News Date and Time
Feb 04 2020 18:00
We are pleased to announce the 1.13.3 maintenance release of the JobScheduler, JOC Cockpit and YADE
This release includes fixes for vulnerabilities and bugs of previous releases 1.13 and brings minor new features to JobScheduler, the JOC Cockpit and YADE.
Features
- JOC-759: Template wizard for jobs in JOC Cockpit
- JOC-819: JOC Cockpit XML Editor - new features
- JOC-863: Jobs in Job Streams view should display a timeslot setting
Fixes
- see Release 1.13.3
Vulnerabilities
- JOC-854 Cross-Site Scripting (XSS) Vulnerability allows to inject HTML and script code to REST API calls (CVE-2020-6854)
- JOC-853 XML eXternal Entity (XXE) Vulnerability allows to read files from the server (CVE-2020-6856)
- JITL-590 Denial of Service (DOS) Vulnerability allows to exhaust resources when calculating the daily plan (CVE-2020-6855)
- JS-1869 Update use of log4j to log4j2 due to vulnerability issue in log4j (CVE-2019-17571)
See the Release Notes for a detailed list of the features and bug-fixes.
Important
Please also take note of our Change Management information.