO">AOA</currency>
       <currency language="es" region="AR">ARS</currency>
       <currency language="en" region="AU">AUD</currency>
       <currency language="nl" region="AW">AWG</currency>
       <currency language="az" region="AZ">AZN</currency>
       <currency language="bs" region="BA">BAM</currency>
       <currency language="en" region="BB">BBD</currency>
       <currency language="bn" region="BD">BDT</currency>
       <currency language="bg" region="BG">BGN</currency>
       <currency language="ar" region="BH">BHD</currency>
       <currency language="en" region="BI">BIF</currency>
       <currency language="en" region="BM">BMD</currency>
       <currency language="ms" region="BN">BND</currency>
       <currency language="es" region="BO">BOB</currency>
       <currency language="pt" region="BR">BRL</currency>
       <currency language="en" region="BS">BSD</currency>
       <currency language="dz" region="BT">BTN</currency>
       <currency language="en" region="BW">BWP</currency>
       <currency language="be" region="BY">BYR</currency>
       <currency language="en" region="BZ">BZD</currency>
       <currency language="en" region="CA">CAD</currency>
       <currency language="ln" region="CD">CDF</currency>
       <currency language="de" region="CH">CHF</currency>
       <currency language="es" region="CL">CLP</currency>
       <currency language="zh" region="CN">CNY</currency>
       <currency language="es" region="CO">COP</currency>
       <currency language="es" region="CR">CRC</currency>
       <currency language="es" region="CU">CUC</currency>
       <currency language="es" region="CU">CUP</currency>
       <currency language="pt" region="CV">CVE</currency>
       <currency language="cs" region="CZ">CZK</currency>
       <currency language="aa" region="DJ">DJF</currency>
       <currency language="da" region="DK">DKK</currency>
       <currency language="es" region="DO">DOP</currency>
       <currency language="ar" region="DZ">DZD</currency>
       <currency language="ar" region="EG">EGP</currency>
       <currency language="ti" region="ER">ERN</currency>
       <currency language="ti" region="ET">ETB</currency>
       <currency language="de" region="DE">EUR</currency>
       <currency language="hif" region="FJ">FJD</currency>
       <currency language="en" region="FK">FKP</currency>
       <currency language="en" region="GB">GBP</currency>
       <currency language="ka" region="GE">GEL</currency>
       <currency language="en" region="GG">GGP</currency>
       <currency language="ak" region="GH">GHS</currency>
       <currency language="en" region="GI">GIP</currency>
       <currency language="en" region="GM">GMD</currency>
       <currency language="fr" region="GN">GNF</currency>
       <currency language="es" region="GT">GTQ</currency>
       <currency language="en" region="GY">GYD</currency>
       <currency language="en" region="HK">HKD</currency>
       <currency language="es" region="HN">HNL</currency>
       <currency language="hr" region="HR">HRK</currency>
       <currency language="ht" region="HT">HTG</currency>
       <currency language="hu" region="HU">HUF</currency>
       <currency language="id" region="ID">IDR</currency>
       <currency language="he" region="IL">ILS</currency>
       <currency language="en" region="IM">IMP</currency>
       <currency language="hi" region="IN">INR</currency>
       <currency language="ar" region="IQ">IQD</currency>
       <currency language="fa" region="IR">IRR</currency>
       <currency language="is" region="IS">ISK</currency>
       <currency language="en" region="JE">JEP</currency>
       <currency language="en" region="JM">JMD</currency>
       <currency language="ar" region="JO">JOD</currency>
       <currency language="ja" region="JP">JPY</currency>
       <currency language="om" region="KE">KES</currency>
       <currency language="ky" region="KG">KGS</currency>
       <currency language="km" region="KH">KHR</currency>
       <currency language="fr" region="KM">KMF</currency>
       <currency language="ko" region="KP">KPW</currency>
       <currency language="ko" region="KR">KRW</currency>
       <currency language="ar" region="KW">KWD</currency>
       <currency language="en" region="KY">KYD</currency>
       <currency language="kk" region="KZ">KZT</currency>
       <currency language="lo" region="LA">LAK</currency>
       <currency language="ar" region="LB">LBP</currency>
       <currency language="si" region="LK">LKR</currency>
       <currency language="en" region="LR">LRD</currency>
       <currency language="en" region="LS">LSL</currency>
       <currency language="ar" region="LY">LYD</currency>
       <currency language="ar" region="MA">MAD</currency>
       <currency language="ru" region="MD">MDL</currency>
       <currency language="mg" region="MG">MGA</currency>
       <currency language="mk" region="MK">MKD</currency>
       <currency language="my" region="MM">MMK</currency>
       <currency language="mn" region="MN">MNT</currency>
       <currency language="en" region="MO">MOP</currency>
       <currency language="ar" region="MR">MRU</currency>
       <currency language="mfe" region="MU">MUR</currency>
       <currency language="dv" region="MV">MVR</currency>
       <currency language="en" region="MW">MWK</currency>
       <currency language="es" region="MX">MXN</currency>
       <currency language="ms" region="MY">MYR</currency>
       <currency language="pt" region="MZ">MZN</currency>
       <currency language="en" region="NA">NAD</currency>
       <currency language="en" region="NG">NGN</currency>
       <currency language="es" region="NI">NIO</currency>
       <currency language="nn" region="NO">NOK</currency>
       <currency language="ne" region="NP">NPR</currency>
       <currency language="en" region="NZ">NZD</currency>
       <currency language="ar" region="OM">OMR</currency>
       <currency language="es" region="PA">PAB</currency>
       <currency language="es" region="PE">PEN</currency>
       <currency language="tpi" region="PG">PGK</currency>
       <currency language="fil" region="PH">PHP</currency>
       <currency language="pa" region="PK">PKR</currency>
       <currency language="pl" region="PL">PLN</currency>
       <currency language="es" region="PY">PYG</currency>
       <currency language="ar" region="QA">QAR</currency>
       <currency language="ro" region="RO">RON</currency>
       <currency language="sr" region="RS">RSD</currency>
       <currency language="ru" region="RU">RUB</currency>
       <currency language="rw" region="RW">RWF</currency>
       <currency language="ar" region="SA">SAR</currency>
       <currency language="en" region="SB">SBD</currency>
       <currency language="en" region="SC">SCR</currency>
       <currency language="ar" region="SD">SDG</currency>
       <currency language="sv" region="SE">SEK</currency>
       <currency language="en" region="SG">SGD</currency>
       <currency language="en" region="SH">SHP</currency>
       <currency language="en" region="SL">SLL</currency>
       <currency language="so" region="SO">SOS</currency>
       <currency language="nl" region="SR">SRD</currency>
       <currency language="en" region="SS">SSP</currency>
       <currency language="pt" region="ST">STN</currency>
       <currency language="es" region="SV">SVC</currency>
       <currency language="ar" region="SY">SYP</currency>
       <currency language="en" region="SZ">SZL</currency>
       <currency language="th" region="TH">THB</currency>
       <currency language="tg" region="TJ">TJS</currency>
       <currency language="tk" region="TM">TMT</currency>
       <currency language="ar" region="TN">TND</currency>
       <currency language="to" region="TO">TOP</currency>
       <currency language="tr" region="TR">TRY</currency>
       <currency language="en" region="TT">TTD</currency>
       <currency language="en" region="TV">TVD</currency>
       <currency language="zh" region="TW">TWD</currency>
       <currency language="sw" region="TZ">TZS</currency>
       <currency language="uk" region="UA">UAH</currency>
       <currency language="lg" region="UG">UGX</currency>
       <currency language="en" region="US">USD</currency>
       <currency language="es" region="UY">UYU</currency>
       <currency language="uz" region="UZ">UZS</currency>
       <currency language="es" region="VE">VEF</currency>
       <currency language="vi" region="VN">VND</currency>
       <currency language="bi" region="VU">VUV</currency>
       <currency language="sm" region="WS">WST</currency>
       <currency language="fr" region="CM">XAF</currency>
       <currency language="en" region="LC">XCD</currency>
       <currency language="fr" region="BJ">XOF</currency>
       <currency language="fr" region="PF">XPF</currency>
       <currency language="ar" region="YE">YER</currency>
       <currency language="en" region="ZA">ZAR</currency>
       <currency language="en" region="ZM">ZMW</currency>
       <currency language="en" region="ZW">ZWL</currency>
     </currencies>
  </localization>
</configuration>

