<div dir="ltr">The GeoServer team has released a statement: <a href="https://geoserver.org/vulnerability/2023/02/20/ogc-filter-injection.html">OGC Filter Injection Vulnerability Statement</a><div><br></div><div><p style="box-sizing:border-box;margin:0px 0px 10px;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif">A vulnerability has been located in the GeoTools Library that allows SQL Injection using OGC Filter and Function expressions.</p><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif"><li style="box-sizing:border-box"><a href="https://github.com/geoserver/geoserver/security/advisories/GHSA-7g5f-wrx8-5ccf" style="box-sizing:border-box;color:rgb(66,139,202);text-decoration:none">CVE-2023-25157 OGC Filter SQL Injection Vulnerabilities</a><span class="gmail-Apple-converted-space"> </span>(GeoServer)</li><li style="box-sizing:border-box"><a href="https://github.com/geotools/geotools/security/advisories/GHSA-99c3-qc2q-p94m" style="box-sizing:border-box;color:rgb(66,139,202);text-decoration:none">CVE-2023-25158 OGC Filter SQL Injection Vulnerabilities</a><span class="gmail-Apple-converted-space"> </span>(GeoTools)</li></ul></div><div><p style="box-sizing:border-box;margin:0px 0px 10px;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif">Patched releases:</p><ul style="box-sizing:border-box;margin-top:0px;margin-bottom:10px;color:rgb(51,51,51);font-family:"Helvetica Neue",Helvetica,Arial,sans-serif"><li style="box-sizing:border-box"><a href="https://geoserver.org/announcements/2023/02/20/geoserver-2-22-2-released.html" style="box-sizing:border-box;color:rgb(66,139,202);text-decoration:none">GeoServer 2.22.2</a><span class="gmail-Apple-converted-space"> </span>stable release</li><li style="box-sizing:border-box"><a href="https://geoserver.org/announcements/2023/02/20/geoserver-2-21-4-released.html" style="box-sizing:border-box;color:rgb(66,139,202);text-decoration:none">GeoServer 2.21.4</a><span class="gmail-Apple-converted-space"> </span>maintenance</li><li style="box-sizing:border-box"><a href="https://geoserver.org/announcements/2023/02/20/geoserver-2-20-7-released.html" style="box-sizing:border-box;color:rgb(66,139,202);text-decoration:none">GeoServer 2.20.7</a></li><li style="box-sizing:border-box"><a href="https://geoserver.org/announcements/2023/02/20/geoserver-2-19-7-released.html" style="box-sizing:border-box;color:rgb(66,139,202);text-decoration:none">GeoServer 2.19.7</a></li><li style="box-sizing:border-box"><a href="https://geoserver.org/announcements/2023/02/20/geoserver-2-18-7-released.html" style="box-sizing:border-box;color:rgb(66,139,202);text-decoration:none">GeoServer 2.18.7</a></li></ul><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div>--</div><div>GeoServer Project Steering Committee</div></div></div></div></div></div></div></div>