A hotfix for a security vulnerability in QPR Reporting Add-on is available. There are two hotfix packages, one for QPR Reporting Add-on version 2016.1.0 and one for 2017.1.0. The packages can be used both for patching an earlier installation of QPR Reporting Add-on and for new installation from scratch.
The vulnerability affects both QPR Word Reports and QPR Web Views. It is strongly recommended to update all environments running QPR Reporting Add-on as soon as possible.
The hotfix package for QPR Reporting Add-on 2016.1.0 is available here:
The hotfix package for QPR Reporting Add-on 2017.1.0 is available here:
These packages should also be used for new installations of QPR Reporting Add-on. Installation instructions are found from the Documentation folder inside the zip -packages.