Unplanned
Last Updated: 30 Oct 2020 12:06 by ADMIN
It would help if  we have the result from the report rendering, so in this way if there is a problem with the report processing, the error can be handled.
Completed
Last Updated: 21 Oct 2020 12:15 by ADMIN
Release R3 2020 SP1
Users which only have access to their own categories can see the categories of the other users when they perform filtering - see the attached image.
Completed
Last Updated: 21 Oct 2020 12:15 by ADMIN
Release R3 2020 SP1
We have done a security analysis and we found that there are some vulnerabilities with the default Telerik reports project as below.

Poor Error Handling: Unhandled exception

Error pages containing stack traces were found on these pages:
https://reports.abc.com/Account/ForgotPassword POST parameters: __RequestVerificationToken, Email
https://reports.abc.com/Account/Login POST parameters: __RequestVerificationToken, Username, Password, RememberMe, ReturnUrl https://reports.abc.com/api/reportserver/documents/C$39cae14f81d$9809a8279f1$72d6f30af5b7ed1809a23e

Stack traces are call chains of line numbered source code that usually result from unhandled exceptions. Unhandled exceptions are circumstances in which the application has received user input that it did not expect and doesn't know how to deal with. In many cases, an attacker can leverage the conditions that cause these errors in order to gain unauthorized access to the system. Recommendations include designing and adding consistent error-handling mechanisms that are capable of handling any user input to your web application, providing meaningful detail to end-users, and preventing error messages that might provide information useful to an attacker from being displayed.
Completed
Last Updated: 21 Oct 2020 12:15 by ADMIN
Release R3 2020 SP1
Having debugging turned on comes at a significant performance cost.
Completed
Last Updated: 21 Oct 2020 12:15 by ADMIN
Release R3 2020 SP1

There are vulnerabilities in the Report Server related to Cross-Site Scripting.

Under Review
Last Updated: 19 Oct 2020 18:23 by ADMIN
Currently the accessToken expires in 30min and cannot be controlled. Please, make this expiration time configurable.
Unplanned
Last Updated: 01 Oct 2020 07:57 by ADMIN

Getting this error in the browser when trying to preview a report:

Error registering the viewer with the service.
An error has occurred.
Incorrect value (null) deserialized. Make sure you are using CacheStorage inside single-instance application deployment only.

A possible reason is the cache for the Report Server used for previewing reports has become corrupted. A workaround is explained in the Telerik.Reporting.Cache.CacheStorage.AddInSet NullReferenceException KB article.

It will be very convenient for the user to be able to clear the cache directly from the Report Server Manager UI.

Unplanned
Last Updated: 21 Sep 2020 13:54 by ADMIN
The CORS is enabled in the Report Server for all domains. This makes the application vulnerable to CORS attacks. The problem may be avoided by making CORS configurable.
Completed
Last Updated: 17 Sep 2020 03:59 by ADMIN
Created by: Greg
Comments: 3
Type: Feature Request
29
In many cases one can't simply ask users to download an installed report builder. The reports should be buildable in a web based tool.
Completed
Last Updated: 16 Sep 2020 13:21 by ADMIN
Release 2020 R3

It seems that when you try to open two tabs in the same browser looking at different websites, the browser gets confused about the URL that is sending the request. Issue is related to CORS protocol and HTTP caches.

It sounds like something needs to be changed on the report server so that even if it gets cached it would still allow access when I switch sub domains.  Or something on the viewer side to clear the cache.

Completed
Last Updated: 14 Aug 2020 13:00 by ADMIN
Release 2020 R2 SP1 (Latest Internal Build)
Upgrade to R2 2020 (6.1.20.513) or R2 2020 SP1 (6.1.20.618) fails when the storage contains invalid DateTime values (An invalid time falls within a range of times for the current time zone that cannot be mapped to Coordinated Universal Time (UTC) due to the application of an adjustment rule. Typically, invalid times occur when the time moves ahead for daylight saving time)
Unplanned
Last Updated: 13 Aug 2020 13:39 by ADMIN
Created by: Cedric
Comments: 2
Type: Feature Request
0

The Whitelabeling option are extremely limited.

I would like to see more customization available like removing the sidebar completely, or based on user settings / roles - as well as the top title bar (where logo is).

Customizable themes would go a long way.

Being able to integrate the existing report server pages into our own website would cut down on a lot of work.

 

Planned
Last Updated: 04 Aug 2020 14:27 by ADMIN
The Migration tool updates the source storage instance to its own version prior to migration process. This might cause issues in scenarios where an older version of Report Server storage is used in production and the migration is performed using a newer version of Migration tool. The tool must show a confirmation dialog and wait for input from user before modifying the source storage.
Pending Review
Last Updated: 28 Jul 2020 15:33 by ADMIN
The Scheduled Task and Data Alert definitions should have the option to allow copying the generated report on some predefined path.
Unplanned
Last Updated: 03 Jul 2020 16:43 by Peter
Created by: n/a
Comments: 2
Type: Feature Request
3

Functionality for capturing user activity like executing reports from viewers or through the Report Server Web API.

Completed
Last Updated: 03 Jul 2020 16:38 by ADMIN
Could the 'From' email address in Preview Email functionality be self populated from the 'Mail Server' SMTP settings in configuration?

This way the users do not need to a) remember the email address; and b) type it each time they are emailing a report.
Pending Review
Last Updated: 30 Jun 2020 18:46 by Tony

Hello, 

 

I recently upgraded our Report Server that was hosted in IIS with an HTTPS binding but after the upgrade we were unable to communicate with the server using HTTPS. We received an invalid client id error.

We updated the bindings and everything worked. However, it would be nice if we could upgrade Report Server without changing the IIS bindings.

 

Thank you.

Unplanned
Last Updated: 16 Jun 2020 07:21 by ADMIN

Provide the option to save custom report settings in the storage and enable specific rendering device settings based on custom settings.

Example use case:

- on the Report Server - Report view, the user should have a button for report settings;

- this button will open a custom dialog that contains various inputs;

- clicking Save on the custom dialog, the save operation will be handled by the Report Server implementor and the implementor should be able to get the user input and save various settings in the Report Server storage for the selected report;

- on rendering the report through the Preview, Scheduled Task, or Data Alert, the report server engine should invoke a custom event/code that can read the storage report settings and based on them provide rendering device settings to use during the report rendering.

Unplanned
Last Updated: 12 Jun 2020 09:02 by ADMIN
It would be very helpful if there is a log file an administrator could examine to see the internal workings of the system instead of having to install additional software and go through many steps. For example, if sending an email for a scheduled task failed, the log file should say the reason for this: Could the server be reached? Were the credentials invalid? Was there some sort of internal error?
Under Review
Last Updated: 10 Jun 2020 07:30 by ADMIN
Created by: Peter
Comments: 0
Type: Feature Request
3
Research and enable support for Azure App Services. Additionally, provide Report Server deployment through the Azure marketplace 
1 2 3 4 5