For a list of all changes please refer to the release notes. The upgrade guide is available in the documentation area.
Happy reporting!

ReportServer 3.2.0 is now available

ReportServer 3.2.0 is now available!

In the following some important features in this version:

Allow to disable SFTP server

You can now disable the SFTP server by setting the disabled property in your /etc/misc/misc.cf file:

<remoteaccess>
   <sftp disabled="true">
      <!-- Use $generated in order to generate a key on first start. -->
      <keylocation>/path/to/hostkey.pem</keylocation>
      <port>8022</port>
   </sftp>
</remoteaccess>

After a ReportServer restart, the SFTP server will not be started if disabled previously.

Report deployment analysis

Allows to create an analysis of a deployment attempt of a given report (left report) into an destination report (right report). Both reports have to exist already in ReportServer. This analysis lists conflicts -including context- that would occur during a deployment attempt of the left report into the right report. You can create this document with this command:

deployReport analyze id:Report:75919 id:Report:64253

where the id of the left report is 75919 and the id of the right report is 64253. An example analysis is shown in the following screenshots.

The current sections in the analysis are:

  • Columns contained in left report but not in right report
  • Columns contained in both reports but which different definitions
  • Variants of right report using columns not available in left report
  • Variants of right report using columns with different definitions as in left report

Note that if an entry does not cause a conflict, e.g. if the corresponding column is not used in any variant, the entry is not listed in the analysis result.

