<div style="font-family: arial; font-size: 14px;"><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">Hi All,</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">  I wonder if we should review our GeoMoose Examples with this security issue in mind.  Comments?</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;">Best Regards,</div><div fr-original-style="" style="box-sizing: border-box;">Brent Fraser</div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><hr id="previousmessagehr" fr-original-style="" style="box-sizing: border-box; clear: both; user-select: none;"><div fr-original-style="" style="box-sizing: border-box;"><span fr-original-style="" style="box-sizing: border-box;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: 700;">From</strong>: Steve Lime <sdlime@gmail.com><br fr-original-style="" style="box-sizing: border-box;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: 700;">Sent</strong>: 3/30/21 12:25 PM<br fr-original-style="" style="box-sizing: border-box;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: 700;">To</strong>: MapServer Dev Mailing List <mapserver-dev@lists.osgeo.org>, Mapserver <mapserver-users@lists.osgeo.org><br fr-original-style="" style="box-sizing: border-box;"><strong fr-original-style="" style="box-sizing: border-box; font-weight: 700;">Subject</strong>: [mapserver-users] Security Advisory - Limiting Mapfile Access</span></div><div fr-original-style="" style="box-sizing: border-box;"><br fr-original-style="" style="box-sizing: border-box;"></div><div dir="ltr" fr-original-style="" style="box-sizing: border-box;"><p fr-original-class="MsoNormal" fr-original-style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);">Hi
all: This is an important reminder that, as part of a secure deployment, it is
important to limit MapServer CGI access to mapfiles. The MapServer CGI has long supported
the use of environment variables as a primary mechanism to do this. If you
haven't implemented these controls then that constitutes undue risk that is
easily mitigated and we strongly encourage you to do so as soon as possible. It's also a great time to
review those settings if you already have them in place as we've recently
updated regex examples related to MS_MAP_PATTERN to limit path traversal.</p><p fr-original-class="MsoNormal" fr-original-style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);"> </p><p fr-original-class="MsoNormal" fr-original-style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);">Relevant
documentation can be found at:</p><ul fr-original-style="margin-bottom:0in;" style="margin-bottom: 0in; box-sizing: border-box; list-style: revert; padding: revert; margin-top: revert;" type="disc"><li fr-original-class="gmail-MsoListParagraph" fr-original-style="margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif;" style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; box-sizing: border-box;"><a fr-original-style="color:blue;" href="https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmapserver.org%2Foptimization%2Flimit_mapfile_access.html&data=04%7C01%7Csteve.lime%40state.mn.us%7C83d18f834100493d07d208d8f38cb6e4%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C637527134622587147%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=nm9oinfRBIW6p2O2MWFa%2FEwSggN0OU75ITLisrSNXck%3D&reserved=0" rel="noopener noreferrer" style="color: blue; box-sizing: border-box; text-decoration: underline; user-select: auto;" target="_blank" rel="noopener noreferrer">https://mapserver.org/optimization/limit_mapfile_access.html</a></li><li fr-original-class="gmail-MsoListParagraph" fr-original-style="margin-right:0in;margin-left:0in;font-size:11pt;font-family:Calibri,sans-serif;" style="margin-right: 0in; margin-left: 0in; font-size: 11pt; font-family: Calibri, sans-serif; box-sizing: border-box;"><a fr-original-style="color:blue;" href="https://gcc02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmapserver.org%2Fenvironment_variables.html%23environment-variables&data=04%7C01%7Csteve.lime%40state.mn.us%7C83d18f834100493d07d208d8f38cb6e4%7Ceb14b04624c445198f26b89c2159828c%7C0%7C0%7C637527134622597107%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=SU5H%2F0IKrina79Ts9X47fv8X3AHC0TRAwX2N4p3%2BOvA%3D&reserved=0" rel="noopener noreferrer" style="color: blue; box-sizing: border-box; text-decoration: underline; user-select: auto;" target="_blank" rel="noopener noreferrer">https://mapserver.org/environment_variables.html</a></li></ul><p fr-original-class="MsoNormal" fr-original-style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);"> </p><p fr-original-class="MsoNormal" fr-original-style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);">Please
don't hesitate to reach out with questions.</p><p fr-original-class="MsoNormal" fr-original-style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);"> </p><p fr-original-class="MsoNormal" fr-original-style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);">--Steve</p><p fr-original-class="MsoNormal" fr-original-style="margin:0in;font-size:11pt;font-family:Calibri,sans-serif;" style="margin: 0in; font-size: 11pt; font-family: Calibri, sans-serif; box-sizing: border-box; color: rgb(68, 68, 68);"><br fr-original-style="" style="box-sizing: border-box;"></p></div></div>