JobScheduler release 1.7.4241 brings bug-fixes for three vulnerabilities in JobScheduler 1.7. We recommend that users of JobScheduler 1.7 install this release. This is a maintenance release based on release 1.7.4189 and does not bring any new features.
The vulnerabilities are described in the following issues:
JS-1203 - DOM-based Cross-Site Scripting (XSS) Vulnerability (CVE-2014-5391)
JS-1204 - XML eXternal Entity (XXE) Vulnerability (CVE-2014-5392)
JS-1205 - Path Traversal Vulnerability (CVE-2014-5393)
We will be contacting JobScheduler users with commercial licenses to inform them about this update. Responsible persons such as system administrators with commercial JobScheduler licenses may contact us directly via email@example.com for more information.