YADE (SOSFTP) News

A Batch and API oriented application for managed file transfer.

Brought to you by: oliver_haufe, sosap, sp-sos, uwe_risse

JobScheduler, JOC Cockpit & YADE maintenance release 1.13.3

We are pleased to announce the 1.13..3 maintenance release of JobScheduler, JOC Cockpit and YADE.

This release includes fixes for vulnerabilities and bugs of previous releases 1.13 and brings minor new features to JobScheduler, the JOC Cockpit and YADE.

Features

JOC-759: Template wizard for jobs in JOC Cockpit
JOC-819: JOC Cockpit XML Editor - new features
JOC-863: Jobs in Job Streams view should display a timeslot setting

Fixes

see Releases 1.13.3

Vulnerabilities

JOC-854 Cross-Site Scripting (XSS) Vulnerability allows to inject HTML and script code to REST API calls (CVE-2020-6854)
JOC-853 XML eXternal Entity (XXE) Vulnerability allows to read files from the server (CVE-2020-6856)
JITL-590 Denial of Service (DOS) Vulnerability allows to exhaust resources when calculating the daily plan (CVE-2020-6855)
JS-1869 Update use of log4j to log4j2 due to vulnerability issue in log4j (CVE-2019-17571)

See the release notes 1.13.3 for a detailed list of issues.

Important

Please take note of our Change Management information.

** Download JobScheduler**

Download YADE

Posted by 2020-02-05