- Currently JOC Cockpit and JobScheduler use Jackson Databind version 2.9.9.
- A vulnerability affects this version, see https://www.cvedetails.com/cve/CVE-2019-14379/ and https://www.cvedetails.com/cve/CVE-2019-14439/
- Due to a vulnerability Issue of older Jackson releases the JOC Cockpit as well as the JobScheduler should use the current version 220.127.116.11 that fixes the issues.
Release 1.11 that includes Jackson version 2.4.3 is at its end of life. Therefore no maintenance release is provided.
Users of release 1.11 should therefore upgrade to release 1.12.10.