Currently I am using Birt Report runtime version 4.4.2 and it internally uses iText version - 2.1.7
I have Birt report .rptdesign files as template and using Birt Report runtime engine to create/render pdfs where data comes from database and pdf will be rendered on web browser.
as per below link there is XXE vulnerability in iText 2.1.7 version
https://www.compass-security.com/fileadmin/Datein/Research/Advisories/CSNC-2017-017_itext_xml_external_entity_attack.txt
To fix this vulnerability I need to use latest iText version 7.X release.
After some research I have found that I can't use latest iText version 7.X release because Birt Report runtime version 4.4.2 is using internally old iText version classes.
I am looking for new Birt Report runtime jar version.
if Birt Report Runtime latest version is not available then I would like to know what are the options to replace my existing create/render pdf functionality - data comes through database.
I am ready to take license version with paid option
