Details
-
Deprecation
-
Status: Deprecated (View Workflow)
-
Minor
-
Resolution: Deprecated
-
None
-
None
-
CVE-2021-33814
Description
Deprecation
- The JOE Job Editor is sope of delivery of JobScheduler
- JOE Job Editor make use of JDOM 1.1 and is hit by the CVE-2021-33814 vulnerability (see
JOC-1145). - This requires to switch to a different xml parser implementation.
- The risks of such changes are too high - considering the fact that since release 1.13.3 the JOC Cockpit Web User Interface provides a browser based replacement for the standalone Job Editor.
- We typically tend to announce deprecations between minor releases, however, we will not ship software with known vulnerabilities, therefore the Job Editor is immediately removed with the next maintenance release.
- The Inventory configuration functionality will be replaced by the built in Inventory Editor in JOC Cockpit
Maintainer Notes
- The component JOE Job Editor is deprecated with release 1.13.3 and will be removed with release 1.13.10
- The editors for Job Documentation and eventhandlers for the custom events are not part of the JOC Cockpit Inventory Editor.
- It is possible do download JOE 1.13.9 and use this with 1.13.10
