Skip to main content

Vulnerability Maintenance Release for JobScheduler 1.6

Submitted by sos-admin on Fri, 09/05/2014 - 20:05
News Date and Time
Sep 05 2014 20:05

JobScheduler release 1.6.4246 brings bug-fixes for three vulnerabilities in JobScheduler 1.6. We recommend that users of JobScheduler 1.6 install this release. This is a maintenance release based on release 1.6.4131 and does not bring any new features.
It is basically an implentation of the bug-fixes for version 1.7 (released on 2nd September) for version 1.6.

This release only applies to JobScheduler – JADE is not affected by the vulnerabilities.
Downloads are available from our website as well as from SourceForge.

The vulnerabilities are described in the following issues:
JS-1203 - DOM-based Cross-Site Scripting (XSS) Vulnerability (CVE-2014-5391)
JS-1204 - XML eXternal Entity (XXE) Vulnerability (CVE-2014-5392)
JS-1205 - Path Traversal Vulnerability (CVE-2014-5393)

We will be contacting JobScheduler users with commercial licenses to inform them about this update. Responsible persons such as system administrators with commercial JobScheduler licenses may contact us directly via for more information.