News Date and Time
Jun 10 2020 06:00
We are pleased to announce the 1.13.4 maintenance release of the JobScheduler, JOC Cockpit and YADE
This release includes fixes for vulnerabilities and bugs of previous releases 1.13 and brings minor new features to JobScheduler, the JOC Cockpit and YADE.
Features
- JOC-912: Job Streams should have a job stream starter that creates a context for events
- JOC-878: Improvement in performance of yearly view for Calendar
- JITL-605: JAVA JobSchedulerJobAdapter refactoring (performance improvements)
- YADE-556: YADE should perform reconnection attempts if there is a connection failure
- YADE-559: SFTP - support path transformation for host running OpenSSH on Windows
Fixes
- see Release 1.13.4
Vulnerabilities
- SET-191: Update JCraft JSch version to 0.1.55 due to vulnerability issues (CVE-2016-5725)
- SET-190: Update Jackson Databind version to >= 2.9.10.3 due to vulnerability issues (CVE-2019-20330, CVE-2020-8840)
- SET-193: Update Jackson Databind version to >= 2.9.10.4 due to vulnerability issues (CVE-2020-11620)
- JS-1881: Update spray json version to 1.3.5 due to vulnerability issues CVE-2018-18853, CVE-2018-18854
- JOC-930: Update use of log4j2 to 2.13.2 due to vulnerability issue in log4j2 2.13.0 (CVE-2020-9488)
- JOC-876: Update use of shiro-core version to >= 1.4.2 due to vulnerability issue CVE-2019-12422
- JOE-290: Password Obfuscation Vulnerability (CVE-2020-12712)
See the Release Notes for a detailed list of the features and bug-fixes.
Important
Please also take note of our Change Management information.
