Skip to main content

Vulnerability Maintenance Release for JobScheduler 1.7

Submitted by sos-admin on Tue, 09/02/2014 - 15:24
News Date and Time
Sep 02 2014 15:24

JobScheduler release 1.7.4241 brings bug-fixes for three vulnerabilities in JobScheduler 1.7. We recommend that users of JobScheduler 1.7 install this release. This is a maintenance release based on release 1.7.4189 and does not bring any new features.

This release only applies to JobScheduler – JADE is not affected by the vulnerabilities.
Downloads are available from our own download pages for JobScheduler & JADE as well as from SourceForge.

The vulnerabilities are described in the following issues:
JS-1203 - DOM-based Cross-Site Scripting (XSS) Vulnerability (CVE-2014-5391)
JS-1204 - XML eXternal Entity (XXE) Vulnerability (CVE-2014-5392)
JS-1205 - Path Traversal Vulnerability (CVE-2014-5393)

We will be contacting JobScheduler users with commercial licenses to inform them about this update. Responsible persons such as system administrators with commercial JobScheduler licenses may contact us directly via for more information.