Dynamic list filter export

The filters and pre-filters can now be exported in an analogous way as the parameters. For this, you can use the new “output_filters” report property analogously as the “output_parameters” property. For HTML and PDF export, you can use the “${filterMapSimple}” variable analogously to the “${parameterMapSimple}” variable in the /etc/dynamiclists/htmlexport.cf (/etc/dynamiclists/pdfexport.cf for pdf). An example Excel export is shown in the following screenshot.

Note that all configuration options: parameters, filters and pre-filters are being exported into the “Configuration” sheet. This allows you to completely understand the data shown in the “Dynamic list” sheet.

Export list of scheduler job recipients and owners

You can now export a list of scheduler job recipients and owners in the scheduler email. For substitution of this list of users, you can use a fluent API that allows you to configure the output exactly as you need. For a list of available methods please refer to the documentation. As an example, if you enter the following configuration:

${recipients.
      addFirstnames().
      addSpace().
      addLastnames().
      addSpace().
      addString("(").
      addUsernames().
      addString(")").
      print()
 }

will print the following:

Barry Jones (bjones)

Diane Murphy (dmurphy)

Gerard Hernandez (ghernande)

Larry Bott (lbott)

If you want to separate the users by a comma instead of a new line, you can enter use the \code{setSeparator()} method as follows:

${recipients.
      setSeparator(", ").
      addFirstnames().
      addSpace().
      addLastnames().
      addSpace().
      addString("(").
      addUsernames().
      addString(")").
      print()
 }

which will print the following data:

Barry Jones (bjones), Diane Murphy (dmurphy), Gerard Hernandez (ghernande), Larry Bott (lbott)

For printing the list of owners, you can use the “owners” variable analogously.

MySQL 8 and MariaDB 10 support

You can now create and use MySQL 8 and MariaDB 10 datasources. The old MySQL 5 and MariaDB 5 datasources are of course also supported.

Mondrian 3 support

Mondrian 3 OLAP reports are now supported alongside with Mondrian 4 OLAP reports. The Mondrian 4 features, e.g. parameter substitution, cache deletion, or variant configuration protection are also supported in Mondrian 3. For activating Mondrian 3, please select the “Mondrian 3” checkbox in the following screenshot of your Mondrian datasource.

DB driver upgrade

The following drivers were upgraded:

  • MySQL: mysql-connector-java-8.0.20.jar
  • MariaDB: mariadb-java-client-2.6.0.jar
  • Postgres: postgresql-42.2.12.jar
  • H2: h2-1.4.200.jar
  • HSQL: hsqldb-2.5.0.jar

JXLS2 streaming

For heavy JXLS2 reports, i.e. reports having a large quantity of records and columns, you can now activate the streaming option with the jxls_streaming report property as shown in the following screenshot. This should improve performance. The property can be activated per report or/and per variant and works analogously for JXLS2 reports and JXLS2 templates of the dynamic list.

Keep in mind that with jxls2 streaming activated, most Excel formulas can not be used directly, so this is best for streaming raw data. We will update our documentation for details on this.

Copy/move variants between reports

You can now copy or move variants between different reports with the “mv” or “cp” commands, respectively, as shown in the following screenshot. Details can be found in the documentation.

The complete Release Notes are available here.

Apache JServ Protocol (AJP) Security Update

On February 29th, a vulnerability affecting Apache Tomcat were publicly disclosed:

This CVE describes an issue in AJP (Apache JServ Protocol) that can be exploited to either read or write files to a Tomcat server. Tomcat uses AJP to exchange data with nearby Apache HTTPD web servers or other Tomcat instances. This connector is enabled by default on all Tomcat servers and listens on the server’s port 8009, bounded to the 0.0.0.0 IP address.

In addition, application’s configuration files could be read, and passwords or API tokens stolen creating backdoors or web shells. This attack is exploitable via network with low attack complexity and without the required privileges as well as without the need for user interaction.

More info about this issue and the exact changes at the Apache Tomcat official site.

Affected Platforms

Check the Apache Tomcat version that you are currently using. The following versions are vulnerable and allow malicious users to exploit it:

  • 7.0.0 to 7.0.99
  • 8.5.0 to 8.5.50
  • 9.0.0.M1 to 9.0.30

How To Patch It

Update Apache Tomcat version to 7.0.100, 8.5.51 or 9.0.31.

We also recommend to not expose the AJP port externally to avoid being affected by this issue.

Bitnami Packages

Both ReportServer Enterprise and Community editions Bitnami solutions were updated to include the latest version of Tomcat. Also, new cloud images we submitted to the different cloud providers to secure new users deployments in the cloud as well.

More information can be found here: https://docs.bitnami.com/general/security/security-2020-02-29/