JobScheduler release 1.6.4246 brings bug-fixes for three vulnerabilities in JobScheduler 1.6. We recommend that users of JobScheduler 1.6 install this release. This is a maintenance release based on release 1.6.4131 and does not bring any new features.
It is basically an implentation of the bug-fixes for version 1.7 (released on 2nd September) for version 1.6.
The vulnerabilities are described in the following issues:
JS-1203 - DOM-based Cross-Site Scripting (XSS) Vulnerability (CVE-2014-5391)
JS-1204 - XML eXternal Entity (XXE) Vulnerability (CVE-2014-5392)
JS-1205 - Path Traversal Vulnerability (CVE-2014-5393)
We will be contacting JobScheduler users with commercial licenses to inform them about this update. Responsible persons such as system administrators with commercial JobScheduler licenses may contact us directly via firstname.lastname@example.org for more information.