JobScheduler release 1.6.4246 brings bug-fixes for three vulnerabilities in JobScheduler 1.6. We recommend that users of JobScheduler 1.6 install this release. This is a maintenance release based on release 1.6.4131 and does not bring any new features.
It is basically an implentation of the bug-fixes for version 1.7 (released on 2nd September) for version 1.6.
This release only applies to JobScheduler – JADE is not affected by the vulnerabilities.
Downloads are available from our website as well as from SourceForge.
The vulnerabilities are described in the following issues:
JS-1203 - DOM-based Cross-Site Scripting (XSS) Vulnerability (CVE-2014-5391)
JS-1204 - XML eXternal Entity (XXE) Vulnerability (CVE-2014-5392)
JS-1205 - Path Traversal Vulnerability (CVE-2014-5393)
We will be contacting JobScheduler users with commercial licenses to inform them about this update. Responsible persons such as system administrators with commercial JobScheduler licenses may contact us directly via support@sos-berlin.com for more information.
