We are pleased to announce the 1.13.19 release of the JobScheduler, JOC Cockpit and YADE
This Long Term Support maintenance release brings bug-fixes and vulnerability fixes to the JOC Cockpit and YADE.
- Long Term Support Releases (LTS) are available for subscribers only
- For the Last Public Maintenance release see Release Archive
- YADE-603: HTTP provider - OutOfMemoryError while downloading file
- YADE-602: SSHJ provider - http proxy without authentication
- SET-226: Update security header for Content-Security-Policy (vulnerability CVE-2023-37272)
- The vulnerability is considered severe.
- Users find a patch instructions that can be applied for releases 1.13.11 to 1.13.18.
- JITL-714: JS1 and JS7 KeePass CredentialStore Interface should not use vulnerable 3rd-party library simple-xml (CVE-2017-1000190, CVE-2017-14868)
- JOC-1532: Update jackson-databind to 2.14.2 due to 3rd-party vulnerability issue CVE-2022-42003
See the Release Notes for a detailed list of the features and bug-fixes.
Please also take note of our Change Management information.