JobScheduler release 1.7.4241 brings bug-fixes for three vulnerabilities in JobScheduler 1.7. We recommend that users of JobScheduler 1.7 install this release. This is a maintenance release based on release 1.7.4189 and does not bring any new features.
This release only applies to JobScheduler – JADE is not affected by the vulnerabilities.
Downloads are available from our own download pages for JobScheduler & JADE as well as from SourceForge.
The vulnerabilities are described in the following issues:
JS-1203 - DOM-based Cross-Site Scripting (XSS) Vulnerability (CVE-2014-5391)
JS-1204 - XML eXternal Entity (XXE) Vulnerability (CVE-2014-5392)
JS-1205 - Path Traversal Vulnerability (CVE-2014-5393)
We will be contacting JobScheduler users with commercial licenses to inform them about this update. Responsible persons such as system administrators with commercial JobScheduler licenses may contact us directly via support@sos-berlin.com for more information.