We are pleased to announce the 1.12.12 release of the JobScheduler, JOC Cockpit and YADE
This release includes fixes for vulnerabilities and bugs of previous releases 1.12. and brings minor new features to JobScheduler, the JOC Cockpit and YADE.
- JITL-589: JITL Jobs, JobScheduler Plugins and JOC Cockpit should support use of a Credential Store
- JITL-587: SOS Hibernate Managed Database Job should make use of Credential Store
- JITL-588: SOS PLSQL Database Job should support use of a Credential Store
- see Release 1.12.12
- JOC-854 Cross-Site Scripting (XSS) Vulnerability allows to inject HTML and script code to REST API calls (CVE-2020-6854)
- JOC-853 XML eXternal Entity (XXE) Vulnerability allows to read files from the server (CVE-2020-6856)
- JITL-590 Denial of Service (DOS) Vulnerability allows to exhaust resources when calculating the daily plan (CVE-2020-6855)
- JS-1869 Update use of log4j to log4j2 due to vulnerability issue in log4j (CVE-2019-17571)
See the Release Notes for a detailed list of the features and bug-fixes.
Please also take note of our Change Management information.